Received: by 2002:a05:6a10:1a4d:0:0:0:0 with SMTP id nk13csp622516pxb; Tue, 1 Feb 2022 07:10:46 -0800 (PST) X-Google-Smtp-Source: ABdhPJyKZYDxHMTFvfGjkmsFFbIdSMlpyOzc3SS1ck8AxHZrsMRka/CHABCfZicqkEoddjUboyMH X-Received: by 2002:a05:6402:254d:: with SMTP id l13mr13374926edb.77.1643728245844; Tue, 01 Feb 2022 07:10:45 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643728245; cv=none; d=google.com; s=arc-20160816; b=WaYVwUvvKw4Mtv6FIUzJGb6nIyxj/seax0upi0hSlcc6m1WU4GtkIceYOIACL7A9/W SaS9L/zXf3/3gSN31qCiD2qBhoUOlXlISy2mnB1RgWfgZR/k92OoVtvx+kN7s/oCpFN1 egjE9Urelb07We6qW6K2dCE42a9XYd8XzBCrdtvhLAJEyWQDYs8w5toqkHMKB9tX91LL gyusOYRXqUDyr6AMQlOWwaEuKC1nrstaeuZnVOLcV3ntRYMzVr381Hu3BHXbjpEnyVJI bU5jYwVPZgaxXM8tJKjJhWMuqwAghcDe55q3m1BFAy/aI3WPqYK4BHmVTMgNByLzyAFU BTEg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=D5yL11feerAP9TQw+vK5v7aV6sNjJWs3lf2SsPfuRJk=; b=J+hReC9cBGv3XwDoT9NhinQ4902UQR3R5Dip5SUTq7oQMfuqZAd+Vk6upnqPb6aReQ ADRQfKcT0rawgoRQ/PdOIDytMYXWaRl/9fWMezfRTxYRdMSUC13eeWZm19PvF85wE1Ig rz7TKdyvD0vCvtHm/D06RljePITPjHv+D8EEishD794TPnL4f3emSymMTAcHuY5jX/JK 0wW6TvPbqsxYqxcDeJXfd4sVWzDUdUA88T+XnjIDmMzfnGuqRg1tK6f6TYXxL3jibLKg VhalQOKHsWvu8b80AIZxCxW9CyxtCiigWkvNQ2bGETKV8qtwIdooI7sfJjXR5jmNDx28 UW2A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=Vk5Ffwm5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zx2c4.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id gn30si9858067ejc.539.2022.02.01.07.10.18; Tue, 01 Feb 2022 07:10:45 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=Vk5Ffwm5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zx2c4.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1356576AbiA3Wz1 (ORCPT + 99 others); Sun, 30 Jan 2022 17:55:27 -0500 Received: from ams.source.kernel.org ([145.40.68.75]:39072 "EHLO ams.source.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233819AbiA3Wz0 (ORCPT ); Sun, 30 Jan 2022 17:55:26 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 96A70B829CC for ; Sun, 30 Jan 2022 22:55:24 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3242CC340EE for ; Sun, 30 Jan 2022 22:55:23 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="Vk5Ffwm5" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1643583321; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=D5yL11feerAP9TQw+vK5v7aV6sNjJWs3lf2SsPfuRJk=; b=Vk5Ffwm5g7FtiOc9NI7YEYpOm9VcsTNTHn+gCc6bsGwHD6ntmjlVPp5bXFtBg3c9wXs0ck pMCWDgmPbcCKADKGomy9S0z2S1kbuPnxdHZtWs0tty2g8ihaUKmPZMtDU8fJfD6uzyiwrX mA0tBJyL61NU6B9AjnaK2c4OrSRhlU4= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 9f8c4950 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO) for ; Sun, 30 Jan 2022 22:55:21 +0000 (UTC) Received: by mail-yb1-f173.google.com with SMTP id c6so35197500ybk.3 for ; Sun, 30 Jan 2022 14:55:20 -0800 (PST) X-Gm-Message-State: AOAM531R12jF4K9/iK6oInpbxxm5I1WDQ0NRfIo39koMhATnVQq+/Eev 3+tBtBQBSwoLdzh0tMcE10pp8g+p4R4mxZl/iz8= X-Received: by 2002:a25:ae0d:: with SMTP id a13mr26763754ybj.115.1643583319861; Sun, 30 Jan 2022 14:55:19 -0800 (PST) MIME-Version: 1.0 References: <20211207121737.2347312-1-bigeasy@linutronix.de> <20211207121737.2347312-6-bigeasy@linutronix.de> <20211207201037.h46573oa5nfj33xq@linutronix.de> In-Reply-To: From: "Jason A. Donenfeld" Date: Sun, 30 Jan 2022 23:55:09 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 5/5] random: Defer processing of randomness on PREEMPT_RT. To: Sebastian Andrzej Siewior Cc: LKML , "Theodore Ts'o" , Thomas Gleixner , Peter Zijlstra , Herbert Xu Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hey Sebastian, I spent the weekend thinking about this some more. I'm actually warming up a bit to the general approach of the original solution here, though still have questions. To summarize my understanding of where we are: Alternative solution we've been discussing: - Replace spinlock_t with raw spinlocks. - Ratelimit userspace-triggered latency inducing ioctls with ratelimit() and an additional mutex of sorts. - Result: pretty much the same structure we have now, but with some added protection for PREEMPT_RT. Your original solution: - Absorb into the fast pool during the actual IRQ, but never dump it into the main pool (nor fast load into the crng directly if crng_init==0) from the hard irq. - Instead, have irq_thread() check to see if the calling CPU's fast pool is >= 64, and if so, dump it into the main pool (or fast load into the crng directly if crng_init==0). I have two questions about the implications of your original solution: 1) How often does irq_thread() run? With what we have now, we dump the fast pool into the main pool at exactly 64 events. With what you're proposing, we're now in >= 64 territory. How do we conceptualize how far beyond 64 it's likely to grow before irq_thread() does something? Is it easy to make guarantees like, "at most, probably around 17"? Or is it potentially unbounded? Growing beyond isn't actually necessarily a bad thing, but it could potentially *slow* the collection of entropy. That probably matters more in the crng_init==0 mode, where we're just desperate to get whatever we can as fast as we can. But depending on how large that is, it could matter for the main case too. Having some handle on the latency added here would be helpful for thinking about this. 2) If we went with this solution, I think I'd prefer to actually do it unconditionally, for PREEMPT_RT=y and PREEMPT_RT=n. It's easier to track how this thing works if the state machine always works in one way instead of two. It also makes thinking about performance margins for the various components easier if there's only one way used. Do you see any downsides in doing this unconditionally? Regards, Jason