From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pf1-x42a.google.com (mail-pf1-x42a.google.com [IPv6:2607:f8b0:4864:20::42a]) by sourceware.org (Postfix) with ESMTPS id AA1453858C50 for ; Tue, 29 Mar 2022 20:52:58 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org AA1453858C50 Received: by mail-pf1-x42a.google.com with SMTP id u22so16963775pfg.6 for ; Tue, 29 Mar 2022 13:52:58 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=SYpf2ggo92fPX9FQaBZIeKid6x4/VPLUuQ/KvT0EYFw=; b=3BhN1d8fy9X/vlfT+AcEp/GXNq7VZaHBdmCB4jmXoTHDpu8X7QMrEG+ZidaVrTmLB/ pxO/rEQltr73k3xq+0BqrzDO2hk7Ji0rj+eFjK9eEXk04Kw/u/tRX7ppGmM9B+yHwUEK 0gQ6nTpWsyznkg6hcYkkLeF3G4jZPhXUmTOoj/5ucNnFgF31q02y/VXwmaPU+smY7ej7 l38wrZjpuBsJNvgd9DxDgXxdQ1x1iaveV7pHUoy/gmypQYIDqBM2DxPz2dA8PsYr9k16 G4SCQoZ6iiCsOtPxX0PFkJXCCCl2TG3OU5XjcR+nehgtPBx1xwUpowwY2W5e7vpQvT3V AQdQ== X-Gm-Message-State: AOAM532JGIy8oACDXNOyFkxypOotwiVWNkQ6nk3c8ObjRwk1vA0AIC5k qVgGoVo1On4Bd8q84VHvwNbdOWE4eMTduEvc4SQ= X-Google-Smtp-Source: ABdhPJyJ0ETehr4ZUcjRyFfYLe0JsH04MFAS5IW7rVhlppwYrSV7+5btiSgoRhRqpNNHGWUe+jsdiIjEhbdJd3WZdZ4= X-Received: by 2002:a05:6a00:22d2:b0:4fa:9d26:bc5d with SMTP id f18-20020a056a0022d200b004fa9d26bc5dmr29793847pfj.79.1648587177351; Tue, 29 Mar 2022 13:52:57 -0700 (PDT) MIME-Version: 1.0 References: <20220328220936.2724834-1-goldstein.w.n@gmail.com> <1802122d-9160-8596-b22c-4c909df9a68d@linaro.org> In-Reply-To: <1802122d-9160-8596-b22c-4c909df9a68d@linaro.org> From: Noah Goldstein Date: Tue, 29 Mar 2022 15:52:46 -0500 Message-ID: Subject: Re: [PATCH v1 1/2] random-bits: Factor out entropy generating function To: Adhemerval Zanella Cc: "H.J. Lu" , GNU C Library Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-9.5 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Mar 2022 20:53:01 -0000 On Tue, Mar 29, 2022 at 3:44 PM Adhemerval Zanella wrote: > > > > On 29/03/2022 17:14, H.J. Lu wrote: > > On Tue, Mar 29, 2022 at 12:56 PM Noah Goldstein via Libc-alpha > > wrote: > >> > >> On Tue, Mar 29, 2022 at 2:51 PM Adhemerval Zanella > >> wrote: > >>> > >>> > >>> > >>> On 28/03/2022 19:09, Noah Goldstein via Libc-alpha wrote: > >>>> On some architectures `clock_gettime` is undesirable as > >>>> it may use a syscall or there may be a faster alternative. > >>>> Future architecture specific functions can be added in > >>>> sysdeps//random-bits-entropy.h to provide a version of > >>>> 'random_bits_entropy' that doesn't use 'clock_gettime'. > >>>> --- > >>>> include/random-bits.h | 16 ++++++-------- > >>>> sysdeps/generic/random-bits-entropy.h | 31 +++++++++++++++++++++++++++ > >>>> 2 files changed, 37 insertions(+), 10 deletions(-) > >>>> create mode 100644 sysdeps/generic/random-bits-entropy.h > >>>> > >>>> diff --git a/include/random-bits.h b/include/random-bits.h > >>>> index 17665b479a..016b87576c 100644 > >>>> --- a/include/random-bits.h > >>>> +++ b/include/random-bits.h > >>>> @@ -19,21 +19,17 @@ > >>>> #ifndef _RANDOM_BITS_H > >>>> # define _RANDOM_BITS_H > >>>> > >>>> -#include > >>>> -#include > >>>> +# include > >>>> +# include > >>>> > >>>> -/* Provides fast pseudo-random bits through clock_gettime. It has unspecified > >>>> - starting time, nano-second accuracy, its randomness is significantly better > >>>> - than gettimeofday, and for mostly architectures it is implemented through > >>>> - vDSO instead of a syscall. Since the source is a system clock, the upper > >>>> - bits will have less entropy. */ > >>>> +/* Provides fast pseudo-random bits through architecture specific > >>>> + random_bits_entropy. Expectation is source is some timing function so > >>>> + the upper bits have less entropy. */ > >>>> static inline uint32_t > >>>> random_bits (void) > >>>> { > >>>> - struct __timespec64 tv; > >>>> - __clock_gettime64 (CLOCK_MONOTONIC, &tv); > >>>> + uint32_t ret = random_bits_entropy (); > >>>> /* Shuffle the lower bits to minimize the clock bias. */ > >>>> - uint32_t ret = tv.tv_nsec ^ tv.tv_sec; > >>>> ret ^= (ret << 24) | (ret >> 8); > >>>> return ret; > >>>> } > >>> > >>> We already provide hp-timing.h, which uses rdtsc on x86 and clock_gettime on > >>> generic interface (and other high precision timing on other architectures). > >>> So I think a better way would be to: > >> > >> For x86/generic that works but other architectures also have hp-timing > >> implementations that might not be suitable for this (i.e there might be > >> an entropy regression). > > > > The default hp-timing.h has > > > > # define HP_TIMING_NOW(var) \ > > ({ \ > > struct __timespec64 tv; \ > > __clock_gettime64 (CLOCK_MONOTONIC, &tv); \ > > (var) = (tv.tv_nsec + UINT64_C(1000000000) * tv.tv_sec); \ > > }) > > > > It isn't the same as the current include/random-bits.h. > > Maybe refactor hp-timing.h to add a routine to get the system clock without > any adjustments? I don't have a strong preference here, but I take that > you are not aiming to use RDRAND or similar instruction, since you are > optimizing to latency. So I see that using hp-timing.h seems the best > approach, since it should work similar on different architectures (and > each one might disable if the entropy is not large enough). That would work. But we would still need to hardcode the random-bits needs in some cases. For example in generic we would still need to combine seconds and nanoseconds and ideally wouldn't use multiply for that. At that point it seems we are doing something logically different enough it would make more sense to just include in if it was appropriate for the architecture.