Differential D35802 Diff 108358 sys/dev/random/random_harvestq.c

Changeset View

Standalone View

sys/dev/random/random_harvestq.c

Show First 20 Lines • Show All 248 Lines • ▼ Show 20 Lines	random_sources_feed(void)
* For Fortuna, the math currently works out as such:		* For Fortuna, the math currently works out as such:
*		*
* 64 bits * 4 pools = 256 bits per iteration		* 64 bits * 4 pools = 256 bits per iteration
* 256 bits * 10 Hz = 2560 bits per second, 320 B/s		* 256 bits * 10 Hz = 2560 bits per second, 320 B/s
*		*
*/		*/
npools = howmany(p_random_alg_context->ra_poolcount, RANDOM_KTHREAD_HZ);		npools = howmany(p_random_alg_context->ra_poolcount, RANDOM_KTHREAD_HZ);

		/*-
		delphijUnsubmitted Not Done Inline Actions I'd like to check if my understanding was correct for the `!ra_seeded()` case: The `64` was chosen because it's the `RANDOM_FORTUNA_DEFPOOLSIZE` The intention was to attempt to fully populate all pools with fast source data in one `random_kthread` interation We then iterate over all live sources: Realistically, most system has only one live source, that's the CPU provided RNG. For systems where no live source is available, the code below wold be no-op (we then fall back to waiting for other sources, which we have to do anyways) For systems where multiple live sources are available (virtio-rng, or crypto hardware), we could potentially harvest more than we need (but I think this is Okay because we only do the full harvest once as long as they are not all too slow). So the net effect for a typical `!ra_seeded()` case is that when the `random_kthread()` calls `random_sources_feed()`, we attempt to fully fill Fortuna's entropy pools (@10Hz, but hopefully only once) with live sources. For systems with boot entropy loaded, because we already primed RNG well before the random_kthread, this would be a no-op. delphij: I'd like to check if my understanding was correct for the `!ra_seeded()` case: # The `64`…
		* If we're not seeded yet, attempt to perform a "full seed", filling
		delphijUnsubmitted Not Done Inline Actions If the understanding above was correct, should this be changed to `sizeof(entropy)` instead? delphij: If the understanding above was correct, should this be changed to `sizeof(entropy)` instead?
		* all of the PRNG's pools with entropy; if there is enough entropy
		* available from "fast" entropy sources this will allow us to finish
		* seeding and unblock the boot process immediately rather than being
		* stuck for a few seconds with random_kthread gradually collecting a
		* small chunk of entropy every 1 / RANDOM_KTHREAD_HZ seconds.
		*
		* The value 64 below is RANDOM_FORTUNA_DEFPOOLSIZE, i.e. chosen to
		* fill Fortuna's pools in the default configuration. With another
		* PRNG or smaller pools for Fortuna, we might collect more entropy
		* than needed to fill the pools, but this is harmless; alternatively,
		* a different PRNG, larger pools, or fast entropy sources which are
		* not able to provide as much entropy as we request may result in the
		* not being fully seeded (and thus remaining blocked) but in that
		* case we will return here after 1 / RANDOM_KTHREAD_HZ seconds and
		* try again for a large amount of entropy.
		*/
		if (!p_random_alg_context->ra_seeded())
		npools = howmany(p_random_alg_context->ra_poolcount * 64,
		sizeof(entropy));

/*		/*
* Step over all of live entropy sources, and feed their output		* Step over all of live entropy sources, and feed their output
* to the system-wide RNG.		* to the system-wide RNG.
*/		*/
if (rse_warm)		if (rse_warm)
epoch_enter_preempt(rs_epoch, &et);		epoch_enter_preempt(rs_epoch, &et);
CK_LIST_FOREACH(rrs, &source_list, rrs_entries) {		CK_LIST_FOREACH(rrs, &source_list, rrs_entries) {
for (i = 0; i < npools; i++) {		for (i = 0; i < npools; i++) {
▲ Show 20 Lines • Show All 415 Lines • Show Last 20 Lines