On Fri, 2012-07-06 at 18:44 -0400, Theodore Ts'o wrote: > We've been moving away from add_interrupt_randomness() for various > reasons: it's too expensive to do on every interrupt, and flooding the > CPU with interrupts could theoretically cause bogus floods of entropy > from a somewhat externally controllable source. > > This solves both problems by limiting the actual randomness addition > to just once a second or after 128 interrupts, whicever comes first.
Seems to be once per 64 interrupts. add_interrupt_randomness() calls fast_mix() with nbytes = 20, so it increments fast_pool->count by 20. add_interrupt_randomness() returns early if (fast_pool->count & 255), and 64 * 20 == 0x500. [...] > +static void fast_mix(struct fast_pool *f, const void *in, int nbytes) > +{ > + const char *bytes = in; > + __u32 w; > + unsigned i = f->count; > + unsigned input_rotate = f->rotate; > + > + while (nbytes--) { > + w = rol32(*bytes++, input_rotate & 31) ^ f->pool[i & 3] ^ > + f->pool[(i + 1) & 3]; > + f->pool[i & 3] = (w >> 3) ^ twist_table[w & 7]; > + input_rotate += (i++ & 3) ? 7 : 14; > + } > + f->count = i; > + f->rotate = input_rotate; > +} [...] This seems like a comparatively expensive operation to add to every interrupt. :-/ Ben. -- Ben Hutchings Life would be so much easier if we could look at the source code.
signature.asc
Description: This is a digitally signed message part