提交 91ec0fe1 编写于 作者: J Jason A. Donenfeld

random: cleanup poolinfo abstraction

Now that we're only using one polynomial, we can cleanup its
representation into constants, instead of passing around pointers
dynamically to select different polynomials. This improves the codegen
and makes the code a bit more straightforward.
Reviewed-by: NDominik Brodowski <linux@dominikbrodowski.net>
Signed-off-by: NJason A. Donenfeld <Jason@zx2c4.com>
上级 c0a8a61e
...@@ -430,14 +430,20 @@ static int random_write_wakeup_bits = 28 * OUTPUT_POOL_WORDS; ...@@ -430,14 +430,20 @@ static int random_write_wakeup_bits = 28 * OUTPUT_POOL_WORDS;
* polynomial which improves the resulting TGFSR polynomial to be * polynomial which improves the resulting TGFSR polynomial to be
* irreducible, which we have made here. * irreducible, which we have made here.
*/ */
static const struct poolinfo { enum poolinfo {
int poolbitshift, poolwords, poolbytes, poolfracbits; POOL_WORDS = 128,
#define S(x) ilog2(x)+5, (x), (x)*4, (x) << (ENTROPY_SHIFT+5) POOL_WORDMASK = POOL_WORDS - 1,
int tap1, tap2, tap3, tap4, tap5; POOL_BYTES = POOL_WORDS * sizeof(u32),
} poolinfo_table[] = { POOL_BITS = POOL_BYTES * 8,
/* was: x^128 + x^103 + x^76 + x^51 +x^25 + x + 1 */ POOL_BITSHIFT = ilog2(POOL_WORDS) + 5,
POOL_FRACBITS = POOL_WORDS << (ENTROPY_SHIFT + 5),
/* x^128 + x^104 + x^76 + x^51 +x^25 + x + 1 */ /* x^128 + x^104 + x^76 + x^51 +x^25 + x + 1 */
{ S(128), 104, 76, 51, 25, 1 }, POOL_TAP1 = 104,
POOL_TAP2 = 76,
POOL_TAP3 = 51,
POOL_TAP4 = 25,
POOL_TAP5 = 1
}; };
/* /*
...@@ -503,7 +509,6 @@ MODULE_PARM_DESC(ratelimit_disable, "Disable random ratelimit suppression"); ...@@ -503,7 +509,6 @@ MODULE_PARM_DESC(ratelimit_disable, "Disable random ratelimit suppression");
struct entropy_store; struct entropy_store;
struct entropy_store { struct entropy_store {
/* read-only data: */ /* read-only data: */
const struct poolinfo *poolinfo;
__u32 *pool; __u32 *pool;
const char *name; const char *name;
...@@ -525,7 +530,6 @@ static void crng_reseed(struct crng_state *crng, struct entropy_store *r); ...@@ -525,7 +530,6 @@ static void crng_reseed(struct crng_state *crng, struct entropy_store *r);
static __u32 input_pool_data[INPUT_POOL_WORDS] __latent_entropy; static __u32 input_pool_data[INPUT_POOL_WORDS] __latent_entropy;
static struct entropy_store input_pool = { static struct entropy_store input_pool = {
.poolinfo = &poolinfo_table[0],
.name = "input", .name = "input",
.lock = __SPIN_LOCK_UNLOCKED(input_pool.lock), .lock = __SPIN_LOCK_UNLOCKED(input_pool.lock),
.pool = input_pool_data .pool = input_pool_data
...@@ -548,33 +552,26 @@ static __u32 const twist_table[8] = { ...@@ -548,33 +552,26 @@ static __u32 const twist_table[8] = {
static void _mix_pool_bytes(struct entropy_store *r, const void *in, static void _mix_pool_bytes(struct entropy_store *r, const void *in,
int nbytes) int nbytes)
{ {
unsigned long i, tap1, tap2, tap3, tap4, tap5; unsigned long i;
int input_rotate; int input_rotate;
int wordmask = r->poolinfo->poolwords - 1;
const unsigned char *bytes = in; const unsigned char *bytes = in;
__u32 w; __u32 w;
tap1 = r->poolinfo->tap1;
tap2 = r->poolinfo->tap2;
tap3 = r->poolinfo->tap3;
tap4 = r->poolinfo->tap4;
tap5 = r->poolinfo->tap5;
input_rotate = r->input_rotate; input_rotate = r->input_rotate;
i = r->add_ptr; i = r->add_ptr;
/* mix one byte at a time to simplify size handling and churn faster */ /* mix one byte at a time to simplify size handling and churn faster */
while (nbytes--) { while (nbytes--) {
w = rol32(*bytes++, input_rotate); w = rol32(*bytes++, input_rotate);
i = (i - 1) & wordmask; i = (i - 1) & POOL_WORDMASK;
/* XOR in the various taps */ /* XOR in the various taps */
w ^= r->pool[i]; w ^= r->pool[i];
w ^= r->pool[(i + tap1) & wordmask]; w ^= r->pool[(i + POOL_TAP1) & POOL_WORDMASK];
w ^= r->pool[(i + tap2) & wordmask]; w ^= r->pool[(i + POOL_TAP2) & POOL_WORDMASK];
w ^= r->pool[(i + tap3) & wordmask]; w ^= r->pool[(i + POOL_TAP3) & POOL_WORDMASK];
w ^= r->pool[(i + tap4) & wordmask]; w ^= r->pool[(i + POOL_TAP4) & POOL_WORDMASK];
w ^= r->pool[(i + tap5) & wordmask]; w ^= r->pool[(i + POOL_TAP5) & POOL_WORDMASK];
/* Mix the result back in with a twist */ /* Mix the result back in with a twist */
r->pool[i] = (w >> 3) ^ twist_table[w & 7]; r->pool[i] = (w >> 3) ^ twist_table[w & 7];
...@@ -672,7 +669,6 @@ static void process_random_ready_list(void) ...@@ -672,7 +669,6 @@ static void process_random_ready_list(void)
static void credit_entropy_bits(struct entropy_store *r, int nbits) static void credit_entropy_bits(struct entropy_store *r, int nbits)
{ {
int entropy_count, orig; int entropy_count, orig;
const int pool_size = r->poolinfo->poolfracbits;
int nfrac = nbits << ENTROPY_SHIFT; int nfrac = nbits << ENTROPY_SHIFT;
if (!nbits) if (!nbits)
...@@ -706,25 +702,25 @@ static void credit_entropy_bits(struct entropy_store *r, int nbits) ...@@ -706,25 +702,25 @@ static void credit_entropy_bits(struct entropy_store *r, int nbits)
* turns no matter how large nbits is. * turns no matter how large nbits is.
