Message ID | 20220413115411.21489-4-Jason@zx2c4.com (mailing list archive) |
---|---|
State | Not Applicable |
Delegated to: | Herbert Xu |
Headers | show |
Series | archs/random: fallback to best raw ktime when no cycle counter | expand |
On Wed, Apr 13, 2022 at 6:56 AM Jason A. Donenfeld <Jason@zx2c4.com> wrote: > > In the event that random_get_entropy() can't access a cycle counter or > similar, falling back to returning 0 is really not the best we can do. > Instead, at least calling random_get_entropy_fallback() would be > preferable, because that always needs to return _something_, even > falling back to jiffies eventually. It's not as though > random_get_entropy_fallback() is super high precision or guaranteed to > be entropic, but basically anything that's not zero all the time is > better than returning zero all the time. > > Cc: Thomas Gleixner <tglx@linutronix.de> > Cc: Arnd Bergmann <arnd@arndb.de> > Cc: Paul Walmsley <paul.walmsley@sifive.com> > Cc: Palmer Dabbelt <palmer@dabbelt.com> > Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> > --- > arch/riscv/include/asm/timex.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/arch/riscv/include/asm/timex.h b/arch/riscv/include/asm/timex.h > index 507cae273bc6..d6a7428f6248 100644 > --- a/arch/riscv/include/asm/timex.h > +++ b/arch/riscv/include/asm/timex.h > @@ -41,7 +41,7 @@ static inline u32 get_cycles_hi(void) > static inline unsigned long random_get_entropy(void) > { > if (unlikely(clint_time_val == NULL)) Moving this check to get_cycles() implementation would eliminate the RiscV implementation of random_get_entropy() if you follow my other suggestion. I guess there's some advantage to skipping a NULL check every time for get_cycles(), but really the register read time will be much slower than an added check. > - return 0; > + return random_get_entropy_fallback(); > return get_cycles(); > } > #define random_get_entropy() random_get_entropy()
Hi Rob, On Wed, Apr 13, 2022 at 4:40 PM Rob Herring <robh@kernel.org> wrote: > Moving this check to get_cycles() implementation would eliminate the > RiscV implementation of random_get_entropy() if you follow my other > suggestion. Not an option. random_get_entropy() != get_cycles(). Sometimes these are different functions. Returning random_get_entropy_fallback() from get_cycles(), for example, wouldn't make any sense. Jason
diff --git a/arch/riscv/include/asm/timex.h b/arch/riscv/include/asm/timex.h index 507cae273bc6..d6a7428f6248 100644 --- a/arch/riscv/include/asm/timex.h +++ b/arch/riscv/include/asm/timex.h @@ -41,7 +41,7 @@ static inline u32 get_cycles_hi(void) static inline unsigned long random_get_entropy(void) { if (unlikely(clint_time_val == NULL)) - return 0; + return random_get_entropy_fallback(); return get_cycles(); } #define random_get_entropy() random_get_entropy()
In the event that random_get_entropy() can't access a cycle counter or similar, falling back to returning 0 is really not the best we can do. Instead, at least calling random_get_entropy_fallback() would be preferable, because that always needs to return _something_, even falling back to jiffies eventually. It's not as though random_get_entropy_fallback() is super high precision or guaranteed to be entropic, but basically anything that's not zero all the time is better than returning zero all the time. Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Paul Walmsley <paul.walmsley@sifive.com> Cc: Palmer Dabbelt <palmer@dabbelt.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> --- arch/riscv/include/asm/timex.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)