From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org,
tglx@linutronix.de, arnd@arndb.de
Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>,
Theodore Ts'o <tytso@mit.edu>,
Dominik Brodowski <linux@dominikbrodowski.net>,
Russell King <linux@armlinux.org.uk>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>,
Geert Uytterhoeven <geert@linux-m68k.org>,
Thomas Bogendoerfer <tsbogend@alpha.franken.de>,
Paul Walmsley <paul.walmsley@sifive.com>,
Palmer Dabbelt <palmer@dabbelt.com>,
Albert Ou <aou@eecs.berkeley.edu>,
"David S . Miller" <davem@davemloft.net>,
Richard Weinberger <richard@nod.at>,
Anton Ivanov <anton.ivanov@cambridgegreys.com>,
Johannes Berg <johannes@sipsolutions.net>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
"H . Peter Anvin" <hpa@zytor.com>,
Chris Zankel <chris@zankel.net>,
Max Filippov <jcmvbkbc@gmail.com>,
Stephen Boyd <sboyd@kernel.org>,
Dinh Nguyen <dinguyen@kernel.org>,
linux-arm-kernel@lists.infradead.org,
linux-m68k@lists.linux-m68k.org, linux-mips@vger.kernel.org,
linux-riscv@lists.infradead.org, sparclinux@vger.kernel.org,
linux-um@lists.infradead.org, x86@kernel.org,
linux-xtensa@linux-xtensa.org,
"Maciej W . Rozycki" <macro@orcam.me.uk>
Subject: [PATCH v5 04/11] mips: use fallback for random_get_entropy() instead of just c0 random
Date: Tue, 19 Apr 2022 13:16:43 +0200 [thread overview]
Message-ID: <20220419111650.1582274-5-Jason@zx2c4.com> (raw)
In-Reply-To: <20220419111650.1582274-1-Jason@zx2c4.com>
For situations in which we don't have a c0 counter register available,
we've been falling back to reading the c0 "random" register, which is
usually bounded by the amount of TLB entries and changes every other
cycle or so. This means it wraps extremely often. We can do better by
combining this fast-changing counter with a potentially slower-changing
counter from random_get_entropy_fallback() in the more significant bits.
This commit combines the two, taking into account that the changing bits
are in a different bit position depending on the CPU model. In addition,
we previously were falling back to 0 for ancient CPUs that Linux does
not support anyway; remove that dead path entirely.
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Cc: Maciej W. Rozycki <macro@orcam.me.uk>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
ThomasB - I dropped your Ack from v4, because this is pretty different
from v4 now.
Maciej - you mentioned you had a test rig. Think you could provide a
"Tested-by" if this approach works?
arch/mips/include/asm/timex.h | 16 +++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)
diff --git a/arch/mips/include/asm/timex.h b/arch/mips/include/asm/timex.h
index b05bb70a2e46..e3f5460a923b 100644
--- a/arch/mips/include/asm/timex.h
+++ b/arch/mips/include/asm/timex.h
@@ -80,21 +80,19 @@ static inline cycles_t get_cycles(void)
/*
* Like get_cycles - but where c0_count is not available we desperately
* use c0_random in an attempt to get at least a little bit of entropy.
- *
- * R6000 and R6000A neither have a count register nor a random register.
- * That leaves no entropy source in the CPU itself.
*/
static inline unsigned long random_get_entropy(void)
{
- unsigned int prid = read_c0_prid();
- unsigned int imp = prid & PRID_IMP_MASK;
+ unsigned int c0_random;
- if (can_use_mips_counter(prid))
+ if (can_use_mips_counter(read_c0_prid()))
return read_c0_count();
- else if (likely(imp != PRID_IMP_R6000 && imp != PRID_IMP_R6000A))
- return read_c0_random();
+
+ if (cpu_has_3kex)
+ c0_random = (read_c0_random() >> 8) & 0x3f;
else
- return 0; /* no usable register */
+ c0_random = read_c0_random() & 0x3f;
+ return (random_get_entropy_fallback() << 6) | (0x3f - c0_random);
}
#define random_get_entropy random_get_entropy
--
2.35.1
WARNING: multiple messages have this Message-ID (diff)
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org,
tglx@linutronix.de, arnd@arndb.de
Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>,
Theodore Ts'o <tytso@mit.edu>,
Dominik Brodowski <linux@dominikbrodowski.net>,
Russell King <linux@armlinux.org.uk>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>,
Geert Uytterhoeven <geert@linux-m68k.org>,
Thomas Bogendoerfer <tsbogend@alpha.franken.de>,
Paul Walmsley <paul.walmsley@sifive.com>,
Palmer Dabbelt <palmer@dabbelt.com>,
Albert Ou <aou@eecs.berkeley.edu>,
"David S . Miller" <davem@davemloft.net>,
Richard Weinberger <richard@nod.at>,
Anton Ivanov <anton.ivanov@cambridgegreys.com>,
Johannes Berg <johannes@sipsolutions.net>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
"H . Peter Anvin" <hpa@zytor.com>,
Chris Zankel <chris@zankel.net>,
Max Filippov <jcmvbkbc@gmail.com>,
Stephen Boyd <sboyd@kernel.org>,
Dinh Nguyen <dinguyen@kernel.org>,
linux-arm-kernel@lists.infradead.org,
