tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge branch 'entropy'

Merge active entropy generation updates.

This is admittedly partly "for discussion". We need to have a way
forward for the boot time deadlocks where user space ends up waiting for
more entropy, but no entropy is forthcoming because the system is
entirely idle just waiting for something to happen.

While this was triggered by what is arguably a user space bug with
GDM/gnome-session asking for secure randomness during early boot, when
they didn't even need any such truly secure thing, the issue ends up
being that our "getrandom()" interface is prone to that kind of
confusion, because people don't think very hard about whether they want
to block for sufficient amounts of entropy.

The approach here-in is to decide to not just passively wait for entropy
to happen, but to start actively collecting it if it is missing. This
is not necessarily always possible, but if the architecture has a CPU
cycle counter, there is a fair amount of noise in the exact timings of
reasonably complex loads.

We may end up tweaking the load and the entropy estimates, but this
should be at least a reasonable starting point.

As part of this, we also revert the revert of the ext4 IO pattern
improvement that ended up triggering the reported lack of external
entropy.

* getrandom() active entropy waiting:
Revert "Revert "ext4: make __ext4_get_inode_loc plug""
random: try to actively add entropy rather than passively wait for it

Linus Torvalds 3f2dc279 a3c0e7b1

+64 -1
+61 -1
drivers/char/random.c
··· 1732 1732 } 1733 1733 EXPORT_SYMBOL(get_random_bytes); 1734 1734 1735 + 1736 + /* 1737 + * Each time the timer fires, we expect that we got an unpredictable 1738 + * jump in the cycle counter. Even if the timer is running on another 1739 + * CPU, the timer activity will be touching the stack of the CPU that is 1740 + * generating entropy.. 1741 + * 1742 + * Note that we don't re-arm the timer in the timer itself - we are 1743 + * happy to be scheduled away, since that just makes the load more 1744 + * complex, but we do not want the timer to keep ticking unless the 1745 + * entropy loop is running. 1746 + * 1747 + * So the re-arming always happens in the entropy loop itself. 1748 + */ 1749 + static void entropy_timer(struct timer_list *t) 1750 + { 1751 + credit_entropy_bits(&input_pool, 1); 1752 + } 1753 + 1754 + /* 1755 + * If we have an actual cycle counter, see if we can 1756 + * generate enough entropy with timing noise 1757 + */ 1758 + static void try_to_generate_entropy(void) 1759 + { 1760 + struct { 1761 + unsigned long now; 1762 + struct timer_list timer; 1763 + } stack; 1764 + 1765 + stack.now = random_get_entropy(); 1766 + 1767 + /* Slow counter - or none. Don't even bother */ 1768 + if (stack.now == random_get_entropy()) 1769 + return; 1770 + 1771 + timer_setup_on_stack(&stack.timer, entropy_timer, 0); 1772 + while (!crng_ready()) { 1773 + if (!timer_pending(&stack.timer)) 1774 + mod_timer(&stack.timer, jiffies+1); 1775 + mix_pool_bytes(&input_pool, &stack.now, sizeof(stack.now)); 1776 + schedule(); 1777 + stack.now = random_get_entropy(); 1778 + } 1779 + 1780 + del_timer_sync(&stack.timer); 1781 + destroy_timer_on_stack(&stack.timer); 1782 + mix_pool_bytes(&input_pool, &stack.now, sizeof(stack.now)); 1783 + } 1784 + 1735 1785 /* 1736 1786 * Wait for the urandom pool to be seeded and thus guaranteed to supply 1737 1787 * cryptographically secure random numbers. This applies to: the /dev/urandom ··· 1796 1746 { 1797 1747 if (likely(crng_ready())) 1798 1748 return 0; 1799 - return wait_event_interruptible(crng_init_wait, crng_ready()); 1749 + 1750 + do { 1751 + int ret; 1752 + ret = wait_event_interruptible_timeout(crng_init_wait, crng_ready(), HZ); 1753 + if (ret) 1754 + return ret > 0 ? 0 : ret; 1755 + 1756 + try_to_generate_entropy(); 1757 + } while (!crng_ready()); 1758 + 1759 + return 0; 1800 1760 } 1801 1761 EXPORT_SYMBOL(wait_for_random_bytes); 1802 1762
+3
fs/ext4/inode.c
··· 4551 4551 struct buffer_head *bh; 4552 4552 struct super_block *sb = inode->i_sb; 4553 4553 ext4_fsblk_t block; 4554 + struct blk_plug plug; 4554 4555 int inodes_per_block, inode_offset; 4555 4556 4556 4557 iloc->bh = NULL; ··· 4640 4639 * If we need to do any I/O, try to pre-readahead extra 4641 4640 * blocks from the inode table. 4642 4641 */ 4642 + blk_start_plug(&plug); 4643 4643 if (EXT4_SB(sb)->s_inode_readahead_blks) { 4644 4644 ext4_fsblk_t b, end, table; 4645 4645 unsigned num; ··· 4671 4669 get_bh(bh); 4672 4670 bh->b_end_io = end_buffer_read_sync; 4673 4671 submit_bh(REQ_OP_READ, REQ_META | REQ_PRIO, bh); 4672 + blk_finish_plug(&plug); 4674 4673 wait_on_buffer(bh); 4675 4674 if (!buffer_uptodate(bh)) { 4676 4675 EXT4_ERROR_INODE_BLOCK(inode, block,