kernel_optimize_test/lib
Willy Tarreau 3744741ada random32: add noise from network and scheduling activity
With the removal of the interrupt perturbations in previous random32
change (random32: make prandom_u32() output unpredictable), the PRNG
has become 100% deterministic again. While SipHash is expected to be
way more robust against brute force than the previous Tausworthe LFSR,
there's still the risk that whoever has even one temporary access to
the PRNG's internal state is able to predict all subsequent draws till
the next reseed (roughly every minute). This may happen through a side
channel attack or any data leak.

This patch restores the spirit of commit f227e3ec3b ("random32: update
the net random state on interrupt and activity") in that it will perturb
the internal PRNG's statee using externally collected noise, except that
it will not pick that noise from the random pool's bits nor upon
interrupt, but will rather combine a few elements along the Tx path
that are collectively hard to predict, such as dev, skb and txq
pointers, packet length and jiffies values. These ones are combined
using a single round of SipHash into a single long variable that is
mixed with the net_rand_state upon each invocation.

The operation was inlined because it produces very small and efficient
code, typically 3 xor, 2 add and 2 rol. The performance was measured
to be the same (even very slightly better) than before the switch to
SipHash; on a 6-core 12-thread Core i7-8700k equipped with a 40G NIC
(i40e), the connection rate dropped from 556k/s to 555k/s while the
SYN cookie rate grew from 5.38 Mpps to 5.45 Mpps.

Link: https://lore.kernel.org/netdev/20200808152628.GA27941@SDF.ORG/
Cc: George Spelvin <lkml@sdf.org>
Cc: Amit Klein <aksecurity@gmail.com>
Cc: Eric Dumazet <edumazet@google.com>
Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Kees Cook <keescook@chromium.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: tytso@mit.edu
Cc: Florian Westphal <fw@strlen.de>
Cc: Marc Plumb <lkml.mplumb@gmail.com>
Tested-by: Sedat Dilek <sedat.dilek@gmail.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
2020-10-24 20:21:57 +02:00
..
842 kbuild: trace functions in subdirectories of lib/ 2020-08-10 01:32:59 +09:00
crypto crypto: lib/chacha20poly1305 - Set SG_MITER_ATOMIC unconditionally 2020-09-25 17:48:13 +10:00
dim lib: Revert use of fallthrough pseudo-keyword in lib/ 2020-08-24 14:17:44 -07:00
fonts drm fixes (round two) for 5.10-rc1 2020-10-23 13:56:34 -07:00
kunit linux-kselftest-kunit-5.10-rc1 2020-10-18 14:45:59 -07:00
livepatch Kbuild updates for v5.9 2020-08-09 14:10:26 -07:00
lz4 lz4: fix kernel decompression speed 2020-08-14 19:56:56 -07:00
lzo kbuild: trace functions in subdirectories of lib/ 2020-08-10 01:32:59 +09:00
math kernel.h: split out min()/max() et al. helpers 2020-10-16 11:11:19 -07:00
mpi lib/mpi/mpi-bit.c: fix spello of "functions" 2020-10-16 11:11:20 -07:00
pldmfw Add pldmfw library for PLDM firmware update 2020-07-28 17:07:06 -07:00
raid6 kbuild: trace functions in subdirectories of lib/ 2020-08-10 01:32:59 +09:00
reed_solomon kbuild: trace functions in subdirectories of lib/ 2020-08-10 01:32:59 +09:00
vdso vdso/treewide: Add vdso_data pointer argument to __arch_get_hw_counter() 2020-08-06 10:57:30 +02:00
xz lib: Revert use of fallthrough pseudo-keyword in lib/ 2020-08-24 14:17:44 -07:00
zlib_deflate kbuild: trace functions in subdirectories of lib/ 2020-08-10 01:32:59 +09:00
