Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp1508380pxk;
        Mon, 31 Aug 2020 23:45:22 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJw4iMjdIZrfa6BbtFilmgiuaY1tQOwYhXTA/lBA0cKCTX0mVgDBmTGpgMuTU0OHTkDxHWj+
X-Received: by 2002:aa7:d35a:: with SMTP id m26mr438643edr.183.1598942722035;
        Mon, 31 Aug 2020 23:45:22 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1598942722; cv=none;
        d=google.com; s=arc-20160816;
        b=tfCrZsc18667GdPvqadpMzJQ2j+9fTJhwQuerp9nxpN3VXdueDdwU1XrLDiuryjdYu
         e23R15zmJH2lIgDGqrLnHnPRpRGLyxYUCcleYZYg7rjHgge4eCdn4s4XZ2TNJRDzFg7c
         1TXr7CYFYAuI3ZDrba7PtydFNcIlWsBEZpA9vKPImDKgCxXkm6ieEh/M2ZcfdeLcS/7j
         28OTR1d4XUcSqbu/c5Iwdcbr7d2EP6kklZRct6X/6RLMtlmGvX5ThqArdI55C5C9iy29
         gpaihREkg4WPxMvEmcCD5TcK16Ay6V4BsqYRHMJR9imSAu40z12azAcj5OYghE6pAhaZ
         llEw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:date:subject:cc:to:from;
        bh=A4YPDF2Yg1oFHh43d47NvyBjWj0Zfqu/05sObrwu43o=;
        b=avQ01EK66QoKOglhGSbDNOhrXNCDQD0Fscxoup4bJS7oBTBDQddHqYavifcGFPvoUg
         c77GYcEM0PNDAyACPQx60FmiAnIBMwiShwxei3hSDQhydUPYS3hvxY6HQKPENUQaxoW+
         nLKrKvM9CPmFLIdZX0YWhY0s5/O0H5mA2K0RgN8LnAbf0LsBvKs9eugvfrbCWbd3g4XK
         pI0gCnLyVdj9y+iWyz5Mj+rkA0tJcWBSuC2+FVIbBufQM7Z+KF9gvjVeVu32IOKnPfyd
         O885Fl27Uj4ofmBdejycnVQrVpc8CFgb6LpdqC9fov9oSOrv84qZ8b2l0++H4TnR/x/Y
         lOlg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id co25si98888edb.151.2020.08.31.23.44.58;
        Mon, 31 Aug 2020 23:45:22 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726455AbgIAGoS (ORCPT <rfc822;kerneldev.sdk@gmail.com>
        + 99 others); Tue, 1 Sep 2020 02:44:18 -0400
Received: from wtarreau.pck.nerim.net ([62.212.114.60]:41148 "EHLO 1wt.eu"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726044AbgIAGoR (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 1 Sep 2020 02:44:17 -0400
Received: (from willy@localhost)
        by pcw.home.local (8.15.2/8.15.2/Submit) id 0816h5ik000896;
        Tue, 1 Sep 2020 08:43:05 +0200
From:   Willy Tarreau <w@1wt.eu>
To:     linux-kernel@vger.kernel.org, netdev@vger.kernel.org
Cc:     Sedat Dilek <sedat.dilek@gmail.com>, George Spelvin <lkml@sdf.org>,
        Amit Klein <aksecurity@gmail.com>,
        Eric Dumazet <edumazet@google.com>,
        "Jason A. Donenfeld" <Jason@zx2c4.com>,
        Andy Lutomirski <luto@kernel.org>,
        Kees Cook <keescook@chromium.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Peter Zijlstra <peterz@infradead.org>,
        Linus Torvalds <torvalds@linux-foundation.org>, tytso@mit.edu,
        Florian Westphal <fw@strlen.de>,
        Marc Plumb <lkml.mplumb@gmail.com>
Subject: [PATCH 0/2] prandom_u32: make output less predictable
Date:   Tue,  1 Sep 2020 08:43:00 +0200
Message-Id: <20200901064302.849-1-w@1wt.eu>
X-Mailer: git-send-email 2.9.0
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

This is the cleanup of the latest series of prandom_u32 experimentations
consisting in using SipHash instead of Tausworthe to produce the randoms
used by the network stack. The changes to the files were kept minimal,
and the controversial commit that used to take noise from the fast_pool
(f227e3ec3b5c) was reverted. Instead, a dedicated "net_rand_noise" per_cpu
variable is fed from various sources of activities (networking, scheduling)
to perturb the SipHash state using fast, non-trivially predictable data,
instead of keeping it fully deterministic. The goal is essentially to make
any occasional memory leakage or brute-force attempt useless.

The resulting code was verified to be very slightly faster on x86_64 than
what is was with the controversial commit above, though this remains barely
above measurement noise. It was only build-tested on arm & arm64.

George Spelvin (1):
  random32: make prandom_u32() output unpredictable

Willy Tarreau (1):
  random32: add noise from network and scheduling activity

 drivers/char/random.c   |   1 -
 include/linux/prandom.h |  55 ++++-
 kernel/time/timer.c     |   9 +-
 lib/random32.c          | 438 ++++++++++++++++++++++++----------------
 net/core/dev.c          |   4 +
 5 files changed, 326 insertions(+), 181 deletions(-)

Cc: George Spelvin <lkml@sdf.org>
Cc: Amit Klein <aksecurity@gmail.com>
Cc: Eric Dumazet <edumazet@google.com>
Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Kees Cook <keescook@chromium.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: tytso@mit.edu
Cc: Florian Westphal <fw@strlen.de>
Cc: Marc Plumb <lkml.mplumb@gmail.com>
Cc: Sedat Dilek <sedat.dilek@gmail.com>

-- 
2.28.0