Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp1352513pxb; Fri, 20 Nov 2020 07:31:54 -0800 (PST) X-Google-Smtp-Source: ABdhPJy37nSGk9l4mP5la1n+aUySTGy/3k4TZvF08tM1VghhbhVZ4LDAv0TZRYHqZ+1GHUloBUsY X-Received: by 2002:a17:906:e53:: with SMTP id q19mr34382057eji.254.1605886314569; Fri, 20 Nov 2020 07:31:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1605886314; cv=none; d=google.com; s=arc-20160816; b=zK1eVXT7IlfIgTLzHLbMlJfiIPZ+32P6hjrAhZsmTQ1rdDHwZiAdXUOavzCXaigjIj 6ilAg3YPCZjxMrqBYRGvQ7H2Nbdq+h1lbYeOEEnkkiUXH8rfKob4KNtni+i9UrgxFsA5 xnbpNusLu+vExYKkNgK7tETzHs66aMpphq0buL6dAWKXdfZU0BEuG5TqGeb7sofpGHYh 8PTVBIYu485+yzgWjq5bhBp1UUGpcHkgliysvng7bV6Y9BHEymTfqRH7OTU5YfAoZItN /Y/My0LwGRw145C4N4vSaxaURcByh7OFHeKMR+lmGrsKL/49CNNd96+T72MtLDnR2ksu EDfg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:message-id:user-agent:references:in-reply-to :subject:cc:to:from:date:content-transfer-encoding:mime-version :dkim-signature; bh=7QSl7G1peWtM493BmfDAU/3p5wDmcRx/bndmFMMaVz8=; b=At1a5nCZPxCm1g7+neJg3Hl2wiWU3mDiqQRHHe1zXOveIdKPl3cXnsc9OWGA1Wc2V4 1MRS9fIAeu9+VfPVAGMM4ddOiTXrpY3x6LALDP/W/4qEdkJk+tULJ/4FPbPTlU3MCDow NA4VY3soFYIHAn/ksQL5ia9m/747G/Z5fNzPo4VgHCOwEUNuYV9Nw7UT2PNp+h9/NH2o +vasMi2SSC6qZdAs+PFv53a22qzlZ4ISSI1iDmF864Z4OSm77H/OBjxHeUHn/wRSPACH gpT6veBtKDh1J0mi39S9Mzo9AAxBEk6wPgOCU89GDHi4BMoERkTScD4JHaxHbLaaOtCS 8gtA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=QNHSEdTF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id bi2si1943117edb.237.2020.11.20.07.31.25; Fri, 20 Nov 2020 07:31:54 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=QNHSEdTF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728125AbgKTP1R (ORCPT + 99 others); Fri, 20 Nov 2020 10:27:17 -0500 Received: from mail.kernel.org ([198.145.29.99]:33746 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727404AbgKTP1R (ORCPT ); Fri, 20 Nov 2020 10:27:17 -0500 Received: from disco-boy.misterjones.org (disco-boy.misterjones.org [51.254.78.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 769352240B; Fri, 20 Nov 2020 15:27:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1605886036; bh=zkypNPVntse5hesjdrXLwa0zi5Eu4BcMXLccRupOcic=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=QNHSEdTFBO8wQy1q4Af7SAAp0dtJLCmAoxTm5/L3gu4AwADVtUU8SmsdYcWxZ1C9v +Jq1xaflQIfNJAe2AuSUpk0FWcMwJEpddzWJsqXl9QXZVDoh9qmCLp3axXc2bgH2wt woubZobgT06zqSDAgHTQLIk4yFRYz44KkVSJVHrY= Received: from disco-boy.misterjones.org ([51.254.78.96] helo=www.loen.fr) by disco-boy.misterjones.org with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94) (envelope-from ) id 1kg8Je-00CI9B-2v; Fri, 20 Nov 2020 15:27:14 +0000 MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Fri, 20 Nov 2020 15:27:14 +0000 From: Marc Zyngier To: Ard Biesheuvel Cc: tytso@mit.edu, linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, mark.rutland@arm.com, broonie@kernel.org, andre.przywara@arm.com Subject: Re: [PATCH] random: avoid arch_get_random_seed_long() when collecting IRQ randomness In-Reply-To: <20201105152944.16953-1-ardb@kernel.org> References: <20201105152944.16953-1-ardb@kernel.org> User-Agent: Roundcube Webmail/1.4.9 Message-ID: X-Sender: maz@kernel.org X-SA-Exim-Connect-IP: 51.254.78.96 X-SA-Exim-Rcpt-To: ardb@kernel.org, tytso@mit.edu, linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, mark.rutland@arm.com, broonie@kernel.org, andre.przywara@arm.com X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2020-11-05 15:29, Ard Biesheuvel wrote: > When reseeding the CRNG periodically, arch_get_random_seed_long() is > called to obtain entropy from an architecture specific source if one > is implemented. In most cases, these are special instructions, but in > some cases, such as on ARM, we may want to back this using firmware > calls, which are considerably more expensive. > > Another call to arch_get_random_seed_long() exists in the CRNG driver, > in add_interrupt_randomness(), which collects entropy by capturing > inter-interrupt timing and relying on interrupt jitter to provide > random bits. This is done by keeping a per-CPU state, and mixing in > the IRQ number, the cycle counter and the return address every time an > interrupt is taken, and mixing this per-CPU state into the entropy pool > every 64 invocations, or at least once per second. The entropy that is > gathered this way is credited as 1 bit of entropy. Every time this > happens, arch_get_random_seed_long() is invoked, and the result is > mixed in as well, and also credited with 1 bit of entropy. > > This means that arch_get_random_seed_long() is called at least once > per second on every CPU, which seems excessive, and doesn't really > scale, especially in a virtualization scenario where CPUs may be > oversubscribed: in cases where arch_get_random_seed_long() is backed > by an instruction that actually goes back to a shared hardware entropy > source (such as RNDRRS on ARM), we will end up hitting it hundreds of > times per second. > > So let's drop the call to arch_get_random_seed_long() from > add_interrupt_randomness(), and instead, rely on crng_reseed() to call > the arch hook to get random seed material from the platform. > > Signed-off-by: Ard Biesheuvel Looks sensible. Having this on the interrupt path looks quite heavy handed, and my understanding of the above is that it has an adverse effect on the entropy pool. Acked-by: Marc Zyngier M. -- Jazz is not dead. It just smells funny...