From owner-freebsd-arch@FreeBSD.ORG Tue Feb 24 14:56:34 2015 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 04726BFD for ; Tue, 24 Feb 2015 14:56:34 +0000 (UTC) Received: from mail-pd0-f177.google.com (mail-pd0-f177.google.com [209.85.192.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C7C053EA for ; Tue, 24 Feb 2015 14:56:33 +0000 (UTC) Received: by pdbfl12 with SMTP id fl12so33876792pdb.2 for ; Tue, 24 Feb 2015 06:56:26 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:sender:content-type:mime-version:subject:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to; bh=qd2rJu/hVVb/0fXWErgCPKWobS+HXNHUWrUalW7+5Vk=; b=Bifx7ZCsYpGcS75KbCWDzuIaQ+R+BZ+k0D4Sc9QW3yCEUl0yZ7vrT2FzI7DwibWGJy V9hQ3gsQQHSxEO9wAzyfLyEhdB0KVtPQlUzSeNgwv36GAfx3GeaS1Hh0l8HVAdmxGgIY mWyihjLtu+WQy7UkBQfe/ucTSHQXADDlIrVy71jCVOsGqOWiViwuE21sO7ML+0t71kAG Mv+vNZqWJzgx3p9EWq6iGQ3rYJvXD9id75WfMHwuEotk9x2gHPwoND3tIOwoEmCD0b+q g+2vkU5zhHD5TOQmMGRJ3oryHTXU3QH+s5J46qomD2HpIYCl+hYc0m5eptwgplAgqEkj y79g== X-Gm-Message-State: ALoCoQmle8iXR5nU3o+t2xts49qQYtB0F/sVKTe59AHLAHCI6LhcM5JPd812MDoI7j9v6LSV5Nyw X-Received: by 10.70.41.161 with SMTP id g1mr25374574pdl.43.1424789786845; Tue, 24 Feb 2015 06:56:26 -0800 (PST) Received: from macintosh-3c0754232d17.corp.netflix.com ([69.53.236.236]) by mx.google.com with ESMTPSA id fc6sm9049022pab.6.2015.02.24.06.56.25 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 24 Feb 2015 06:56:26 -0800 (PST) Sender: Warner Losh Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\)) Subject: Re: locks and kernel randomness... From: Warner Losh In-Reply-To: <20150224024250.GV74514@kib.kiev.ua> Date: Tue, 24 Feb 2015 07:56:24 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: References: <20150224012026.GY46794@funkthat.com> <20150224015721.GT74514@kib.kiev.ua> <54EBDC1C.3060007@astrodoggroup.com> <20150224024250.GV74514@kib.kiev.ua> To: Konstantin Belousov X-Mailer: Apple Mail (2.2070.6) Cc: Harrison Grundy , freebsd-arch@freebsd.org X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2015 14:56:34 -0000 > On Feb 23, 2015, at 7:42 PM, Konstantin Belousov = wrote: >=20 > On Mon, Feb 23, 2015 at 06:04:12PM -0800, Harrison Grundy wrote: >>=20 >>=20 >> On 02/23/15 17:57, Konstantin Belousov wrote: >>> On Mon, Feb 23, 2015 at 05:20:26PM -0800, John-Mark Gurney wrote: >>>> I'm working on simplifying kernel randomness interfaces. I would >>>> like to get read of all weak random generators, and this means >>>> replacing read_random and random(9) w/ effectively arc4rand(9) >>>> (to be replaced by ChaCha or Keccak in the future). >>>>=20 >>>> The issue is that random(9) is called from any number of >>>> contexts, such as the scheduler. This makes locking a bit more >>>> interesting. Currently, both arc4rand(9) and yarrow/fortuna use >>>> a default mtx lock to protect their state. This obviously isn't >>>> compatible w/ the scheduler, and possibly other calling >>>> contexts. >>>>=20 >>>> I have a patch[1] that unifies the random interface. It converts >>>> a few of the locks from mtx default to mtx spin to deal w/ this. >>> This is definitely an overkill. The rebalancing minor use of >>> randomness absolutely does not require cryptographical-strenght >>> randomness to select a moment to rebalance thread queue. Imposing >>> the spin lock on the whole random machinery just to allow the same >>> random gathering code to be used for balance_ticks is detriment to >>> the system responsivness. Scheduler is fine even with congruential >>> generators, as you could see in the cpu_search(), look for the >>> '69069'. >>>=20 >>> Please do not enforce yet another spinlock for the system.=20 >>> _______________________________________________ >>=20 >> The patch attached to >> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D197922 switches >> sched_balance to use get_cyclecount, which is also a suitable source >> of entropy for this purpose. >>=20 >> It would also be possible to make the scheduler deterministic here, >> using cpuid or some such thing to make sure all CPUs don't fire the >> balancer at the same time. >>=20 >=20 > The patch in the PR is probably in the right direction, but might be = too > simple, unless somebody dispel my fallacy. I remember seeing claims = that > on the very low-end embedded devices the get_cyclecount() method may > be non-functional, i.e. returning some constant, probably 0. I somehow > associate MIPS arch with this bias. arm v4/v5 don=E2=80=99t have get_cyclecount() in hardware. It simply = doesn=E2=80=99t exist. However, this patch is only for SMP, which also isn=E2=80=99t available = on arm v4/v5 in our tree. MIPS=E2=80=99 get cycle count, though, has been defined since R4k days = and so much software depends on it, it would surprise me if that was eliminated to = save silicon. Then again, if you want to change random(), provide a weak_random() = that=E2=80=99s the traditional non-crypto thing that=E2=80=99s fast and lockless. That = would make it easy to audit in our tree. The scheduler doesn=E2=80=99t need cryptographic = randomness, it just needs to make different choices sometimes to ensure its notion of = fairness. Warner