[PATCH v1 1/1] s390/arch_random: Buffer true random data

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The trng instruction is very expensive and has a constant runtime for
getting 0 to 32 bytes of (conditioned) true random data. Calling trng for
in arch_get_random_seed_long() for each 8 bytes is too time-consuming,
especially if it is called in interrupt context.

This implementation buffers the trng data and deliver parts of it to the
callers. This reduces the costs by factor 4.

Drop the implementation for arch_get_random_seed_int(), because there are
no callers.

Signed-off-by: Harald Freudenberger <freude@xxxxxxxxxxxxx>
Signed-off-by: Holger Dengler <dengler@xxxxxxxxxxxxx>
---
 arch/s390/crypto/arch_random.c     | 51 +++++++++++++++++++++++++++++-
 arch/s390/include/asm/archrandom.h | 17 ++++------
 2 files changed, 56 insertions(+), 12 deletions(-)

diff --git a/arch/s390/crypto/arch_random.c b/arch/s390/crypto/arch_random.c
index 1f2d40993c4d..07abd09ec759 100644
--- a/arch/s390/crypto/arch_random.c
+++ b/arch/s390/crypto/arch_random.c
@@ -2,17 +2,66 @@
 /*
  * s390 arch random implementation.
  *
- * Copyright IBM Corp. 2017, 2020
+ * Copyright IBM Corp. 2017, 2022
  * Author(s): Harald Freudenberger
+ *            Holger Dengler <dengler@xxxxxxxxxxxxx>
+ *
+ * The trng instruction on s390 is very expensive and has a constant runtime
+ * for up to 32 bytes. Each trng call will get 32 bytes of (conditioned) true
+ * random data, which are buffered in a lock-protected array and delivered to
+ * up to four callers. To avoid long running trng calls in the interrupt
+ * context, a refill is skipped there. Also prevent the blocking of callers in
+ * interrupt context by a refill.
  */
 
 #include <linux/kernel.h>
 #include <linux/atomic.h>
 #include <linux/random.h>
+#include <linux/spinlock.h>
 #include <linux/static_key.h>
 #include <asm/cpacf.h>
 
 DEFINE_STATIC_KEY_FALSE(s390_arch_random_available);
 
+static struct {
+	unsigned long data[BITS_TO_LONGS(32 * BITS_PER_BYTE)];
+	int idx;
+} trngbuf;
+static DEFINE_SPINLOCK(trngbuf_lock);
+
 atomic64_t s390_arch_random_counter = ATOMIC64_INIT(0);
 EXPORT_SYMBOL(s390_arch_random_counter);
+
+bool s390_get_random_seed_long(unsigned long *v)
+{
+	unsigned long flags;
+
+	if (in_interrupt()) {
+		if (!spin_trylock_irqsave(&trngbuf_lock, flags))
+			return false;
+	} else {
+		spin_lock_irqsave(&trngbuf_lock, flags);
+	}
+	/* trngbuf is locked */
+
+	if (--trngbuf.idx < 0) {
+		/* buffer empty */
+		if (in_interrupt()) {
+			/* delegate refill to another caller */
+			spin_unlock_irqrestore(&trngbuf_lock, flags);
+			return false;
+		}
+
+		/* refill buffer */
+		cpacf_trng(NULL, 0, (u8 *)trngbuf.data, sizeof(trngbuf.data));
+		trngbuf.idx = ARRAY_SIZE(trngbuf.data) - 1;
+	}
+
+	/* deliver buffered random data */
+	*v = trngbuf.data[trngbuf.idx];
+	spin_unlock_irqrestore(&trngbuf_lock, flags);
+
+	atomic64_add(sizeof(long), &s390_arch_random_counter);
+	return true;
+}
+EXPORT_SYMBOL(s390_get_random_seed_long);
diff --git a/arch/s390/include/asm/archrandom.h b/arch/s390/include/asm/archrandom.h
index 2c6e1c6ecbe7..a1e365de6b33 100644
--- a/arch/s390/include/asm/archrandom.h
+++ b/arch/s390/include/asm/archrandom.h
@@ -2,7 +2,7 @@
 /*
  * Kernel interface for the s390 arch_random_* functions
  *
- * Copyright IBM Corp. 2017, 2020
+ * Copyright IBM Corp. 2017, 2022
  *
  * Author: Harald Freudenberger <freude@xxxxxxxxxx>
  *
@@ -20,6 +20,8 @@
 DECLARE_STATIC_KEY_FALSE(s390_arch_random_available);
 extern atomic64_t s390_arch_random_counter;
 
+bool s390_get_random_seed_long(unsigned long *v);
+
 static inline bool __must_check arch_get_random_long(unsigned long *v)
 {
 	return false;
@@ -32,21 +34,14 @@ static inline bool __must_check arch_get_random_int(unsigned int *v)
 
 static inline bool __must_check arch_get_random_seed_long(unsigned long *v)
 {
-	if (static_branch_likely(&s390_arch_random_available)) {
-		cpacf_trng(NULL, 0, (u8 *)v, sizeof(*v));
-		atomic64_add(sizeof(*v), &s390_arch_random_counter);
-		return true;
-	}
+	if (static_branch_likely(&s390_arch_random_available))
+		return s390_get_random_seed_long(v);
+
 	return false;
 }
 
 static inline bool __must_check arch_get_random_seed_int(unsigned int *v)
 {
-	if (static_branch_likely(&s390_arch_random_available)) {
-		cpacf_trng(NULL, 0, (u8 *)v, sizeof(*v));
-		atomic64_add(sizeof(*v), &s390_arch_random_counter);
-		return true;
-	}
 	return false;
 }
 
-- 
2.36.1




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux