Received: by 2002:a05:6a10:6d10:0:0:0:0 with SMTP id gq16csp2244685pxb; Sun, 17 Apr 2022 15:39:34 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyJq9654AksZKP8PH0URa8VjzOAdVY3Xndl7TlqvA6U6lJ4gkkrsypXslJv+cWJLKDBo+0C X-Received: by 2002:a17:907:1693:b0:6e8:c7e5:c297 with SMTP id hc19-20020a170907169300b006e8c7e5c297mr7186949ejc.138.1650235174090; Sun, 17 Apr 2022 15:39:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1650235174; cv=none; d=google.com; s=arc-20160816; b=bYZ48t1S4SEkDBBCg4vU+xqNA03D6mYt0aLPxLVVJ2QU9hPNiwckP4mp6p9hGer6tB 4NFZTq4IfJEaEKyVw5KwWwA4nPfwsEU2jiLSbsbO0MA6kdn28/ivGGC85MG6kfExnbDO DUkM4qY7kv5jrDRtSwrQmyACsx1Ijb4BA31oS2JeIAYFrZ3SdNXHR8VT1g8K9UvYUPh3 dyfcM16vzI8EcQESGFDsc+lugHagNJs1v21VC8zPTBBGTEZn1XLseSpegy5hMBM/MXOd 4NubpIryEIBNcrAbeQehr+CYIgJGRU93p8GVA7q6kRAtsJjGOf1pV8Rwsf/PL6oUUlfc pMpA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=+2nP+VdPEpPNPoKQqSrgbL4ZK7I/c4P/cLhbUMeqeEs=; b=D/Pru2rkjM2ZNypPnoqncDtVRKSYRQmeK6UrV/n4SfGhLBgmb0qJBpgFhy0mIXK9nQ +R5kIc1f1U09CKkSw8agJBUi6cc43CGMpqIk7hcp7O75iDJcrbKK1vIRQxgUtX36F2kQ m7lCzF4HvQn5H+kO1lmdrqPcjX8MnAEJht6t9Br+RUO21Ve4YGt8cssdYNtNvexn7dGz AIVmTCQ/9fAMWG4QqMG04ZydQh/t/7Stwu+tQZa32RPN6IrHaabtxZwjO52TK8YkiSrX wEZYldZdTMfCs2Unqeb12CUezSBYW35ey8Sr8Lp1mf0hCUFqsE5zqZ3Dcjidb6stAweB seYQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=Ke3CzabD; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zx2c4.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u7-20020a1709063b8700b006e093565393si4977443ejf.496.2022.04.17.15.38.52; Sun, 17 Apr 2022 15:39:34 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=Ke3CzabD; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zx2c4.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230377AbiDPW5l (ORCPT + 99 others); Sat, 16 Apr 2022 18:57:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42812 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233086AbiDPW5i (ORCPT ); Sat, 16 Apr 2022 18:57:38 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 36056140F1; Sat, 16 Apr 2022 15:55:04 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id DFF65B809E3; Sat, 16 Apr 2022 22:55:02 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id ED602C385A1; Sat, 16 Apr 2022 22:54:57 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="Ke3CzabD" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1650149696; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=+2nP+VdPEpPNPoKQqSrgbL4ZK7I/c4P/cLhbUMeqeEs=; b=Ke3CzabDCTCN7z1X+blAnwmP5mSkY04Aqwf/G5fDtQU6WM6tPriviP3rwnh0y2BbiEiSI5 kxvqYG3bXaLOy2oV1jIUlAv1SxvW/krAz60U3oZjY/ozmULtrXkPvuBaIxrnDhhjiRe7WK DiZ/+FwTFNQXboYw4FOs1PNDoMoDXRw= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id cef1d983 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO); Sat, 16 Apr 2022 22:54:56 +0000 (UTC) Date: Sun, 17 Apr 2022 00:54:49 +0200 From: "Jason A. Donenfeld" To: "Maciej W. Rozycki" Cc: Thomas Bogendoerfer , LKML , Linux Crypto Mailing List , Thomas Gleixner , Arnd Bergmann , Theodore Ts'o , Dominik Brodowski , Russell King , Catalin Marinas , Will Deacon , Geert Uytterhoeven , Paul Walmsley , Palmer Dabbelt , Albert Ou , "David S . Miller" , Richard Weinberger , Anton Ivanov , Johannes Berg , Ingo Molnar , Borislav Petkov , Dave Hansen , "H . Peter Anvin" , Chris Zankel , Max Filippov , John Stultz , Stephen Boyd , Dinh Nguyen , linux-arm-kernel , linux-m68k , "open list:BROADCOM NVRAM DRIVER" , linux-riscv , sparclinux , linux-um@lists.infradead.org, X86 ML , linux-xtensa@linux-xtensa.org Subject: Re: [PATCH v4 04/11] mips: use fallback for random_get_entropy() instead of zero Message-ID: References: <20220413115411.21489-1-Jason@zx2c4.com> <20220413115411.21489-5-Jason@zx2c4.com> <20220413122546.GA11860@alpha.franken.de> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_HI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Hi Maciej, On Sat, Apr 16, 2022 at 03:44:53PM +0100, Maciej W. Rozycki wrote: > > Okay, I