From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 67FAAC433F5 for ; Thu, 21 Apr 2022 20:01:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1392152AbiDUUES (ORCPT ); Thu, 21 Apr 2022 16:04:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60674 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1351747AbiDUUER (ORCPT ); Thu, 21 Apr 2022 16:04:17 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 092714A3C7; Thu, 21 Apr 2022 13:01:27 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 95DE361D12; Thu, 21 Apr 2022 20:01:26 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6E617C385AC; Thu, 21 Apr 2022 20:01:25 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="HCRfyF38" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1650571280; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=IVI0f+ocmJtlhFxk/uZrvdqDTyR8lckMkgJ5ub79Rvw=; b=HCRfyF38mnLQXcOTFSXKgBg9DKBh8IA5Rgq8rSFB+k1BPBeTgxZhNvZmvFXon1TUCMr+uv Ll6vBU7HHeLXwOL1T4mq+aYx4eosLji/rSUeWOVSUHoFzGcA1zeLQzs79spezy0RJTANQ0 ylbV10iHMlVme2K3/QDQc+1wyz7F+PM= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id f3e58514 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO); Thu, 21 Apr 2022 20:01:20 +0000 (UTC) Received: by mail-yw1-f182.google.com with SMTP id 00721157ae682-2f4e375daaeso8742177b3.3; Thu, 21 Apr 2022 13:01:19 -0700 (PDT) X-Gm-Message-State: AOAM531cUAAF/UUSjZ3bIO9Hi6TOp7AIfYy7LO5cZebvRnv2UcXn274M C3HBDu1m3K0e3Juq/o0hrzl0V1iot/Lfe770j9k= X-Google-Smtp-Source: ABdhPJw1yKUuvp2WFU2NDFEJJ0fy26Ib6CtYqZu+dI6yF4MSf/3YsV3ORuUj8k41EwOAXPlE3IINgUUtio0oQHxF65c= X-Received: by 2002:a81:1a49:0:b0:2eb:f4cd:b3f1 with SMTP id a70-20020a811a49000000b002ebf4cdb3f1mr1435082ywa.231.1650571274982; Thu, 21 Apr 2022 13:01:14 -0700 (PDT) MIME-Version: 1.0 References: <20220419111650.1582274-1-Jason@zx2c4.com> <20220419111650.1582274-5-Jason@zx2c4.com> In-Reply-To: From: "Jason A. Donenfeld" Date: Thu, 21 Apr 2022 22:01:03 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v5 04/11] mips: use fallback for random_get_entropy() instead of just c0 random To: "Maciej W. Rozycki" , Thomas Bogendoerfer Cc: LKML , Linux Crypto Mailing List , Thomas Gleixner , Arnd Bergmann , "Theodore Ts'o" , Dominik Brodowski , Russell King , Catalin Marinas , Will Deacon , Geert Uytterhoeven , Paul Walmsley , Palmer Dabbelt , Albert Ou , "David S . Miller" , Richard Weinberger , Anton Ivanov , Johannes Berg , Ingo Molnar , Borislav Petkov , Dave Hansen , "H . Peter Anvin" , Chris Zankel , Max Filippov , Stephen Boyd , Dinh Nguyen , linux-arm-kernel , linux-m68k , "open list:BROADCOM NVRAM DRIVER" , linux-riscv , sparclinux , linux-um@lists.infradead.org, X86 ML , linux-xtensa@linux-xtensa.org Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Hi Maciej, On Thu, Apr 21, 2022 at 9:25 PM Maciej W. Rozycki wrote: > > On Tue, 19 Apr 2022, Jason A. Donenfeld wrote: > > > For situations in which we don't have a c0 counter register available, > > we've been falling back to reading the c0 "random" register, which is > > usually bounded by the amount of TLB entries and changes every other > > cycle or so. This means it wraps extremely often. We can do better by > > combining this fast-changing counter with a potentially slower-changing > > counter from random_get_entropy_fallback() in the more significant bits. > > This commit combines the two, taking into account that the changing bits > > are in a different bit position depending on the CPU model. In addition, > > we previously