linux-m68k@lists.linux-m68k.org, linux-mips@vger.kernel.org,
linux-riscv@lists.infradead.org, sparclinux@vger.kernel.org,
linux-um@lists.infradead.org, x86@kernel.org,
linux-xtensa@linux-xtensa.org,
"Maciej W . Rozycki" <macro@orcam.me.uk>
Subject: [PATCH v5 04/11] mips: use fallback for random_get_entropy() instead of just c0 random
Date: Tue, 19 Apr 2022 13:16:43 +0200 [thread overview]
Message-ID: <20220419111650.1582274-5-Jason@zx2c4.com> (raw)
In-Reply-To: <20220419111650.1582274-1-Jason@zx2c4.com>
For situations in which we don't have a c0 counter register available,
we've been falling back to reading the c0 "random" register, which is
usually bounded by the amount of TLB entries and changes every other
cycle or so. This means it wraps extremely often. We can do better by
combining this fast-changing counter with a potentially slower-changing
counter from random_get_entropy_fallback() in the more significant bits.
This commit combines the two, taking into account that the changing bits
are in a different bit position depending on the CPU model. In addition,
we previously were falling back to 0 for ancient CPUs that Linux does
not support anyway; remove that dead path entirely.
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Cc: Maciej W. Rozycki <macro@orcam.me.uk>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
ThomasB - I dropped your Ack from v4, because this is pretty different
from v4 now.
Maciej - you mentioned you had a test rig. Think you could provide a
"Tested-by" if this approach works?
arch/mips/include/asm/timex.h | 16 +++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)
diff --git a/arch/mips/include/asm/timex.h b/arch/mips/include/asm/timex.h
index b05bb70a2e46..e3f5460a923b 100644
--- a/arch/mips/include/asm/timex.h
+++ b/arch/mips/include/asm/timex.h
@@ -80,21 +80,19 @@ static inline cycles_t get_cycles(void)
/*
* Like get_cycles - but where c0_count is not available we desperately
* use c0_random in an attempt to get at least a little bit of entropy.
- *
- * R6000 and R6000A neither have a count register nor a random register.
- * That leaves no entropy source in the CPU itself.
*/
static inline unsigned long random_get_entropy(void)
{
- unsigned int prid = read_c0_prid();
- unsigned int imp = prid & PRID_IMP_MASK;
+ unsigned int c0_random;
- if (can_use_mips_counter(prid))
+ if (can_use_mips_counter(read_c0_prid()))
return read_c0_count();
- else if (likely(imp != PRID_IMP_R6000 && imp != PRID_IMP_R6000A))
- return read_c0_random();
+
+ if (cpu_has_3kex)
+ c0_random = (read_c0_random() >> 8) & 0x3f;
else
- return 0; /* no usable register */
+ c0_random = read_c0_random() & 0x3f;
+ return (random_get_entropy_fallback() << 6) | (0x3f - c0_random);
}
#define random_get_entropy random_get_entropy
--
2.35.1
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
WARNING: multiple messages have this Message-ID (diff)
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org,
tglx@linutronix.de, arnd@arndb.de
Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>,
Theodore Ts'o <tytso@mit.edu>,
Dominik Brodowski <linux@dominikbrodowski.net>,
Russell King <linux@armlinux.org.uk>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>,
Geert Uytterhoeven <geert@linux-m68k.org>,
Thomas Bogendoerfer <tsbogend@alpha.franken.de>,
Paul Walmsley <paul.walmsley@sifive.com>,
Palmer Dabbelt <palmer@dabbelt.com>,
Albert Ou <aou@eecs.berkeley.edu>,
"David S . Miller" <davem@davemloft.net>,
Richard Weinberger <richard@nod.at>,
Anton Ivanov <anton.ivanov@cambridgegreys.com>,
Johannes Berg <johannes@sipsolutions.net>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
"H . Peter Anvin" <hpa@zytor.com>,
Chris Zankel <chris@zankel.net>,
Max Filippov <jcmvbkbc@gmail.com>,
Stephen Boyd <sboyd@kernel.org>,
Dinh Nguyen <dinguyen@kernel.org>,
linux-arm-kernel@lists.infradead.org,
linux-m68k@lists.linux-m68k.org, linux-mips@vger.kernel.org,
linux-riscv@lists.infradead.org, sparclinux@vger.kernel.org,
linux-um@lists.infradead.org, x86@kernel.org,
linux-xtensa@linux-xtensa.org,
"Maciej W . Rozycki" <macro@orcam.me.uk>
Subject: [PATCH v5 04/11] mips: use fallback for random_get_entropy() instead of just c0 random
Date: Tue, 19 Apr 2022 13:16:43 +0200 [thread overview]
Message-ID: <20220419111650.1582274-5-Jason@zx2c4.com> (raw)
In-Reply-To: <20220419111650.1582274-1-Jason@zx2c4.com>
For situations in which we don't have a c0 counter register available,
we've been falling back to reading the c0 "random" register, which is
usually bounded by the amount of TLB entries and changes every other
cycle or so. This means it wraps extremely often. We can do better by
combining this fast-changing counter with a potentially slower-changing
counter from random_get_entropy_fallback() in the more significant bits.
