Re: [PATCH] random: always use batched entropy for get_random_u{32,64}

From: Theodore Y. Ts'o
Date: Fri Feb 21 2020 - 19:41:42 EST


On Fri, Feb 21, 2020 at 09:08:19PM +0100, Jason A. Donenfeld wrote:
> On Thu, Feb 20, 2020 at 11:29 PM Tony Luck <tony.luck@xxxxxxxxx> wrote:
> >
> > Also ... what's the deal with a spin_lock on a per-cpu structure?
> >
> > batch = raw_cpu_ptr(&batched_entropy_u64);
> > spin_lock_irqsave(&batch->batch_lock, flags);
> > if (batch->position % ARRAY_SIZE(batch->entropy_u64) == 0) {
> > extract_crng((u8 *)batch->entropy_u64);
> > batch->position = 0;
> > }
> > ret = batch->entropy_u64[batch->position++];
> > spin_unlock_irqrestore(&batch->batch_lock, flags);
> >
> > Could we just disable interrupts and pre-emption around the entropy extraction?
>
> Probably, yes... We can address this in a separate patch.

No, we can't; take a look at invalidate_batched_entropy(), where we
need invalidate all of per-cpu batched entropy from a single CPU after
we have initialized the the CRNG.

Since most of the time after CRNG initialization, the spinlock for
each CPU will be on that CPU's cacheline, the time to take and release
the spinlock is not going to be material.

- Ted