were falling back to 0 for ancient CPUs that Linux does > > not support anyway; remove that dead path entirely. > > Tested-by: Maciej W. Rozycki > > I've pushed the algorithm through testing with a number of suitable > systems: > > - an R2000A and an R3000A with no timer of any kind, only jiffies, > > - an R3400 with a chipset timer only, > > - an R4400SC with a usable buggy CP0 counter and a chipset timer, > > - a 5Kc with a good CP0 counter only, > > with no obvious issues spotted. Thank you for working on this! Thanks for all the testing! ThomasB - I think maybe you can re-"Acked-by" this now if you're on board with the strategy here? Jason From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id C89BDC433EF for ; Thu, 21 Apr 2022 20:01:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:Subject:Message-ID:Date:From: In-Reply-To:References:MIME-Version:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=sCrcLsTpVjeEPEsMueWiHTTWBQKA4XrDTVqy71vYJN4=; b=PmGX0WiqISNyf4 r8vVsxpyFfVxvdskG0VE+ubAXO3xvebP6UDbHTToQcqgKCAeLmusuomrkemqhVD3VsaSL2S5jJwJ9 5VxApPJc4C5dVu8Dt7iphGAdbClSzq86S5pxZwf8NMVSodKHWehWraMelT9UNCgEVmexUE2YZHBrx 5E8TZ1L7Qd+TnpG0TeVwq4Cl3/FYi2wPcWKqf2f8eBsIq6EWaxCgcFF3/MnNrFtLuxlhMA5bfCII1 jkzIRHzVSZ6rwxP6xbXf3CUI15zMq6HLf7u17I9Hv95GYiZNZ6naPBM08kYJt3zUKt1ai7UuLd0Il bw29umipjrz2wR7DO0EA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1nhczp-00Er6f-D8; Thu, 21 Apr 2022 20:01:45 +0000 Received: from dfw.source.kernel.org ([2604:1380:4641:c500::1]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1nhcze-00Er4w-3A; Thu, 21 Apr 2022 20:01:35 +0000 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id A5BB361CC4; Thu, 21 Apr 2022 20:01:33 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 993E0C385A7; Thu, 21 Apr 2022 20:01:32 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="p1rCsstD" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1650571288; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=IVI0f+ocmJtlhFxk/uZrvdqDTyR8lckMkgJ5ub79Rvw=; b=p1rCsstDY+JGXxBzBD8RxnwrQNMMzB+WgcwwNQro9w0FkVEZFIk2MgsTUS/eNnBXBF3xe5 SNtQCAeqBggun1Zp7cddgyOMf16AtiU/ka3vJK97HlPHcJ0PDUUcQkm4mUz5D/r/Ip6EZH JiN/EEeSnlDeeOtjIcu/cEePG27U+0Q= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 6139d1eb (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO); Thu, 21 Apr 2022 20:01:27 +0000 (UTC) Received: by mail-oo1-f51.google.com with SMTP id y27-20020a4a9c1b000000b0032129651bb0so1035831ooj.2; Thu, 21 Apr 2022 13:01:27 -0700 (PDT) X-Gm-Message-State: AOAM532SEr0Qs5sCC4M0Fb66VtSv4yezi+DgY4QZE2TJl+aMQG1XFCco GHqzLVgdg4cTGhRn5cnQ7yGB3TRPe+E89suehjw= X-Google-Smtp-Source: ABdhPJw1yKUuvp2WFU2NDFEJJ0fy26Ib6CtYqZu+dI6yF4MSf/3YsV3ORuUj8k41EwOAXPlE3IINgUUtio0oQHxF65c= X-Received: by 2002:a81:1a49:0:b0:2eb:f4cd:b3f1 with SMTP id a70-20020a811a49000000b002ebf4cdb3f1mr1435082ywa.231.1650571274982; Thu, 21 Apr 2022 13:01:14 -0700 (PDT) MIME-Version: 1.0 References: <20220419111650.1582274-1-Jason@zx2c4.com> <20220419111650.1582274-5-Jason@zx2c4.com> In-Reply-To: From: "Jason A. Donenfeld" Date: Thu, 21 Apr 2022 22:01:03 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v5 04/11] mips: use fallback for random_get_entropy() instead of just c0 random To: "Maciej W. Rozycki" , Thomas Bogendoerfer Cc: LKML , Linux Crypto Mailing List , Thomas Gleixner , Arnd Bergmann , "Theodore Ts'o" , Dominik Brodowski , Russell King , Catalin Marinas , Will Deacon , Geert Uytterhoeven , Paul Walmsley , Palmer Dabbelt , Albert Ou , "David S . Miller" , Richard Weinberger , Anton Ivanov , Johannes Berg , Ingo Molnar , Borislav Petkov , Dave Hansen , "H . Peter Anvin" , Chris Zankel , Max Filippov , Stephen Boyd , Dinh Nguyen , linux-arm-kernel , linux-m68k , "open list:BROADCOM NVRAM DRIVER" , linux-riscv , sparclinux , linux-um@lists.infradead.org, X86 ML , linux-xtensa@linux-xtensa.org X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220421_130134_235235_6918EEF5 X-CRM114-Status: GOOD ( 22.83 ) X-BeenThere: linux-riscv@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-riscv" Errors-To: linux-riscv-bounces+linux-riscv=archiver.kernel.org@lists.infradead.org Hi Maciej, On Thu, Apr 21, 2022 at 9:25 PM Maciej W. Rozycki wrote: > > On Tue, 19 Apr 2022, Jason A. Donenfeld wrote: > > > For situations in which we don't have a c0 counter register available, > > we've been falling back to reading the c0 "random" register, which is > > usually bounded by the amount of TLB entries and changes every other > > cycle or so. This means it wraps extremely often. We can do better by > > combining this fast-changing counter with a potentially slower-changing > > counter from random_get_entropy_fallback() in the more significant bits. > > This commit combines the two, taking into account that the changing bits > > are in a different bit position depending on the CPU model. In addition, > > we previously were falling back to 0 for ancient CPUs that Linux does > > not support anyway; remove that dead path entirely. > > Tested-by: Maciej W. Rozycki > > I've pushed the algorithm through testing with a number of suitable > systems: > > - an R2000A and an R3000A with no timer of any kind, only jiffies, > > - an R3400 with a chipset timer only, > > - an R4400SC with a usable buggy CP0 counter and a chipset timer, > > - a 5Kc with a good CP0 counter only, > > with no obvious issues spotted. Thank you for working on this! Thanks for all the testing! ThomasB - I think maybe you can re-"Acked-by" this now if you're on board with the strategy here? Jason _______________________________________________ linux-riscv mailing list linux-riscv@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-riscv From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 56955C433EF for ; Thu, 21 Apr 2022 20:02:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:Subject:Message-ID:Date:From: In-Reply-To:References:MIME-Version:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=KaBISNjWp3+E14XY0mA4JWs2RN1GVt+eW6sUZjMeFdI=; b=xANOXKZU9lpEh0 zbk6V3KTSex1o95PWsYhLLuz9qjW+sDgtfQGm+4IhTfAgIeYeurnGiU/R3pugJ5mk4YVzsMdxs1Dd gyLK0gTUKOuh9IZuWa0XDaIZIM/z4BkgayeuzRWGzZh1IZibW8EjnJ1b956dAOTbjH4C1DIgHU3de PkRi3AwaldKzbQYk+C52BbaXhNfMRNk+QuXMu6rjqANsLa4XZ1YcpUVpk1V7E0/LlHLUZFBpRNQ3E uiX6NuV++8km0fAvKc1KpCjDsT6MwYAK23WtZFtBB/4COKK64s84vCU/Fz+HqBhQS5EilBzvvpNvn vlUOadlsmWWGSmTt8mrg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1nhczh-00Er5v-7g; Thu, 21 Apr 2022 20:01:37 +0000 Received: from dfw.source.kernel.org ([2604:1380:4641:c500::1]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1nhcze-00Er4w-3A; Thu, 21 Apr 2022 20:01:35 +0000 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id A5BB361CC4; Thu, 21 Apr 2022 20:01:33 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 993E0C385A7; Thu, 21 Apr 2022 20:01:32 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="p1rCsstD" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1650571288; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=IVI0f+ocmJtlhFxk/uZrvdqDTyR8lckMkgJ5ub79Rvw=; b=p1rCsstDY+JGXxBzBD8RxnwrQNMMzB+WgcwwNQro9w0FkVEZFIk2MgsTUS/eNnBXBF3xe5 