linux/kernel/time
Willy Tarreau 3744741ada random32: add noise from network and scheduling activity
With the removal of the interrupt perturbations in previous random32
change (random32: make prandom_u32() output unpredictable), the PRNG
has become 100% deterministic again. While SipHash is expected to be
way more robust against brute force than the previous Tausworthe LFSR,
there's still the risk that whoever has even one temporary access to
the PRNG's internal state is able to predict all subsequent draws till
the next reseed (roughly every minute). This may happen through a side
channel attack or any data leak.

This patch restores the spirit of commit f227e3ec3b ("random32: update
the net random state on interrupt and activity") in that it will perturb
the internal PRNG's statee using externally collected noise, except that
it will not pick that noise from the random pool's bits nor upon
interrupt, but will rather combine a few elements along the Tx path
that are collectively hard to predict, such as dev, skb and txq
pointers, packet length and jiffies values. These ones are combined
using a single round of SipHash into a single long variable that is
mixed with the net_rand_state upon each invocation.

The operation was inlined because it produces very small and efficient
code, typically 3 xor, 2 add and 2 rol. The performance was measured
to be the same (even very slightly better) than before the switch to
SipHash; on a 6-core 12-thread Core i7-8700k equipped with a 40G NIC
(i40e), the connection rate dropped from 556k/s to 555k/s while the
SYN cookie rate grew from 5.38 Mpps to 5.45 Mpps.

Link: https://lore.kernel.org/netdev/20200808152628.GA27941@SDF.ORG/
Cc: George Spelvin <lkml@sdf.org>
Cc: Amit Klein <aksecurity@gmail.com>
Cc: Eric Dumazet <edumazet@google.com>
Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Kees Cook <keescook@chromium.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: tytso@mit.edu
Cc: Florian Westphal <fw@strlen.de>
Cc: Marc Plumb <lkml.mplumb@gmail.com>
Tested-by: Sedat Dilek <sedat.dilek@gmail.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
2020-10-24 20:21:57 +02:00
..
alarmtimer.c alarmtimer: Convert comma to semicolon 2020-08-25 12:45:53 +02:00
clockevents.c tick: Remove outgoing CPU from broadcast masks 2019-03-23 18:26:43 +01:00
clocksource.c clocksource: Remove obsolete ifdef 2020-06-09 16:36:47 +02:00
hrtimer.c treewide: Make all debug_obj_descriptors const 2020-09-24 21:56:25 +02:00
itimer.c y2038: rename itimerval to __kernel_old_itimerval 2019-12-18 18:07:33 +01:00
jiffies.c timekeeping: Split jiffies seqlock 2020-03-21 16:00:23 +01:00
Kconfig posix-cpu-timers: Provide mechanisms to defer timer handling to task_work 2020-08-06 16:50:59 +02:00
Makefile ns: Introduce Time Namespace 2020-01-14 12:20:48 +01:00
namespace.c nsproxy: support CLONE_NEWTIME with setns() 2020-07-08 11:14:22 +02:00
ntp_internal.h ntp: Audit NTP parameters adjustment 2019-04-15 18:14:01 -04:00
ntp.c ntp/y2038: Remove incorrect time_t truncation 2019-11-12 08:13:44 +01:00
posix-clock.c posix-clocks: Rename the clock_get() callback to clock_get_timespec() 2020-01-14 12:20:49 +01:00
posix-cpu-timers.c posix-cpu-timers: Provide mechanisms to defer timer handling to task_work 2020-08-06 16:50:59 +02:00
posix-stubs.c posix-timers: Make clock_nanosleep() time namespace aware 2020-01-14 12:20:55 +01:00
posix-timers.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
posix-timers.h posix-clocks: Introduce clock_get_ktime() callback 2020-01-14 12:20:51 +01:00
sched_clock.c time/sched_clock: Use seqcount_latch_t 2020-09-10 11:19:29 +02:00
test_udelay.c time/debug: Remove license boilerplate 2018-11-23 11:51:21 +01:00
tick-broadcast-hrtimer.c tick: broadcast-hrtimer: Fix a race in bc_set_next 2019-09-27 14:45:55 +02:00
tick-broadcast.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
tick-common.c timekeeping: Split jiffies seqlock 2020-03-21 16:00:23 +01:00
tick-internal.h tick: Remove outgoing CPU from broadcast masks 2019-03-23 18:26:43 +01:00
tick-oneshot.c hrtimers/tick/clockevents: Remove sloppy license references 2018-11-23 11:51:21 +01:00
tick-sched.c tick-sched: Clarify "NOHZ: local_softirq_pending" warning 2020-08-24 18:38:32 -07:00
tick-sched.h tick/sched: Update tick_sched struct documentation 2019-03-24 20:29:32 +01:00
time.c y2038: remove unused time32 interfaces 2020-02-21 11:22:15 -08:00
timeconst.bc time: Add SPDX license identifiers 2018-11-23 11:51:20 +01:00
timeconv.c time: Add SPDX license identifiers 2018-11-23 11:51:20 +01:00
timecounter.c time: Remove license boilerplate 2018-11-23 11:51:21 +01:00
timekeeping_debug.c timekeeping/debug: No need to check return value of debugfs_create functions 2019-01-29 20:08:41 +01:00
timekeeping_internal.h timekeeping/vsyscall: Provide vdso_update_begin/end() 2020-08-06 10:57:30 +02:00
timekeeping.c These are the locking updates for v5.10: 2020-10-12 13:06:20 -07:00
timekeeping.h timekeeping: Split jiffies seqlock 2020-03-21 16:00:23 +01:00
timer_list.c timer_list: Guard procfs specific code 2019-06-23 00:08:52 +02:00
timer.c random32: add noise from network and scheduling activity 2020-10-24 20:21:57 +02:00
vsyscall.c timekeeping/vsyscall: Provide vdso_update_begin/end() 2020-08-06 10:57:30 +02:00