Module Name: src
Committed By: riastradh
Date: Fri Aug 4 07:38:53 UTC 2023
Modified Files:
src/share/man/man9: rnd.9
src/sys/dev/pci: hifn7751.c ubsec.c viornd.c
src/sys/kern: kern_entropy.c subr_prf.c
src/sys/sys: rndsource.h
Log Message:
entropy(9): Simplify stages. Split interrupt vs non-interrupt paths.
- Nix the entropy stage (cold, warm, hot). Just use the usual kernel
`cold' (cold: single-core, single-thread; interrupts may happen),
and don't make any three-way distinction about whether interrupts
or threads or other CPUs can be running.
Instead, while cold, use splhigh/splx or forbid paths to come from
interrupt context, and while warm, use mutex or the per-CPU hard
and soft interrupt paths for low latency. This comes at a small
cost to some interrupt latency, since we may stir the pool in
interrupt context -- but only for a very short window early at boot
between configure and configure2, so it's hard to imagine it
matters much.
- Allow rnd_add_uint32 to run in hard interrupt context or with spin
locks held, but defer processing to softint and drop samples on the
floor if buffer is full. This is mainly used for cheaply tossing
samples from drivers for non-HWRNG devices into the entropy pool,
so it is often used from interrupt context and/or under spin locks.
- New rnd_add_data_intr provides the interrupt-like data entry path
for arbitrary buffers and driver-specified entropy estimates: defer
processing to softint and drop samples on the floor if buffer is
full.
- Document that rnd_add_data is forbidden under spin locks outside
interrupt context (will crash in LOCKDEBUG), and inadvisable in
interrupt context (but technically permitted just in case there are
compatibility issues for now); later we can forbid it altogether in
interrupt context or under spin locks.
- Audit all uses of rnd_add_data to use rnd_add_data_intr where it
might be used in interrupt context or under a spin lock.
This fixes a regression from last year when the global entropy lock
was changed from IPL_VM (spin) to IPL_SOFTSERIAL (adaptive). Thought
I'd caught all the problems from that, but another one bit three
different people this week, presumably because of recent changes that
led to more non-HWRNG drivers entering the entropy consolidation
path from rnd_add_uint32.
In my attempt to preserve the rnd(9) API for the (now long-since
abandoned) prospect of pullup to netbsd-9 in my rewrite of the
entropy subsystem in 2020, I didn't introduce a separate entry point
for entering entropy from interrupt context or equivalent, i.e., spin
locks held, and instead made rnd_add_data rely on cpu_intr_p() to
decide whether to process the whole sample under a lock or only take
as much as there's buffer space for before scheduling a softint. In
retrospect, that was a mistake (though perhaps not as much of a
mistake as other entropy API decisions...), a mistake which is
finally getting rectified now by rnd_add_data_intr.
XXX pullup-10
To generate a diff of this commit:
cvs rdiff -u -r1.31 -r1.32 src/share/man/man9/rnd.9
cvs rdiff -u -r1.81 -r1.82 src/sys/dev/pci/hifn7751.c
cvs rdiff -u -r1.63 -r1.64 src/sys/dev/pci/ubsec.c
cvs rdiff -u -r1.21 -r1.22 src/sys/dev/pci/viornd.c
cvs rdiff -u -r1.62 -r1.63 src/sys/kern/kern_entropy.c
cvs rdiff -u -r1.201 -r1.202 src/sys/kern/subr_prf.c
cvs rdiff -u -r1.9 -r1.10 src/sys/sys/rndsource.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