This commit combines the two, taking into account that the changing bits
are in a different bit position depending on the CPU model. In addition,
we previously were falling back to 0 for ancient CPUs that Linux does
not support anyway; remove that dead path entirely.
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Cc: Maciej W. Rozycki <macro@orcam.me.uk>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
ThomasB - I dropped your Ack from v4, because this is pretty different
from v4 now.
Maciej - you mentioned you had a test rig. Think you could provide a
"Tested-by" if this approach works?
arch/mips/include/asm/timex.h | 16 +++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)
diff --git a/arch/mips/include/asm/timex.h b/arch/mips/include/asm/timex.h
index b05bb70a2e46..e3f5460a923b 100644
--- a/arch/mips/include/asm/timex.h
+++ b/arch/mips/include/asm/timex.h
@@ -80,21 +80,19 @@ static inline cycles_t get_cycles(void)
/*
* Like get_cycles - but where c0_count is not available we desperately
* use c0_random in an attempt to get at least a little bit of entropy.
- *
- * R6000 and R6000A neither have a count register nor a random register.
- * That leaves no entropy source in the CPU itself.
*/
static inline unsigned long random_get_entropy(void)
{
- unsigned int prid = read_c0_prid();
- unsigned int imp = prid & PRID_IMP_MASK;
+ unsigned int c0_random;
- if (can_use_mips_counter(prid))
+ if (can_use_mips_counter(read_c0_prid()))
return read_c0_count();
- else if (likely(imp != PRID_IMP_R6000 && imp != PRID_IMP_R6000A))
- return read_c0_random();
+
+ if (cpu_has_3kex)
+ c0_random = (read_c0_random() >> 8) & 0x3f;
else
- return 0; /* no usable register */
+ c0_random = read_c0_random() & 0x3f;
+ return (random_get_entropy_fallback() << 6) | (0x3f - c0_random);
}
#define random_get_entropy random_get_entropy
--
2.35.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2022-04-19 11:17 UTC|newest]
Thread overview: 75+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-19 11:16 [PATCH v5 00/11] archs/random: fallback to best raw ktime when no cycle counter Jason A. Donenfeld
2022-04-19 11:16 ` Jason A. Donenfeld
2022-04-19 11:16 ` Jason A. Donenfeld
2022-04-19 11:16 ` [PATCH v5 01/11] timekeeping: add raw clock fallback for random_get_entropy() Jason A. Donenfeld
2022-04-19 11:16 ` Jason A. Donenfeld
2022-04-19 11:16 ` Jason A. Donenfeld
2022-04-19 11:16 ` [PATCH v5 02/11] m68k: use fallback for random_get_entropy() instead of zero Jason A. Donenfeld
2022-04-19 11:16 ` Jason A. Donenfeld
2022-04-19 11:16 ` Jason A. Donenfeld
2022-04-19 11:16 ` [PATCH v5 03/11] riscv: " Jason A. Donenfeld
2022-04-19 11:16 ` Jason A. Donenfeld
2022-04-19 11:16 ` Jason A. Donenfeld
2022-04-19 11:16 ` Jason A. Donenfeld [this message]
2022-04-19 11:16 ` [PATCH v5 04/11] mips: use fallback for random_get_entropy() instead of just c0 random Jason A. Donenfeld
2022-04-19 11:16 ` Jason A. Donenfeld
2022-04-21 19:25 ` Maciej W. Rozycki
2022-04-21 19:25 ` Maciej W. Rozycki
2022-04-21 19:25 ` Maciej W. Rozycki
2022-04-21 20:01 ` Jason A. Donenfeld
2022-04-21 20:01 ` Jason A. Donenfeld
2022-04-21 20:01 ` Jason A. Donenfeld
2022-04-21 21:05 ` Thomas Bogendoerfer
2022-04-21 21:05 ` Thomas Bogendoerfer
