Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 23 Feb 2015 18:21:35 -0800
From:      Harrison Grundy <harrison.grundy@astrodoggroup.com>
To:        freebsd-arch@freebsd.org
Subject:   Re: locks and kernel randomness...
Message-ID:  <54EBE02F.5070705@astrodoggroup.com>
In-Reply-To: <20150224020902.GZ46794@funkthat.com>
References:  <20150224012026.GY46794@funkthat.com> <20150224015721.GT74514@kib.kiev.ua> <20150224020902.GZ46794@funkthat.com>

next in thread | previous in thread | raw e-mail | index | archive | help


On 02/23/15 18:09, John-Mark Gurney wrote:
> Konstantin Belousov wrote this message on Tue, Feb 24, 2015 at
> 03:57 +0200:
>> On Mon, Feb 23, 2015 at 05:20:26PM -0800, John-Mark Gurney
>> wrote:
>>> I'm working on simplifying kernel randomness interfaces.  I
>>> would like to get read of all weak random generators, and this
>>> means replacing read_random and random(9) w/ effectively
>>> arc4rand(9) (to be replaced by ChaCha or Keccak in the
>>> future).
>>> 
>>> The issue is that random(9) is called from any number of
>>> contexts, such as the scheduler.  This makes locking a bit more
>>> interesting.  Currently, both arc4rand(9) and yarrow/fortuna
>>> use a default mtx lock to protect their state.  This obviously
>>> isn't compatible w/ the scheduler, and possibly other calling
>>> contexts.
>>> 
>>> I have a patch[1] that unifies the random interface.  It
>>> converts a few of the locks from mtx default to mtx spin to
>>> deal w/ this.
>> This is definitely an overkill. The rebalancing minor use of
>> randomness absolutely does not require cryptographical-strenght
>> randomness to select a moment to rebalance thread queue. Imposing
>> the spin lock on the whole random machinery just to allow the
>> same random gathering code to be used for balance_ticks is
>> detriment to the system responsivness. Scheduler is fine even
>> with congruential generators, as you could see in the
>> cpu_search(), look for the '69069'.
> 
> Then why doesn't it use this then?  This is exactly why I don't
> want random to be a congruential generator... If you're so sure
> that you don't need cryptographic secure and that it's a
> performance benefit to do so, then you're free to roll your own,
> but almost all of the time, code won't meet both requirements.
> 
> I haven't audited all the places where random is currently being
> called that might require not sleeping.  The scheduler happens to
> be the first one I ran into...
> 
>> Please do not enforce yet another spinlock for the system.
> 
> I sent this email asking for help for how to avoid a spin lock.
> I'd appreciate if you could suggest how to improve my patch.
> 
> Thanks.
> 

It seems to me that "random()" *should* return truly cryptographic
randomness, while some other cheap mechanism (say randomish() or
notrandom()), that explicitly isn't of cryptographic quality should be
used for cases where "Sort of random" is good enough.

This way, developers can actually decide which one they're going to
use and where it's worth the performance cost to get real randomness.
The scheduler doesn't happen to meet the latter case, so it's probably
not a great example case and should be treated differently.

--- Harrison



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54EBE02F.5070705>