*/ */
int pnfrac = nfrac; int pnfrac = nfrac;
const int s = r->poolinfo->poolbitshift + ENTROPY_SHIFT + 2; const int s = POOL_BITSHIFT + ENTROPY_SHIFT + 2;
/* The +2 corresponds to the /4 in the denominator */ /* The +2 corresponds to the /4 in the denominator */
do { do {
unsigned int anfrac = min(pnfrac, pool_size/2); unsigned int anfrac = min(pnfrac, POOL_FRACBITS/2);
unsigned int add = unsigned int add =
((pool_size - entropy_count)*anfrac*3) >> s; ((POOL_FRACBITS - entropy_count)*anfrac*3) >> s;
entropy_count += add; entropy_count += add;
pnfrac -= anfrac; pnfrac -= anfrac;
} while (unlikely(entropy_count < pool_size-2 && pnfrac)); } while (unlikely(entropy_count < POOL_FRACBITS-2 && pnfrac));
} }
if (WARN_ON(entropy_count < 0)) { if (WARN_ON(entropy_count < 0)) {
pr_warn("negative entropy/overflow: pool %s count %d\n", pr_warn("negative entropy/overflow: pool %s count %d\n",
r->name, entropy_count); r->name, entropy_count);
entropy_count = 0; entropy_count = 0;
} else if (entropy_count > pool_size) } else if (entropy_count > POOL_FRACBITS)
entropy_count = pool_size; entropy_count = POOL_FRACBITS;
if (cmpxchg(&r->entropy_count, orig, entropy_count) != orig) if (cmpxchg(&r->entropy_count, orig, entropy_count) != orig)
goto retry; goto retry;
...@@ -741,13 +737,11 @@ static void credit_entropy_bits(struct entropy_store *r, int nbits) ...@@ -741,13 +737,11 @@ static void credit_entropy_bits(struct entropy_store *r, int nbits)
static int credit_entropy_bits_safe(struct entropy_store *r, int nbits) static int credit_entropy_bits_safe(struct entropy_store *r, int nbits)
{ {
const int nbits_max = r->poolinfo->poolwords * 32;
if (nbits < 0) if (nbits < 0)
return -EINVAL; return -EINVAL;
/* Cap the value to avoid overflows */ /* Cap the value to avoid overflows */
nbits = min(nbits, nbits_max); nbits = min(nbits, POOL_BITS);
credit_entropy_bits(r, nbits); credit_entropy_bits(r, nbits);
return 0; return 0;
...@@ -1343,7 +1337,7 @@ static size_t account(struct entropy_store *r, size_t nbytes, int min, ...@@ -1343,7 +1337,7 @@ static size_t account(struct entropy_store *r, size_t nbytes, int min,
int entropy_count, orig, have_bytes; int entropy_count, orig, have_bytes;
size_t ibytes, nfrac; size_t ibytes, nfrac;
BUG_ON(r->entropy_count > r->poolinfo->poolfracbits); BUG_ON(r->entropy_count > POOL_FRACBITS);
/* Can we pull enough? */ /* Can we pull enough? */
retry: retry:
...@@ -1409,8 +1403,7 @@ static void extract_buf(struct entropy_store *r, __u8 *out) ...@@ -1409,8 +1403,7 @@ static void extract_buf(struct entropy_store *r, __u8 *out)
/* Generate a hash across the pool */ /* Generate a hash across the pool */
spin_lock_irqsave(&r->lock, flags); spin_lock_irqsave(&r->lock, flags);
blake2s_update(&state, (const u8 *)r->pool, blake2s_update(&state, (const u8 *)r->pool, POOL_BYTES);
r->poolinfo->poolwords * sizeof(*r->pool));
blake2s_final(&state, hash); /* final zeros out state */ blake2s_final(&state, hash); /* final zeros out state */
/* /*
...@@ -1766,7 +1759,7 @@ static void __init init_std_data(struct entropy_store *r) ...@@ -1766,7 +1759,7 @@ static void __init init_std_data(struct entropy_store *r)
unsigned long rv; unsigned long rv;
mix_pool_bytes(r, &now, sizeof(now)); mix_pool_bytes(r, &now, sizeof(now));
for (i = r->poolinfo->poolbytes; i > 0; i -= sizeof(rv)) { for (i = POOL_BYTES; i > 0; i -= sizeof(rv)) {
if (!arch_get_random_seed_long(&rv) && if (!arch_get_random_seed_long(&rv) &&
!arch_get_random_long(&rv)) !arch_get_random_long(&rv))
rv = random_get_entropy(); rv = random_get_entropy();
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册