CVS commit: src

To: source-changes%NetBSD.org@localhost
Subject: CVS commit: src
From: "Taylor R Campbell" <riastradh%netbsd.org@localhost>
Date: Fri, 4 Aug 2023 07:38:53 +0000

Module Name:    src
Committed By:   riastradh
Date:           Fri Aug  4 07:38:53 UTC 2023

Modified Files:
        src/share/man/man9: rnd.9
        src/sys/dev/pci: hifn7751.c ubsec.c viornd.c
        src/sys/kern: kern_entropy.c subr_prf.c
        src/sys/sys: rndsource.h

Log Message:
entropy(9): Simplify stages.  Split interrupt vs non-interrupt paths.

- Nix the entropy stage (cold, warm, hot).  Just use the usual kernel
  `cold' (cold: single-core, single-thread; interrupts may happen),
  and don't make any three-way distinction about whether interrupts
  or threads or other CPUs can be running.

  Instead, while cold, use splhigh/splx or forbid paths to come from
  interrupt context, and while warm, use mutex or the per-CPU hard
  and soft interrupt paths for low latency.  This comes at a small
  cost to some interrupt latency, since we may stir the pool in
  interrupt context -- but only for a very short window early at boot
  between configure and configure2, so it's hard to imagine it
  matters much.

- Allow rnd_add_uint32 to run in hard interrupt context or with spin
  locks held, but defer processing to softint and drop samples on the
  floor if buffer is full.  This is mainly used for cheaply tossing
  samples from drivers for non-HWRNG devices into the entropy pool,
  so it is often used from interrupt context and/or under spin locks.

- New rnd_add_data_intr provides the interrupt-like data entry path
  for arbitrary buffers and driver-specified entropy estimates: defer
  processing to softint and drop samples on the floor if buffer is
  full.

- Document that rnd_add_data is forbidden under spin locks outside
  interrupt context (will crash in LOCKDEBUG), and inadvisable in
  interrupt context (but technically permitted just in case there are
  compatibility issues for now); later we can forbid it altogether in
  interrupt context or under spin locks.

- Audit all uses of rnd_add_data to use rnd_add_data_intr where it
  might be used in interrupt context or under a spin lock.

This fixes a regression from last year when the global entropy lock
was changed from IPL_VM (spin) to IPL_SOFTSERIAL (adaptive).  Thought
I'd caught all the problems from that, but another one bit three
different people this week, presumably because of recent changes that
led to more non-HWRNG drivers entering the entropy consolidation
path from rnd_add_uint32.

In my attempt to preserve the rnd(9) API for the (now long-since
abandoned) prospect of pullup to netbsd-9 in my rewrite of the
entropy subsystem in 2020, I didn't introduce a separate entry point
for entering entropy from interrupt context or equivalent, i.e., spin
locks held, and instead made rnd_add_data rely on cpu_intr_p() to
decide whether to process the whole sample under a lock or only take
as much as there's buffer space for before scheduling a softint.  In
retrospect, that was a mistake (though perhaps not as much of a
mistake as other entropy API decisions...), a mistake which is
finally getting rectified now by rnd_add_data_intr.

XXX pullup-10


To generate a diff of this commit:
cvs rdiff -u -r1.31 -r1.32 src/share/man/man9/rnd.9
cvs rdiff -u -r1.81 -r1.82 src/sys/dev/pci/hifn7751.c
cvs rdiff -u -r1.63 -r1.64 src/sys/dev/pci/ubsec.c
cvs rdiff -u -r1.21 -r1.22 src/sys/dev/pci/viornd.c
cvs rdiff -u -r1.62 -r1.63 src/sys/kern/kern_entropy.c
cvs rdiff -u -r1.201 -r1.202 src/sys/kern/subr_prf.c
cvs rdiff -u -r1.9 -r1.10 src/sys/sys/rndsource.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: src/sys/arch/i386/stand/lib
Next by Date: CVS commit: src/sys/kern
Previous by Thread: CVS commit: src/sys/arch/i386/stand/lib
Next by Thread: CVS commit: src/sys/kern
Indexes:

Home | Main Index | Thread Index | Old Index