[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 10 Oct 2010 10:57:54 +0200
From: Eric Dumazet <eric.dumazet@...il.com>
To: Patrick Simmons <linuxrocks123@...scape.net>
Cc: David Miller <davem@...emloft.net>, bhutchings@...arflare.com,
netdev@...r.kernel.org
Subject: Re: [PATCH] Add IRQF_SAMPLE_RANDOM Flag to forcedeth
Le samedi 09 octobre 2010 à 21:23 -0600, Patrick Simmons a écrit :
> On 10/09/10 21:15, David Miller wrote:
> > From: Ben Hutchings<bhutchings@...arflare.com>
> > Date: Sun, 10 Oct 2010 02:09:24 +0100
> >
> >> Patrick Simmons wrote:
> >>> This patch adds the IRQF_SAMPLE_RANDOM flag to the forcedeth driver,
> >>> allowing the interrupt timing for forcedeth to be used for entropy
> >>> generation. This should help /dev/random generate more secure random
> >>> numbers on machines using this driver.
> >> [...]
> >>
> >> We don't enable this for network drivers any more because:
> >>
> >> 1. At high packet rates, interrupt moderation makes interrupts very
> >> regular.
> >> 2. At low packet rates, a malicious sender can control the interrupt
> >> timing.
> >
> > Agreed on all counts, I'm not applying this patch.
>
> It's enabled for other network drivers, which is where I got the idea
> from. Has anyone actually done an experiment to see whether these two
> concerns are valid?
Several attemps in the past tried to go into one direction or another
(Add the flag to some driver, then remove it from others)
Please read commit 9d9b8fb0e5ebf4b0398e579
http://lkml.org/lkml/2009/4/6/283
A third reason not adding is : At moderate packet rates, _no_ entropy is
feeded at all because add_interrupt_randomness()/add_timer_randomness is
_very_ conservative, with first, second-order and third-order estimates.
credit_entropy_bits() is called with 0 bit
Adding this stuff has a high cost, I can see it in profiles on machines
with tg3 nics. I often remove the IRQF_SAMPLE_RANDOM flag localy.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists