random: drop trickle mode

The add_timer_randomness() used to drop into trickle mode when entropy pool was estimated to be 87.5% full. This was important when add_timer_randomness() was used to sample interrupts. It's not used for this any more --- add_interrupt_randomness() now uses fast_mix() instead. By elimitating trickle mode, it allows us to fully utilize entropy provided by add_input_randomness() and add_disk_randomness() even when the input pool is above the old trickle threshold of 87.5%. This helps to answer the criticism in [1] in their hypothetical scenario where our entropy estimator was inaccurate, even though the measurements in [2] seem to indicate that our entropy estimator given real-life entropy collection is actually pretty good, albeit on the conservative side (which was as it was designed). [1] http://eprint.iacr.org/2013/338.pdf [2] http://eprint.iacr.org/2012/251.pdf Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
author: Theodore Ts'o <tytso@mit.edu> 2013-10-02 21:10:35 -0400
committer: Theodore Ts'o <tytso@mit.edu> 2013-10-10 14:32:21 -0400
commit: 95b709b6be49e4ff3933ef6a5b5e623de2713a71 (patch)
tree: 29d560bdef37bafaf732900ec3f14380e4ec0d70 /drivers/char/random.c
parent: 6e9fa2c8a630e6d0882828012431038abce285b9 (diff)
1 files changed, 2 insertions, 17 deletions
diff --git a/drivers/char/random.c b/drivers/char/random.c
index 7ae7ea65da68..6da3f250804c 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -282,10 +282,8 @@
 #define LONGS(x) (((x) + sizeof(unsigned long) - 1)/sizeof(unsigned long))
 /*
- * To allow fractional bits to be tracked, the following fields contain
+ * To allow fractional bits to be tracked, the entropy_count field is
- * this many fractional bits:
+ * denominated in units of 1/8th bits.
- *
- * entropy_count, trickle_thresh
 *
 * 2*(ENTROPY_SHIFT + log2(poolbits)) must <= 31, or the multiply in
 * credit_entropy_bits() needs to be 64 bits wide.
@@ -314,14 +312,6 @@ static int random_write_wakeup_thresh = 128;
 static int random_min_urandom_seed = 60;
 /*
- * When the input pool goes over trickle_thresh, start dropping most
- * samples to avoid wasting CPU time and reduce lock contention.
- */
-static const int trickle_thresh = (INPUT_POOL_WORDS * 28) << ENTROPY_SHIFT;
-static DEFINE_PER_CPU(int, trickle_count);
-/*
 * Originally, we used a primitive polynomial of degree .poolwords
 * over GF(2).  The taps for various sizes are defined below.  They
 * were chosen to be evenly spaced except for the last tap, which is 1
@@ -755,10 +745,6 @@ static void add_timer_randomness(struct timer_rand_state *state, unsigned num)
        long delta, delta2, delta3;
        preempt_disable();
-        /* if over the trickle threshold, use only 1 in 4096 samples */
-        if (ENTROPY_BITS(&input_pool) > trickle_thresh &&
-            ((__this_cpu_inc_return(trickle_count) - 1) & 0xfff))
-                goto out;
        sample.jiffies = jiffies;
        sample.cycles = random_get_entropy();
@@ -800,7 +786,6 @@ static void add_timer_randomness(struct timer_rand_state *state, unsigned num)
                credit_entropy_bits(&input_pool,
                                    min_t(int, fls(delta>>1), 11));
        }
-out:
        preempt_enable();
 }
author	Theodore Ts'o <tytso@mit.edu>	2013-10-02 21:10:35 -0400
committer	Theodore Ts'o <tytso@mit.edu>	2013-10-10 14:32:21 -0400
commit	95b709b6be49e4ff3933ef6a5b5e623de2713a71 (patch)
tree	29d560bdef37bafaf732900ec3f14380e4ec0d70 /drivers/char/random.c
parent	6e9fa2c8a630e6d0882828012431038abce285b9 (diff)