This is the cleanup of the latest series of prandom_u32 experimentations consisting in using SipHash instead of Tausworthe to produce the randoms used by the network stack. The changes to the files were kept minimal, and the controversial commit that used to take noise from the fast_pool (f227e3ec3b5c) was reverted. Instead, a dedicated "net_rand_noise" per_cpu variable is fed from various sources of activities (networking, scheduling) to perturb the SipHash state using fast, non-trivially predictable data, instead of keeping it fully deterministic. The goal is essentially to make any occasional memory leakage or brute-force attempt useless.
The resulting code was verified to be very slightly faster on x86_64 than what is was with the controversial commit above, though this remains barely above measurement noise. It was only build-tested on arm & arm64. George Spelvin (1): random32: make prandom_u32() output unpredictable Willy Tarreau (1): random32: add noise from network and scheduling activity drivers/char/random.c | 1 - include/linux/prandom.h | 55 ++++- kernel/time/timer.c | 9 +- lib/random32.c | 438 ++++++++++++++++++++++++---------------- net/core/dev.c | 4 + 5 files changed, 326 insertions(+), 181 deletions(-) Cc: George Spelvin <l...@sdf.org> Cc: Amit Klein <aksecur...@gmail.com> Cc: Eric Dumazet <eduma...@google.com> Cc: "Jason A. Donenfeld" <ja...@zx2c4.com> Cc: Andy Lutomirski <l...@kernel.org> Cc: Kees Cook <keesc...@chromium.org> Cc: Thomas Gleixner <t...@linutronix.de> Cc: Peter Zijlstra <pet...@infradead.org> Cc: Linus Torvalds <torva...@linux-foundation.org> Cc: ty...@mit.edu Cc: Florian Westphal <f...@strlen.de> Cc: Marc Plumb <lkml.mpl...@gmail.com> Cc: Sedat Dilek <sedat.di...@gmail.com> -- 2.28.0
