On Fri, 2012-07-06 at 18:44 -0400, Theodore Ts'o wrote: > We've been moving away from add_interrupt_randomness() for various > reasons: it's too expensive to do on every interrupt, and flooding the > CPU with interrupts could theoretically cause bogus floods of entropy > from a somewhat externally controllable source. > > This solves both problems by limiting the actual randomness addition > to just once a second or after 128 interrupts, whicever comes first.
Seems to be once per 64 interrupts. add_interrupt_randomness() calls
fast_mix() with nbytes = 20, so it increments fast_pool->count by 20.
add_interrupt_randomness() returns early if (fast_pool->count & 255),
and 64 * 20 == 0x500.
[...]
> +static void fast_mix(struct fast_pool *f, const void *in, int nbytes)
> +{
> + const char *bytes = in;
> + __u32 w;
> + unsigned i = f->count;
> + unsigned input_rotate = f->rotate;
> +
> + while (nbytes--) {
> + w = rol32(*bytes++, input_rotate & 31) ^ f->pool[i & 3] ^
> + f->pool[(i + 1) & 3];
> + f->pool[i & 3] = (w >> 3) ^ twist_table[w & 7];
> + input_rotate += (i++ & 3) ? 7 : 14;
> + }
> + f->count = i;
> + f->rotate = input_rotate;
> +}
[...]
This seems like a comparatively expensive operation to add to every
interrupt. :-/
Ben.
--
Ben Hutchings
Life would be so much easier if we could look at the source code.
signature.asc
Description: This is a digitally signed message part