can give this a shot, but this certainly isn't my forté. It > > may ultimately wind up being simpler for you to just send some code of > > what you envision for this, but if I understand your idea correctly, > > what you're saying is something like: > > > > static inline unsigned long random_get_entropy(void) > > { > > unsigned int prid = read_c0_prid(); > > unsigned int imp = prid & PRID_IMP_MASK; > > unsigned int c0_random; > > > > if (can_use_mips_counter(prid)) > > return read_c0_count(); > > > > if (cpu_has_3kex) > > c0_random = (read_c0_random() >> 8) & 0x3f; > > else > > c0_random = read_c0_random() & 0x3f; > > return (random_get_entropy_fallback() << 6) | (0x3f - c0_random); > > } > > > > What do you think of that? Some tweak I'm missing? > > It certainly looks good to me. Do you have a way I could verify how this > function performs? If so, then I could put it through my systems as I can > cover all the cases handled here. Oh, awesome about the test rig. Below is a little patch that adds some printf code to init, calling the above sequence 70 times in a busy loop and then 30 times after that with a scheduler 1 ms delay in there, printing lots of various about the above calculation. Hopefully that's enough information that it'll be possible to notice if something looks really off when we squint at it. Jason -------------------8<----------------------------------------------------- diff --git a/drivers/char/random.c b/drivers/char/random.c index 3a293f919af9..0b32203aa47f 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -48,6 +48,7 @@ #include #include #include +#include #include #include #include @@ -1781,6 +1782,26 @@ static struct ctl_table random_table[] = { */ static int __init random_sysctls_init(void) { + + int i; + for (i = 0; i < 100; ++i) { + if (can_use_mips_counter(read_c0_prid())) + pr_err("SARU %d c0 count: %08x\n", i, read_c0_count()); + else { + unsigned int c0_random = read_c0_random(), c0_random_mask; + unsigned long fallback = random_get_entropy_fallback(), out; + if (cpu_has_3kex) + c0_random_mask = (c0_random >> 8) & 0x3f; + else + c0_random_mask = c0_random & 0x3f; + out = (fallback << 6) | (0x3f - c0_random_mask); + pr_err("SARU: %d (%08x >> n) & 0x3f = %08x, inverted = %08x, fallback = %08lx, fallback << 6 = %08lx, combined = %08lx\n", + i, c0_random, c0_random_mask, 0x3f - c0_random_mask, fallback, fallback << 6, out); + } + if (i > 70) + msleep(1); + } + register_sysctl_init("kernel/random", random_table); return 0; } diff --git a/include/linux/timex.h b/include/linux/timex.h index 5745c90c8800..3871b06bd302 100644 --- a/include/linux/timex.h +++ b/include/linux/timex.h @@ -62,6 +62,8 @@ #include #include +unsigned long random_get_entropy_fallback(void); + #include #ifndef random_get_entropy @@ -74,8 +76,14 @@ * * By default we use get_cycles() for this purpose, but individual * architectures may override this in their asm/timex.h header file. + * If a given arch does not have get_cycles(), then we fallback to + * using random_get_entropy_fallback(). */ +#ifdef get_cycles #define random_get_entropy() ((unsigned long)get_cycles()) +#else +#define random_get_entropy() random_get_entropy_fallback() +#endif #endif /* diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c index dcdcb85121e4..7cd2ec239cae 100644 --- a/kernel/time/timekeeping.c +++ b/kernel/time/timekeeping.c @@ -17,6 +17,7 @@ #include #include #include +#include #include #include #include @@ -2380,6 +2381,15 @@ static int timekeeping_validate_timex(const struct __kernel_timex *txc) return 0; } +/** + * random_get_entropy_fallback - Returns the raw clock source value, + * used by random.c for platforms with no valid random_get_entropy(). + */ +unsigned long random_get_entropy_fallback(void) +{ + return tk_clock_read(&tk_core.timekeeper.tkr_mono); +} +EXPORT_SYMBOL_GPL(random_get_entropy_fallback); /** * do_adjtimex() - Accessor function to NTP __do_adjtimex function