Received: by 2002:a25:d7c1:0:0:0:0:0 with SMTP id o184csp1851500ybg;
        Sat, 19 Oct 2019 03:51:55 -0700 (PDT)
X-Google-Smtp-Source: APXvYqzamICCgNGE7XuKbP6/uo4a8KzxOVB1O15i3mWFfYVHUiShzXkIwmBi+iXhczc5XF3ea+oS
X-Received: by 2002:a05:6402:3054:: with SMTP id bu20mr13884623edb.97.1571482315827;
        Sat, 19 Oct 2019 03:51:55 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1571482315; cv=none;
        d=google.com; s=arc-20160816;
        b=bdQVZH5DGueyd7nLl9MM0Ub569YpJ1NgHh4n2YDZvXtD0OeBuNZvBui8pueUBJr+NI
         VbagFrppYhY5Br73w6q8N1yXevsRqXtA5Gvj747m9CcJni4poaZsnUOI0NXXDESZL8ue
         TKx3egqL89oVTpTqlZuV++M56I2CwgUzIRVmC14dnu+ENUC709Z3geWOCYca52ctSvQq
         E21PNLWVHLWbquHPF257j271HFKussJLqtxWqpasLJxIxHmisQcAq/wFAKHhBkuZbbyq
         x+By6baoe2SwAgJdxqZ8MpwBaft3k1DEcf46Jj1blXNs+gJTV+4lydU0udHmm4dKwLbv
         8fCg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :message-id:in-reply-to:subject:cc:to:from:date;
        bh=ZlsnQuX27ynqcJOC7lKOeVtRWODTNHN5vL7iJQB4+JA=;
        b=dn+mv8P+ttKMWTQC/QZ/nClbWQb2QnH6F8icpt/czL4l90Ow3uz9REygk5hLug/RhE
         VXomyE/ZZjPU8hhyczWRqu+NoRfAVOshm8KRqWjGq7NTGvOvQwlk05V4cLlr6v6pvf76
         /Fv0GldRs0NFz2KWn/vey5s6WGUdpZJBU+nl9wkJtD3FPQLsm8adCP9u6TLvl51WvP6t
         +SmKQGuoleQQJ6lQ+pKqiDaDa3hzcTLXYIYwTtBIWqvF981hwX8h7FKmlutJx7aBNJcd
         kme4DWM62oIidOKFK84gz1I0q7U+EFchonlJoGnulhxR/NOtZDW6a0FrouW4vsLhW7+9
         QQ3w==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id si6si4882984ejb.195.2019.10.19.03.51.20;
        Sat, 19 Oct 2019 03:51:55 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1725813AbfJSKt4 (ORCPT <rfc822;ayiehere@gmail.com> + 99 others);
        Sat, 19 Oct 2019 06:49:56 -0400
Received: from Galois.linutronix.de ([193.142.43.55]:59134 "EHLO
        Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725535AbfJSKt4 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 19 Oct 2019 06:49:56 -0400
Received: from [5.158.153.52] (helo=nanos.tec.linutronix.de)
        by Galois.linutronix.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256)
        (Exim 4.80)
        (envelope-from <tglx@linutronix.de>)
        id 1iLmIz-0004gs-5f; Sat, 19 Oct 2019 12:49:53 +0200
Date:   Sat, 19 Oct 2019 12:49:52 +0200 (CEST)
From:   Thomas Gleixner <tglx@linutronix.de>
To:     Linus Torvalds <torvalds@linux-foundation.org>
cc:     =?UTF-8?Q?J=C3=B6rn_Engel?= <joern@purestorage.com>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Ingo Molnar <mingo@kernel.org>
Subject: Re: [PATCH] random: make try_to_generate_entropy() more robust
In-Reply-To: <CAHk-=wi80VJ+4cUny2kwm0RxrmVdh24VPz5ZHjY4qCWR5iQBDQ@mail.gmail.com>
Message-ID: <alpine.DEB.2.21.1910191214490.2098@nanos.tec.linutronix.de>
References: <20191018203704.GC31027@cork> <20191018204220.GD31027@cork> <CAHk-=wi80VJ+4cUny2kwm0RxrmVdh24VPz5ZHjY4qCWR5iQBDQ@mail.gmail.com>
User-Agent: Alpine 2.21 (DEB 202 2017-01-01)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="8323329-1132302849-1571482193=:2098"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--8323329-1132302849-1571482193=:2098
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8BIT

On Fri, 18 Oct 2019, Linus Torvalds wrote:
> On Fri, Oct 18, 2019 at 4:42 PM Jörn Engel <joern@purestorage.com> wrote:
> >
> > We can generate entropy on almost any CPU, even if it doesn't provide a
> > high-resolution timer for random_get_entropy().  As long as the CPU is
> > not idle, it changed the register file every few cycles.  As long as the
> > ALU isn't fully synchronized with the timer, the drift between the
> > register file and the timer is enough to generate entropy from.
> 
> >  static void entropy_timer(struct timer_list *t)
> >  {
> > +     struct pt_regs *regs = get_irq_regs();
> > +
> > +     /*
> > +      * Even if we don't have a high-resolution timer in our system,
> > +      * the register file itself is a high-resolution timer.  It
> > +      * isn't monotonic or particularly useful to read the current
> > +      * time.  But it changes with every retired instruction, which
> > +      * is enough to generate entropy from.
> > +      */
> > +     mix_pool_bytes(&input_pool, regs, sizeof(*regs));
> 
> Ok, so I still like this conceptually, but I'm not entirely sure that
> get_irq_regs() works reliably in a timer. It's done from softirq
> TIMER_SOFTIRQ context, so not necessarily _in_ an interrupt.
> 
> Now, admittedly this code doesn't really need "reliably". The odd
> occasional hickup would arguably just add more noise. And I think the
> code works fine. get_irq_regs() will return a pointer to the last
> interrupt or exception frame on the current CPU, and I guess it's all
> fine. But let's bring in Thomas, who was not only active in the
> randomness discussion, but might also have stronger opinions on this
> get_irq_regs() usage.
> 
> Thomas, opinions? Using the register state (while we're doing the
> whole entropy load with scheduling etc) looks like a good source of
> high-entropy data outside of just the TSC, so it does seem like a very
> valid model. But I want to run it past more people first, and Thomas
> is the obvious victim^Wchoice.

The idea is good, but as Ingo pointed out this needs very careful checking
of 'regs'. get_irq_regs() is really only valid from interrupt context up to
the point where the old irq regs (default NULL) are restored, i.e. after
irq_exit() from where softirqs are invoked.

One slightly related thing I was looking into is that the mixing of
interrupt entropy is always done from hard interrupt context. That has a
few issues:

    1) It's pretty visible in profiles for high frequency interrupt
       scenarios.

    2) The regs content can be pretty boring non-deterministic when the
       interrupt hits idle.

       Not an issue in the try_to_generate_entropy() case probably, but
       that still needs some careful investigation.

For #1 I was looking into a trivial storage model with a per cpu ring
buffer, where each entry contains the entropy data of one interrupt and let
some thread or whatever handle the mixing later.

That would allow to filter out 'constant' data (#) but it would also give
Joerns approach a way to get to some 'random' register content independent
of the context in which the timer softirq is running in.

Thanks,

	tglx
--8323329-1132302849-1571482193=:2098--