Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp2006939ybb; Sun, 29 Mar 2020 19:47:29 -0700 (PDT) X-Google-Smtp-Source: ADFU+vsZrfBT5cqfHlIe/iDY+/fLRIxaV82zbOb6tJDPTGrKLxjIq5u1Hzw/XgsJiEJ/aTZlRfna X-Received: by 2002:a4a:8041:: with SMTP id y1mr7906919oof.65.1585536449639; Sun, 29 Mar 2020 19:47:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1585536449; cv=none; d=google.com; s=arc-20160816; b=l9zXU0Edg+GJ+PIf8rrnCp9y0G1A7k4QYN4BC/FjdRxZmukyHQOpFHYsU6PF5cpU0Y Dh4nRodUf7RaMXpjDYxYrWMRurq7A0voOnsJaptxVGsdyp84XuOK1nnMJCSYxjl0ZiV6 2S73ln9KG6ZoEQpOH5J/ct6Q8jBv8vGXKAFZZXupT6dN/P/ggOqAdduwis8u1abXe8j6 5i45lQbukp9jGa2M+haTCVFYueKS0xg2HsQdrUeXbVhAZBsC6xXlVQ0VNzSNIpGxMmzt B6BGFLKQjoABiqq6j7PfB70o/6+Phfie323ZRPohygvnHzr7zW9u8HNuTD4IaqkAOKVL YqVg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=SpCQHTB0Zw4o5M4+i1ty9Rxx97gKf8j0VBB6Oxn+B48=; b=CvSNhZrIB/60WKDrs2mxmrh+YriAe6bUsGNK7tMFJQ3ncH6fxsZM5VxwbdVuSgeGsw 31Nsemh0DtbzOrN3Q2B2LK7i56R88W5jLglkCu4GJMXO2mAJAk0pRJPofWbK7oN7RxUZ tG2X+yUrMFDceLyqk3medmhCWpXOMuCQjSr3irLgUnk9vzKKjEChKndzpRpYJU1VwJop 6WAekgGT0aV+fY7uG34u4QU+NQhGzfHrYFCSCcu+w8RnLHkrZVvcMl/bXCjNY5Tr4TAo S7s6rMhdXpSCiLI1Cg/x+BWAspzOkw/LK6C36BUgxvqdcfTmZMKBDk2dvdvxpVDeiseu 64ew== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a18si4739944otq.286.2020.03.29.19.47.15; Sun, 29 Mar 2020 19:47:29 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729197AbgC3CpR (ORCPT + 99 others); Sun, 29 Mar 2020 22:45:17 -0400 Received: from mx.sdf.org ([205.166.94.20]:65080 "EHLO mx.sdf.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728516AbgC3CpR (ORCPT ); Sun, 29 Mar 2020 22:45:17 -0400 Received: from sdf.org (IDENT:lkml@sdf.lonestar.org [205.166.94.16]) by mx.sdf.org (8.15.2/8.14.5) with ESMTPS id 02U2jC2R004428 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits) verified NO); Mon, 30 Mar 2020 02:45:12 GMT Received: (from lkml@localhost) by sdf.org (8.15.2/8.12.8/Submit) id 02U2jCVs023274; Mon, 30 Mar 2020 02:45:12 GMT Date: Mon, 30 Mar 2020 02:45:11 +0000 From: George Spelvin To: "Theodore Y. Ts'o" Cc: linux-kernel@vger.kernel.org, lkml@sdf.org Subject: Another batched entropy idea Message-ID: <20200330024511.GB4206@SDF.ORG> References: <202003281643.02SGhPmY017434@sdf.org> <20200328182817.GE5859@SDF.ORG> <98bd30f23b374ccbb61dd46125dc9669@AcuMS.aculab.com> <20200329174122.GD4675@SDF.ORG> <20200329214214.GB768293@mit.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200329214214.GB768293@mit.edu> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Posting all those patches has depressurized my brain and let me think of additional ways to speed up batched random number generation, taking advantage of the fact that we don't have to anti-backtrack the key. Rather than using the primary_crng and its lock, use a global 256-bit key, and give each CPU a disjoint 64-bit sequence number space. (for (seq = raw_smp_processor_id(); ; seq += NR_CPUS).) Then, when a CPU needs to refill its batched pool, copy over the constant, the global key, the per-cpu sequence number, do something TBD with the nonce, and run ChaCha on the result. And voila, no global locking ever, unless a reseed interval has elapsed. (We could also consider using 12 <= r < 20 ChaCha rounds for the batch. After all, the best attack is <8 rounds and eSTREAM recommends 12. 16 might be reasonable.)