2022-04-21 21:05 ` Thomas Bogendoerfer
2022-04-19 11:16 ` [PATCH v5 05/11] arm: use fallback for random_get_entropy() instead of zero Jason A. Donenfeld
2022-04-19 11:16 ` Jason A. Donenfeld
2022-04-19 11:16 ` Jason A. Donenfeld
2022-04-19 11:16 ` [PATCH v5 06/11] nios2: " Jason A. Donenfeld
2022-04-19 11:16 ` Jason A. Donenfeld
2022-04-19 11:16 ` Jason A. Donenfeld
2022-05-02 21:01 ` Dinh Nguyen
2022-05-02 21:01 ` Dinh Nguyen
2022-05-02 21:01 ` Dinh Nguyen
2022-04-19 11:16 ` [PATCH v5 07/11] x86: " Jason A. Donenfeld
2022-04-19 11:16 ` Jason A. Donenfeld
2022-04-19 11:16 ` Jason A. Donenfeld
2022-04-19 18:16 ` Borislav Petkov
2022-04-19 18:16 ` Borislav Petkov
2022-04-19 18:16 ` Borislav Petkov
2022-04-19 18:38 ` Jason A. Donenfeld
2022-04-19 18:38 ` Jason A. Donenfeld
2022-04-19 18:38 ` Jason A. Donenfeld
2022-04-19 18:59 ` Borislav Petkov
2022-04-19 18:59 ` Borislav Petkov
2022-04-19 18:59 ` Borislav Petkov
2022-04-19 19:00 ` Jason A. Donenfeld
2022-04-19 19:00 ` Jason A. Donenfeld
2022-04-19 19:00 ` Jason A. Donenfeld
2022-04-19 11:16 ` [PATCH v5 08/11] um: " Jason A. Donenfeld
2022-04-19 11:16 ` Jason A. Donenfeld
2022-04-19 11:16 ` Jason A. Donenfeld
2022-04-19 11:33 ` Johannes Berg
2022-04-19 11:33 ` Johannes Berg
2022-04-19 11:33 ` Johannes Berg
2022-04-19 11:37 ` Jason A. Donenfeld
2022-04-19 11:37 ` Jason A. Donenfeld
2022-04-19 11:37 ` Jason A. Donenfeld
2022-04-19 11:16 ` [PATCH v5 09/11] sparc: " Jason A. Donenfeld
2022-04-19 11:16 ` Jason A. Donenfeld
2022-04-19 11:16 ` Jason A. Donenfeld
2022-04-19 11:16 ` [PATCH v5 10/11] xtensa: " Jason A. Donenfeld
2022-04-19 11:16 ` Jason A. Donenfeld
2022-04-19 11:16 ` Jason A. Donenfeld
2022-04-21 8:00 ` Max Filippov
2022-04-21 8:00 ` Max Filippov
2022-04-21 8:00 ` Max Filippov
2022-04-19 11:16 ` [PATCH v5 11/11] random: insist on random_get_entropy() existing in order to simplify Jason A. Donenfeld
2022-04-19 11:16 ` Jason A. Donenfeld
2022-04-19 11:16 ` Jason A. Donenfeld
2022-04-23 2:24 ` Sandy Harris
2022-04-23 2:24 ` Sandy Harris
2022-04-23 2:24 ` Sandy Harris
2022-04-23 10:00 ` Jason A. Donenfeld
2022-04-23 10:00 ` Jason A. Donenfeld
2022-04-23 10:00 ` Jason A. Donenfeld
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220419111650.1582274-5-Jason@zx2c4.com \
--to=jason@zx2c4.com \
--cc=anton.ivanov@cambridgegreys.com \
--cc=aou@eecs.berkeley.edu \
--cc=arnd@arndb.de \
--cc=bp@alien8.de \
--cc=catalin.marinas@arm.com \
--cc=chris@zankel.net \
--cc=dave.hansen@linux.intel.com \
--cc=davem@davemloft.net \
--cc=dinguyen@kernel.org \
--cc=geert@linux-m68k.org \
--cc=hpa@zytor.com \
--cc=jcmvbkbc@gmail.com \
--cc=johannes@sipsolutions.net \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-m68k@lists.linux-m68k.org \
--cc=linux-mips@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=linux-um@lists.infradead.org \
--cc=linux-xtensa@linux-xtensa.org \
--cc=linux@armlinux.org.uk \
--cc=linux@dominikbrodowski.net \
--cc=macro@orcam.me.uk \
--cc=mingo@redhat.com \
--cc=palmer@dabbelt.com \
--cc=paul.walmsley@sifive.com \
--cc=richard@nod.at \
--cc=sboyd@kernel.org \
--cc=sparclinux@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=tsbogend@alpha.franken.de \
--cc=tytso@mit.edu \
--cc=will@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.