From: "Mattias Rönnblom" <hofors@lysator.liu.se>
To: Stephen Hemminger <stephen@networkplumber.org>
Cc: "Shunzhi Wen" <shunzhi.wen@arm.com>,
"Thomas Monjalon" <thomas@monjalon.net>,
"Mattias Rönnblom" <mattias.ronnblom@ericsson.com>,
"Ruifeng Wang" <ruifeng.wang@arm.com>,
"Bruce Richardson" <bruce.richardson@intel.com>,
"Tyler Retzlaff" <roretzla@linux.microsoft.com>,
"Min Zhou" <zhoumin@loongson.cn>,
"David Christensen" <drc@linux.ibm.com>,
"Stanislaw Kardach" <stanislaw.kardach@gmail.com>,
"Konstantin Ananyev" <konstantin.v.ananyev@yandex.ru>,
dev@dpdk.org, nd@arm.com,
"Wathsala Vithanage" <wathsala.vithanage@arm.com>,
"Jack Bond-Preston" <jack.bond-preston@arm.com>,
"Dhruv Tripathi" <dhruv.tripathi@arm.com>
Subject: Re: [PATCH] eal: add support for TRNG with Arm RNG feature
Date: Wed, 24 Jul 2024 21:14:30 +0200 [thread overview]
Message-ID: <02097e5b-1c04-4e02-a3d7-e8d0df1e3308@lysator.liu.se> (raw)
In-Reply-To: <20240724091620.11ce8c38@hermes.local>
On 2024-07-24 18:16, Stephen Hemminger wrote:
<snip>
>>>> > +/**
>>>> > + * Get a true random value.
>>>> > + *
>>>> > + * The generator is cryptographically secure.
>>>>
>>>> If you want to extend <rte_random.h> with a cryptographically secure
>>>> random number generator, that's fine.
>>>>
>>>> To have an API that's only available on certain ARM CPUs is not.
>>>>
>>>> NAK
>>>>
>>>> A new function should be called something with "secure", rather than
>>>> "true" (which is a bit silly, since we might well live in a completely
>>>> deterministic universe). "secure" would more clearly communicate the
>>>> intent, and also doesn't imply any particular implementation.
>>>
>>> Agree, with Mattias. What constitutes a secure random number generator
>>> is a matter of much debate. Most of the HW random generators are taking
>>> diode (Schottky noise) and doing transforms on it to get something uniform.
>>>
>>> If a key generation type API was added, why not just use existing and more
>>> researched kernel get_random()?
>>>
>>
>> Ideally, you want to avoid system calls on lcore workers doing packet
>> processing. If you have to do system calls (which I believe is the case
>> here), it's better to a simple call, not so often.
>>
>> getentropy() seems to need about 800 core clock cycles on my x86_64, on
>> average. (rte_rand() needs ~11 cc/call.) 800 cc is not too horrible, but
>> system calls tend to have some pretty bad tail latencies.
>>
>> To improve efficiency, one could do a getentropy() on a relatively large
>> buffer, and cache the result on a per-lcore basis, amortizing the system
>> call overhead over many calls.
>>
>> You still have the tail latency issue to deal with. We could have a
>> control thread providing entropy for the lcores, but that seems like
>> massive overkill.
>
>
> Getrandom is a vsyscall on current kernels, and it manages use of entropy across
> multiple sources. If you are doing lots of key generation, you don't want to
> hit the hardware every time.
>
> https://lwn.net/Articles/974468/
>
>
If I understand things correctly, the getrandom() vDSO support was
mainlined *today*, so you need to be current indeed to have a vDSO
getrandom(). :)
The above benchmark (rand_perf_autotest with rte_rand() implemented with
getentropy()) was run on Linux 5.15 and glibc 2.35, so a regular system
call was used.
(getentropy() delegates to getrandom(), so the performance is the same.)
next prev parent reply other threads:[~2024-07-24 19:14 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-23 21:27 Shunzhi Wen
2024-07-24 6:40 ` Mattias Rönnblom
2024-07-24 14:35 ` Stephen Hemminger
2024-07-24 15:07 ` Mattias Rönnblom
2024-07-24 16:16 ` Stephen Hemminger
2024-07-24 19:14 ` Mattias Rönnblom [this message]
2024-07-24 20:02 ` Stephen Hemminger
2024-07-25 4:48 ` Mattias Rönnblom
2024-07-25 14:56 ` Stephen Hemminger
2024-07-26 18:34 ` Shunzhi Wen
2024-07-26 19:00 ` Stephen Hemminger
2024-07-26 20:12 ` Wathsala Wathawana Vithanage
2024-07-26 22:33 ` Mattias Rönnblom
2024-07-27 15:45 ` Wathsala Wathawana Vithanage
2024-07-27 15:54 ` Stephen Hemminger
2024-07-27 22:27 ` Wathsala Wathawana Vithanage
2024-07-27 23:55 ` Stephen Hemminger
2024-07-28 6:46 ` Mattias Rönnblom
2024-07-29 4:48 ` Wathsala Wathawana Vithanage
2024-07-27 17:07 ` Mattias Rönnblom
2024-07-27 22:45 ` Wathsala Wathawana Vithanage
2024-07-28 6:42 ` Mattias Rönnblom
2024-07-28 15:52 ` Stephen Hemminger
2024-07-29 4:34 ` Wathsala Wathawana Vithanage
2024-07-29 6:34 ` Wathsala Wathawana Vithanage
2024-07-29 6:47 ` Mattias Rönnblom
2024-07-29 18:16 ` Wathsala Wathawana Vithanage
2024-07-29 18:31 ` Stephen Hemminger
2024-07-29 19:11 ` Mattias Rönnblom
2024-07-29 19:30 ` Morten Brørup
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=02097e5b-1c04-4e02-a3d7-e8d0df1e3308@lysator.liu.se \
--to=hofors@lysator.liu.se \
--cc=bruce.richardson@intel.com \
--cc=dev@dpdk.org \
--cc=dhruv.tripathi@arm.com \
--cc=drc@linux.ibm.com \
--cc=jack.bond-preston@arm.com \
--cc=konstantin.v.ananyev@yandex.ru \
--cc=mattias.ronnblom@ericsson.com \
--cc=nd@arm.com \
--cc=roretzla@linux.microsoft.com \
--cc=ruifeng.wang@arm.com \
--cc=shunzhi.wen@arm.com \
--cc=stanislaw.kardach@gmail.com \
--cc=stephen@networkplumber.org \
--cc=thomas@monjalon.net \
--cc=wathsala.vithanage@arm.com \
--cc=zhoumin@loongson.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).