2022-05-03 13:05:44

by Jason A. Donenfeld

Subject: [PATCH] random: do not use batches when !crng_ready()

It's too hard to keep the batches synchronized, and pointless anyway,
since in !crng_ready(), we're updating the base_crng key really often,
where batching only hurts. So instead, if the crng isn't ready, just
call into get_random_bytes(). At this stage nothing is performance
critical anyhow.

Cc: Theodore Ts'o <[email protected]>
Cc: Dominik Brodowski <[email protected]>
Signed-off-by: Jason A. Donenfeld <[email protected]>
---
drivers/char/random.c | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/drivers/char/random.c b/drivers/char/random.c
index 346c9b16a7f1..53b8237687ed 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -610,6 +610,11 @@ u64 get_random_u64(void)

warn_unseeded_randomness(&previous);

+ if (!crng_ready()) {
+ _get_random_bytes(&ret, sizeof(ret));
+ return ret;
+ }
+
local_lock_irqsave(&batched_entropy_u64.lock, flags);
batch = raw_cpu_ptr(&batched_entropy_u64);

@@ -644,6 +649,11 @@ u32 get_random_u32(void)

warn_unseeded_randomness(&previous);

+ if (!crng_ready()) {
+ _get_random_bytes(&ret, sizeof(ret));
+ return ret;
+ }
+
local_lock_irqsave(&batched_entropy_u32.lock, flags);
batch = raw_cpu_ptr(&batched_entropy_u32);

@@ -820,10 +830,8 @@ static void credit_entropy_bits(size_t nbits)

if (unlikely(crng_init == 0 && entropy_count >= POOL_FAST_INIT_BITS)) {
spin_lock_irqsave(&base_crng.lock, flags);
- if (crng_init == 0) {
- ++base_crng.generation;
+ if (crng_init == 0)
crng_init = 1;
- }
spin_unlock_irqrestore(&base_crng.lock, flags);
}

@@ -1029,7 +1037,6 @@ int __init rand_initialize(void)
_mix_pool_bytes(utsname(), sizeof(*(utsname())));

extract_entropy(base_crng.key, sizeof(base_crng.key));
- ++base_crng.generation;

if (arch_init && trust_cpu && !crng_ready()) {
crng_init = 2;
--
2.35.1

2022-05-14 02:28:44

by Dominik Brodowski

Subject: Re: [PATCH] random: do not use batches when !crng_ready()

Am Tue, May 03, 2022 at 02:18:36PM +0200 schrieb Jason A. Donenfeld:
> It's too hard to keep the batches synchronized, and pointless anyway,
> since in !crng_ready(), we're updating the base_crng key really often,
> where batching only hurts. So instead, if the crng isn't ready, just
> call into get_random_bytes(). At this stage nothing is performance
> critical anyhow.
>
> Cc: Theodore Ts'o <[email protected]>
> Cc: Dominik Brodowski <[email protected]>
> Signed-off-by: Jason A. Donenfeld <[email protected]>

Reviewed-by: Dominik Brodowski <[email protected]>

Thanks,
Dominik