Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp1294725imw;
        Tue, 5 Jul 2022 07:07:17 -0700 (PDT)
X-Google-Smtp-Source: AGRyM1tQZNdttVQxkKyqb/G0crnzZHCmQtjMPLxZlYKJ8I1z7nflutGrj0xVv8FKbgYdmlam1Pcg
X-Received: by 2002:a17:90b:1e06:b0:1ec:b513:4523 with SMTP id pg6-20020a17090b1e0600b001ecb5134523mr44183673pjb.58.1657030037271;
        Tue, 05 Jul 2022 07:07:17 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1657030037; cv=none;
        d=google.com; s=arc-20160816;
        b=0EGiaP0nyk5DLAoti8b+kZKgm4dp5ndu1pkNNz/OAeRvq2uzMTcMUs5Q1aeRmJSyEm
         DV+65NdHZMJ6Mva6V9SPJ600xQGyYXEEkPzTwz3S8sfgz3LSTZVSl5sKDs4fwjJ8zxaT
         sFiK6ZnApzH4oHtfuK60+AtI3CB7UMU5ueiC5jIKfT6u8wOrV6d2kx5Rc8BUkmvfLhpG
         hCRitPe9ygl6e8hT2j5hfa682ZqvILVUkAyy9W+kJ0VPdByDhSqjU6bPhk3mF7mrGoAp
         TT4+PsJzIK3bUwVNbtjQzWgzL8GnYbNfR/lsJx1e2V5Z4glsEvz0dwGE9F5iksiuy+jE
         cTnA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:dkim-signature;
        bh=se6L8p5H3lyi4cYsraIxRpM/o0jGdXXLjH1kl8y+UVI=;
        b=Yokv/7bFtJxttdSXms3e9tfa7IkfhRd2AjjfGftAdhIoTGBOrTYtUIEc1aUR9GgoBP
         AUPSTkpfJAX3eaeAOGZN4ARSevnI+f65FyPYNYGDLsXJ/L0/f9j5YIopLrFxqkWFlapy
         k++6e1B/0yaIUkan2uzLcfvB267pQvsWnBQIz1Sw1mnPiSlGpTdZNmUxB9EPDM6hs8Da
         3WPBwC8GxFQd8u79qq/UyhaPSq4afY9hDnio8v+Jh4C1yWV2kFsNaXh05sc2Tetdttwk
         rfXnCd4dGeA4c3Q8lJW0Z0RXkT9hhS0EazGKlNkBKlV66hRgyrHYb5QepHf+DCknWqK7
         l5xg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=gtXqbFEn;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id ng8-20020a17090b1a8800b001ecd48cd589si27474075pjb.85.2022.07.05.07.07.00;
        Tue, 05 Jul 2022 07:07:17 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=gtXqbFEn;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231840AbiGEN71 (ORCPT <rfc822;ap420073@gmail.com> + 99 others);
        Tue, 5 Jul 2022 09:59:27 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47268 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231875AbiGEN7N (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Tue, 5 Jul 2022 09:59:13 -0400
Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8A4A428E10;
        Tue,  5 Jul 2022 06:42:28 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by dfw.source.kernel.org (Postfix) with ESMTPS id E7499616C5;
        Tue,  5 Jul 2022 13:42:27 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 78815C341C7;
        Tue,  5 Jul 2022 13:42:25 +0000 (UTC)
Authentication-Results: smtp.kernel.org;
        dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="gtXqbFEn"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105;
        t=1657028543;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         in-reply-to:in-reply-to:references:references;
        bh=se6L8p5H3lyi4cYsraIxRpM/o0jGdXXLjH1kl8y+UVI=;
        b=gtXqbFEnKtFFGPYQoSCGeXjV3K6cLu8poukGGBUMIJn0geErF4t8toYjTETYKzbmhkdrdg
        XXy1mpj8gVno/g27HQ3o9f03PKAfhK/+DfyoKXuxqxWbR9DnrRY7DcMI76Eun46B8dSbXh
        3TN1RblXRwuwWqtK3cWatR0IWOoQeyc=
Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 2493cf55 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO);
        Tue, 5 Jul 2022 13:42:23 +0000 (UTC)
Date:   Tue, 5 Jul 2022 15:42:21 +0200
From:   "Jason A. Donenfeld" <Jason@zx2c4.com>
To:     Holger Dengler <dengler@linux.ibm.com>
Cc:     Harald Freudenberger <freude@linux.ibm.com>,
        Heiko Carstens <hca@linux.ibm.com>,
        Vasily Gorbik <gor@linux.ibm.com>,
        Alexander Gordeev <agordeev@linux.ibm.com>,
        Christian Borntraeger <borntraeger@linux.ibm.com>,
        Juergen Christ <jchrist@linux.ibm.com>,
        linux-crypto@vger.kernel.org, linux-s390@vger.kernel.org
Subject: Re: [PATCH v1 1/1] s390/arch_random: Buffer true random data
Message-ID: <YsQ/vZSkzWPLwIte@zx2c4.com>
References: <20220705112712.4433-1-dengler@linux.ibm.com>
 <20220705112712.4433-2-dengler@linux.ibm.com>
 <YsQ6OOrOWPhdynoM@zx2c4.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <YsQ6OOrOWPhdynoM@zx2c4.com>
X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
        RCVD_IN_DNSWL_HI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE
        autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

Hey again,

On Tue, Jul 5, 2022 at 3:18 PM Jason A. Donenfeld <Jason@zx2c4.com> wrote:
> On Tue, Jul 05, 2022 at 01:27:12PM +0200, Holger Dengler wrote:
> > The trng instruction is very expensive and has a constant runtime for
> > getting 0 to 32 bytes of (conditioned) true random data. Calling trng for

Thinking about this a bit more, though, makes me think that maybe the
API itself is suboptimal.

First, we never use arch_get_random_int() anywhere in the kernel, so in
theory it could be removed. Next, we could change the signature of it to
be something like:

  static inline size_t arch_get_random_words_seed(unsigned long *buf, size_t num_words);
  static inline size_t arch_get_random_words(unsigned long *buf, size_t num_words);

Since it's a static inline, when words==1, the code would be constant
folded to the same thing it is now on x86. And when it's larger, we'd
get more bang for our buck on s390.

An unfortunate complication is that the uses in random.c currently
follow the pattern of:

  if (!arch_get_random_seed_long(&v) || !arch_get_random_long(&v))
      v = random_get_entropy();

And in that way things cascade down nicely per word, depending on
current bus activity. The cascade would get a little bit uglier with
what I suggested above. So we'd need to figure out something there to
make that not hideous or result in awful codegen or something. This is,
no doubt, a snag.

Anyway, If you want to work on a tree-wide cleanup of this, I'd be happy
to consider something like that in the random.git tree for 5.20.
But, alternatively, maybe you think none of the above is really worth it
just to get more per call from the TRNG, and so emphatic "meh" on what
I've described. I can see this perspective well too.

Jason