random: use registers from interrupted code for CPU's w/o a cycle counter
For CPU's that don't have a cycle counter, or something equivalent which can be used for random_get_entropy(), random_get_entropy() will always return 0. In that case, substitute with the saved interrupt registers to add a bit more unpredictability. Some folks have suggested hashing all of the registers unconditionally, but this would increase the overhead of add_interrupt_randomness() by at least an order of magnitude, and this would very likely be unacceptable. The changes in this commit have been benchmarked as mostly unaffecting the overhead of add_interrupt_randomness() if the entropy counter is present, and doubling the overhead if it is not present. Signed-off-by: Theodore Ts'o <tytso@mit.edu> Cc: Jörn Engel <joern@logfs.org>
This commit is contained in:
		
							parent
							
								
									0f734e6e76
								
							
						
					
					
						commit
						ee3e00e9e7
					
				| @ -551,9 +551,8 @@ static void mix_pool_bytes(struct entropy_store *r, const void *in, | |||||||
| struct fast_pool { | struct fast_pool { | ||||||
| 	__u32		pool[4]; | 	__u32		pool[4]; | ||||||
| 	unsigned long	last; | 	unsigned long	last; | ||||||
|  | 	unsigned short	reg_idx; | ||||||
| 	unsigned char	count; | 	unsigned char	count; | ||||||
| 	unsigned char	notimer_count; |  | ||||||
| 	unsigned char	rotate; |  | ||||||
| }; | }; | ||||||
| 
 | 
 | ||||||
| /*
 | /*
 | ||||||
| @ -857,6 +856,17 @@ static void add_interrupt_bench(cycles_t start) | |||||||
| #define add_interrupt_bench(x) | #define add_interrupt_bench(x) | ||||||
| #endif | #endif | ||||||
| 
 | 
 | ||||||
|  | static __u32 get_reg(struct fast_pool *f, struct pt_regs *regs) | ||||||
|  | { | ||||||
|  | 	__u32 *ptr = (__u32 *) regs; | ||||||
|  | 
 | ||||||
|  | 	if (regs == NULL) | ||||||
|  | 		return 0; | ||||||
|  | 	if (f->reg_idx >= sizeof(struct pt_regs) / sizeof(__u32)) | ||||||
|  | 		f->reg_idx = 0; | ||||||
|  | 	return *(ptr + f->reg_idx++); | ||||||
|  | } | ||||||
|  | 
 | ||||||
| void add_interrupt_randomness(int irq, int irq_flags) | void add_interrupt_randomness(int irq, int irq_flags) | ||||||
| { | { | ||||||
| 	struct entropy_store	*r; | 	struct entropy_store	*r; | ||||||
| @ -869,28 +879,23 @@ void add_interrupt_randomness(int irq, int irq_flags) | |||||||
| 	unsigned long		seed; | 	unsigned long		seed; | ||||||
| 	int			credit = 0; | 	int			credit = 0; | ||||||
| 
 | 
 | ||||||
|  | 	if (cycles == 0) | ||||||
|  | 		cycles = get_reg(fast_pool, regs); | ||||||
| 	c_high = (sizeof(cycles) > 4) ? cycles >> 32 : 0; | 	c_high = (sizeof(cycles) > 4) ? cycles >> 32 : 0; | ||||||
| 	j_high = (sizeof(now) > 4) ? now >> 32 : 0; | 	j_high = (sizeof(now) > 4) ? now >> 32 : 0; | ||||||
| 	fast_pool->pool[0] ^= cycles ^ j_high ^ irq; | 	fast_pool->pool[0] ^= cycles ^ j_high ^ irq; | ||||||
| 	fast_pool->pool[1] ^= now ^ c_high; | 	fast_pool->pool[1] ^= now ^ c_high; | ||||||
| 	ip = regs ? instruction_pointer(regs) : _RET_IP_; | 	ip = regs ? instruction_pointer(regs) : _RET_IP_; | ||||||
| 	fast_pool->pool[2] ^= ip; | 	fast_pool->pool[2] ^= ip; | ||||||
| 	fast_pool->pool[3] ^= ip >> 32; | 	fast_pool->pool[3] ^= (sizeof(ip) > 4) ? ip >> 32 : | ||||||
|  | 		get_reg(fast_pool, regs); | ||||||
| 
 | 
 | ||||||
| 	fast_mix(fast_pool); | 	fast_mix(fast_pool); | ||||||
| 	if ((irq_flags & __IRQF_TIMER) == 0) |  | ||||||
| 		fast_pool->notimer_count++; |  | ||||||
| 	add_interrupt_bench(cycles); | 	add_interrupt_bench(cycles); | ||||||
| 
 | 
 | ||||||
| 	if (cycles) { | 	if ((fast_pool->count < 64) && | ||||||
| 		if ((fast_pool->count < 64) && | 	    !time_after(now, fast_pool->last + HZ)) | ||||||
| 		    !time_after(now, fast_pool->last + HZ)) | 		return; | ||||||
| 			return; |  | ||||||
| 	} else { |  | ||||||
| 		/* CPU does not have a cycle counting register :-( */ |  | ||||||
| 		if (fast_pool->count < 64) |  | ||||||
| 			return; |  | ||||||
| 	} |  | ||||||
| 
 | 
 | ||||||
| 	r = nonblocking_pool.initialized ? &input_pool : &nonblocking_pool; | 	r = nonblocking_pool.initialized ? &input_pool : &nonblocking_pool; | ||||||
| 	if (!spin_trylock(&r->lock)) | 	if (!spin_trylock(&r->lock)) | ||||||
| @ -910,18 +915,10 @@ void add_interrupt_randomness(int irq, int irq_flags) | |||||||
| 	} | 	} | ||||||
| 	spin_unlock(&r->lock); | 	spin_unlock(&r->lock); | ||||||
| 
 | 
 | ||||||
| 	/*
 | 	fast_pool->count = 0; | ||||||
| 	 * If we have a valid cycle counter or if the majority of |  | ||||||
| 	 * interrupts collected were non-timer interrupts, then give |  | ||||||
| 	 * an entropy credit of 1 bit.  Yes, this is being very |  | ||||||
| 	 * conservative. |  | ||||||
| 	 */ |  | ||||||
| 	if (cycles || (fast_pool->notimer_count >= 32)) |  | ||||||
| 		credit++; |  | ||||||
| 
 | 
 | ||||||
| 	fast_pool->count = fast_pool->notimer_count = 0; | 	/* award one bit for the contents of the fast pool */ | ||||||
| 
 | 	credit_entropy_bits(r, credit + 1); | ||||||
| 	credit_entropy_bits(r, credit); |  | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| #ifdef CONFIG_BLOCK | #ifdef CONFIG_BLOCK | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user