SNtQCAeqBggun1Zp7cddgyOMf16AtiU/ka3vJK97HlPHcJ0PDUUcQkm4mUz5D/r/Ip6EZH JiN/EEeSnlDeeOtjIcu/cEePG27U+0Q= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 6139d1eb (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO); Thu, 21 Apr 2022 20:01:27 +0000 (UTC) Received: by mail-oo1-f51.google.com with SMTP id y27-20020a4a9c1b000000b0032129651bb0so1035831ooj.2; Thu, 21 Apr 2022 13:01:27 -0700 (PDT) X-Gm-Message-State: AOAM532SEr0Qs5sCC4M0Fb66VtSv4yezi+DgY4QZE2TJl+aMQG1XFCco GHqzLVgdg4cTGhRn5cnQ7yGB3TRPe+E89suehjw= X-Google-Smtp-Source: ABdhPJw1yKUuvp2WFU2NDFEJJ0fy26Ib6CtYqZu+dI6yF4MSf/3YsV3ORuUj8k41EwOAXPlE3IINgUUtio0oQHxF65c= X-Received: by 2002:a81:1a49:0:b0:2eb:f4cd:b3f1 with SMTP id a70-20020a811a49000000b002ebf4cdb3f1mr1435082ywa.231.1650571274982; Thu, 21 Apr 2022 13:01:14 -0700 (PDT) MIME-Version: 1.0 References: <20220419111650.1582274-1-Jason@zx2c4.com> <20220419111650.1582274-5-Jason@zx2c4.com> In-Reply-To: From: "Jason A. Donenfeld" Date: Thu, 21 Apr 2022 22:01:03 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v5 04/11] mips: use fallback for random_get_entropy() instead of just c0 random To: "Maciej W. Rozycki" , Thomas Bogendoerfer Cc: LKML , Linux Crypto Mailing List , Thomas Gleixner , Arnd Bergmann , "Theodore Ts'o" , Dominik Brodowski , Russell King , Catalin Marinas , Will Deacon , Geert Uytterhoeven , Paul Walmsley , Palmer Dabbelt , Albert Ou , "David S . Miller" , Richard Weinberger , Anton Ivanov , Johannes Berg , Ingo Molnar , Borislav Petkov , Dave Hansen , "H . Peter Anvin" , Chris Zankel , Max Filippov , Stephen Boyd , Dinh Nguyen , linux-arm-kernel , linux-m68k , "open list:BROADCOM NVRAM DRIVER" , linux-riscv , sparclinux , linux-um@lists.infradead.org, X86 ML , linux-xtensa@linux-xtensa.org X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220421_130134_235235_6918EEF5 X-CRM114-Status: GOOD ( 22.83 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Hi Maciej, On Thu, Apr 21, 2022 at 9:25 PM Maciej W. Rozycki wrote: > > On Tue, 19 Apr 2022, Jason A. Donenfeld wrote: > > > For situations in which we don't have a c0 counter register available, > > we've been falling back to reading the c0 "random" register, which is > > usually bounded by the amount of TLB entries and changes every other > > cycle or so. This means it wraps extremely often. We can do better by > > combining this fast-changing counter with a potentially slower-changing > > counter from random_get_entropy_fallback() in the more significant bits. > > This commit combines the two, taking into account that the changing bits > > are in a different bit position depending on the CPU model. In addition, > > we previously were falling back to 0 for ancient CPUs that Linux does > > not support anyway; remove that dead path entirely. > > Tested-by: Maciej W. Rozycki > > I've pushed the algorithm through testing with a number of suitable > systems: > > - an R2000A and an R3000A with no timer of any kind, only jiffies, > > - an R3400 with a chipset timer only, > > - an R4400SC with a usable buggy CP0 counter and a chipset timer, > > - a 5Kc with a good CP0 counter only, > > with no obvious issues spotted. Thank you for working on this! Thanks for all the testing! ThomasB - I think maybe you can re-"Acked-by" this now if you're on board with the strategy here? Jason _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel