From owner-freebsd-arch@FreeBSD.ORG Mon Mar 2 13:31:22 2015 Return-Path: Delivered-To: arch@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A7C5F491 for ; Mon, 2 Mar 2015 13:31:22 +0000 (UTC) Received: from work.netasq.com (gwlille.netasq.com [91.212.116.1]) by mx1.freebsd.org (Postfix) with ESMTP id 6A4A680A for ; Mon, 2 Mar 2015 13:31:21 +0000 (UTC) Received: from work.netasq.com (localhost.localdomain [127.0.0.1]) by work.netasq.com (Postfix) with ESMTP id D3D47270087E; Mon, 2 Mar 2015 14:31:13 +0100 (CET) Received: from localhost (localhost.localdomain [127.0.0.1]) by work.netasq.com (Postfix) with ESMTP id A07752700964; Mon, 2 Mar 2015 14:31:13 +0100 (CET) Received: from work.netasq.com ([127.0.0.1]) by localhost (work.netasq.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 96OPZqbf4xhJ; Mon, 2 Mar 2015 14:31:13 +0100 (CET) Received: from work.netasq.com (localhost.localdomain [127.0.0.1]) by work.netasq.com (Postfix) with ESMTP id 7135E270087E; Mon, 2 Mar 2015 14:31:13 +0100 (CET) Date: Mon, 2 Mar 2015 14:31:13 +0100 (CET) From: Emeric POUPON To: John-Mark Gurney Message-ID: <1824482166.23183751.1425303073196.JavaMail.zimbra@stormshield.eu> In-Reply-To: <20150224012026.GY46794@funkthat.com> References: <20150224012026.GY46794@funkthat.com> Subject: Re: locks and kernel randomness... MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Thread-Topic: locks and kernel randomness... Thread-Index: gLAKh9vz8YZYTxIQs0bz3dppjgAUkQ== Cc: arch@FreeBSD.org X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Mar 2015 13:31:22 -0000 Hello, About arc4random, we have noticed significant contention in that function o= n multi CPU systems when ciphering a lot of packets in the IPsec stack.=20 This is indeed due to the mutex that is being used in the arc4rand function= . Actually randomness is required by the IV used in the forged output packets= . However, making a separate random generator per CPU might be more complicat= ed than expected. The RFC 6027 (http://www.ietf.org/rfc/rfc6027.txt) reminds that the IV must= not be repeated : --- 3.7.1. Outbound SAs Using Counter Modes For SAs involving counter mode ciphers such as Counter Mode (CTR) ([RFC3686]) or Galois/Counter Mode (GCM) ([RFC4106]) there is yet another complication. The initial vector for such modes MUST NOT be repeated, and senders use methods such as counters or linear feedback shift registers (LFSRs) to ensure this [...] --- What do you think? Emeric Poupon ----- Mail original ----- De: "John-Mark Gurney" =C3=80: arch@FreeBSD.org Envoy=C3=A9: Mardi 24 F=C3=A9vrier 2015 02:20:26 Objet: locks and kernel randomness... I'm working on simplifying kernel randomness interfaces. I would like to get read of all weak random generators, and this means replacing read_random and random(9) w/ effectively arc4rand(9) (to be replaced by ChaCha or Keccak in the future). The issue is that random(9) is called from any number of contexts, such as the scheduler. This makes locking a bit more interesting. Currently, both arc4rand(9) and yarrow/fortuna use a default mtx lock to protect their state. This obviously isn't compatible w/ the scheduler, and possibly other calling contexts. I have a patch[1] that unifies the random interface. It converts a few of the locks from mtx default to mtx spin to deal w/ this. If/when this is accepted, my next plan is to convert away from arc4rand, to either ChaCha or Keccak. I already have another patch that converts arc4rand and friends over to ChaCha. This patch does use PCPU data and sched_pin to help eliminate locks, but this does need more study. We could either do a restartable loop (but there might be too much state to safely do) or a critical section (though running chacha a bunch of times could have impact). [1] https://reviews.freebsd.org/D1956 --=20 John-Mark Gurney=09=09=09=09Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not." _______________________________________________ freebsd-arch@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-arch To unsubscribe, send any mail to "freebsd-arch-unsubscribe@freebsd.org"