zlib_dfltcc kbuild: trace functions in subdirectories of lib/ 2020-08-10 01:32:59 +09:00
zlib_inflate kbuild: trace functions in subdirectories of lib/ 2020-08-10 01:32:59 +09:00
zstd lib: Revert use of fallthrough pseudo-keyword in lib/ 2020-08-24 14:17:44 -07:00
.gitignore .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
argv_split.c
ashldi3.c
ashrdi3.c
asn1_decoder.c lib: Revert use of fallthrough pseudo-keyword in lib/ 2020-08-24 14:17:44 -07:00
assoc_array.c lib: Revert use of fallthrough pseudo-keyword in lib/ 2020-08-24 14:17:44 -07:00
atomic64_test.c
atomic64.c
audit.c
bcd.c
bch.c lib/bch: Allow easy bit swapping 2020-05-24 20:48:11 +02:00
bitfield_kunit.c lib: kunit: Fix compilation test when using TEST_BIT_FIELD_COMPILE 2020-10-16 13:25:14 -06:00
bitmap.c lib: bitmap: delete duplicated words 2020-10-16 11:11:19 -07:00
bitrev.c
bootconfig.c lib/bootconfig: Fix to remove tailing spaces after value 2020-09-21 21:50:09 -04:00
bsearch.c lib/bsearch: Provide __always_inline variant 2020-06-11 15:14:53 +02:00
btree.c
bucket_locks.c
bug.c ftrace,bug: Improve traceoff_on_warn 2020-06-01 08:23:42 -04:00
build_OID_registry
bust_spinlocks.c
check_signature.c
checksum.c unify generic instances of csum_partial_copy_nocheck() 2020-08-20 15:45:14 -04:00
clz_ctz.c
clz_tab.c
cmdline.c lib: Revert use of fallthrough pseudo-keyword in lib/ 2020-08-24 14:17:44 -07:00
cmpdi2.c
compat_audit.c
cpu_rmap.c lib: cpu_rmap: Use pr_warn instead of pr_warning 2019-10-18 15:01:57 +02:00
cpumask.c lib: Restrict cpumask_local_spread to houskeeping CPUs 2020-07-08 11:39:01 +02:00
crc-ccitt.c
crc-itu-t.c
crc-t10dif.c crc-t10dif: clean up some more things 2020-06-18 17:26:43 +10:00
crc4.c
crc7.c
crc8.c
crc16.c
crc32.c lib/crc32.c: fix trivial typo in preprocessor condition 2020-10-16 11:11:20 -07:00
crc32defs.h
crc32test.c
crc64.c lib/: replace HTTP links with HTTPS ones 2020-08-12 10:58:00 -07:00
ctype.c
debug_info.c
debug_locks.c lockdep: Prepare for noinstr sections 2020-05-19 15:47:21 +02:00
debugobjects.c debugobjects: Free per CPU pool after CPU unplug 2020-10-01 16:13:54 +02:00
dec_and_lock.c
decompress_bunzip2.c lib: decompress_bunzip2: delete duplicated words 2020-10-16 11:11:19 -07:00
decompress_inflate.c lib/zlib: add s390 hardware support for kernel zlib_inflate 2020-01-31 10:30:40 -08:00
decompress_unlz4.c
decompress_unlzma.c lib/: replace HTTP links with HTTPS ones 2020-08-12 10:58:00 -07:00
decompress_unlzo.c
decompress_unxz.c
decompress_unzstd.c lib: decompress_unzstd: Limit output size 2020-09-03 10:13:09 +02:00
decompress.c lib: Add zstd support to decompress 2020-07-31 11:49:08 +02:00
devres.c driver core: platform: Document return type of more functions 2020-09-10 18:30:01 +02:00
digsig.c
dump_stack.c kernel: rename show_stack_loglvl() => show_stack() 2020-06-09 09:39:13 -07:00
dynamic_debug.c dyndbg: use keyword, arg varnames for query term pairs 2020-09-27 14:32:09 +02:00
dynamic_queue_limits.c lib: dynamic_queue_limits: delete duplicated words + fix typo 2020-10-16 11:11:20 -07:00
earlycpio.c lib: earlycpio: delete duplicated words 2020-10-16 11:11:20 -07:00
errname.c printf: add support for printing symbolic error names 2019-10-17 16:23:25 +02:00
error-inject.c
errseq.c
extable.c lib/extable.c: add missing prototypes 2019-09-25 17:51:39 -07:00
fault-inject-usercopy.c lib, include/linux: add usercopy failure capability 2020-10-16 11:11:22 -07:00
fault-inject.c fault_inject: Don't rely on "return value" from WRITE_ONCE() 2020-04-15 21:36:41 +01:00
fdt_addresses.c libfdt: include fdt_addresses.c 2020-01-08 16:59:19 +00:00
fdt_empty_tree.c
fdt_ro.c
fdt_rw.c
fdt_strerror.c
fdt_sw.c
fdt_wip.c
fdt.c
find_bit_benchmark.c
find_bit.c kernel.h: split out min()/max() et al. helpers 2020-10-16 11:11:19 -07:00
flex_proportions.c lib/flex_proportions.c: cleanup __fprop_inc_percpu_max 2020-06-04 19:06:25 -07:00
gen_crc32table.c
gen_crc64table.c
genalloc.c lib/genalloc.c: rename addr_in_gen_pool to gen_pool_has_addr 2019-12-04 19:44:13 -08:00
generic-radix-tree.c lib/generic-radix-tree.c: add kmemleak annotations 2019-10-14 15:04:00 -07:00
glob.c lib: Revert use of fallthrough pseudo-keyword in lib/ 2020-08-24 14:17:44 -07:00
globtest.c
hexdump.c kernel.h: split out min()/max() et al. helpers 2020-10-16 11:11:19 -07:00
hweight.c
idr.c XArray updates for 5.9 2020-10-20 14:39:37 -07:00
inflate.c
interval_tree_test.c
interval_tree.c
iomap_copy.c
iomap.c iomap: constify ioreadX() iomem argument (as in generic implementation) 2020-08-14 19:56:57 -07:00
iommu-helper.c
iov_iter.c lib, uaccess: add failure injection to usercopy functions 2020-10-16 11:11:22 -07:00
irq_poll.c
irq_regs.c
is_single_threaded.c
kasprintf.c
Kconfig x86, powerpc: Rename memcpy_mcsafe() to copy_mc_to_{user, kernel}() 2020-10-06 11:18:04 +02:00
Kconfig.debug Kbuild updates for v5.10 2020-10-22 13:13:57 -07:00
Kconfig.kasan KASAN: port KASAN Tests to KUnit 2020-10-13 18:38:32 -07:00
Kconfig.kcsan kcsan: Test support for compound instrumentation 2020-08-24 15:09:58 -07:00
Kconfig.kgdb kgdb: Honour the kprobe blocklist when setting breakpoints 2020-09-28 12:14:08 +01:00
Kconfig.ubsan ubsan: introduce CONFIG_UBSAN_LOCAL_BOUNDS for Clang 2020-10-16 11:11:22 -07:00
kfifo.c
klist.c
kobject_uevent.c
kobject.c kobject: Drop unneeded conditional in __kobject_del() 2020-09-07 11:24:17 +02:00
kstrtox.c kstrto*: do not describe simple_strto*() as obsolete/replaced 2020-08-12 10:58:00 -07:00
kstrtox.h
libcrc32c.c lib: libcrc32c: delete duplicated words 2020-10-16 11:11:19 -07:00
linear_ranges.c lib: linear_ranges: Add missing MODULE_LICENSE() 2020-05-11 11:55:28 +01:00
list_debug.c
list_sort.c
list-test.c Fix linked-list KUnit test when run multiple times 2020-03-25 16:38:39 -06:00
llist.c
locking-selftest-hardirq.h
locking-selftest-mutex.h
locking-selftest-rlock-hardirq.h
locking-selftest-rlock-softirq.h
locking-selftest-rlock.h
locking-selftest-rsem.h
locking-selftest-rtmutex.h
locking-selftest-softirq.h
locking-selftest-spin-hardirq.h
locking-selftest-spin-softirq.h
locking-selftest-spin.h
locking-selftest-wlock-hardirq.h
locking-selftest-wlock-softirq.h
locking-selftest-wlock.h
locking-selftest-wsem.h
locking-selftest.c lockdep/selftest: Introduce recursion3 2020-08-26 12:42:08 +02:00
lockref.c
logic_pio.c logic_pio: Use _inX() and _outX() 2020-05-07 14:54:26 +08:00
lru_cache.c
lshrdi3.c
Makefile linux-kselftest-kunit-5.10-rc1 2020-10-18 14:45:59 -07:00
memcat_p.c
memory-notifier-error-inject.c
memregion.c lib/memregion.c: include memregion.h 2020-09-26 10:33:57 -07:00
memweight.c
muldi3.c
net_utils.c
netdev-notifier-error-inject.c
nlattr.c netlink: export policy in extended ACK 2020-10-09 20:22:32 -07:00
nmi_backtrace.c lib: Add backtrace_idle parameter to force backtrace of idle CPUs 2020-08-24 14:24:25 -07:00
nodemask.c
notifier-error-inject.c
notifier-error-inject.h
objagg.c lib: objagg: Replace zero-length arrays with flexible-array member 2020-02-16 18:33:00 -08:00
of-reconfig-notifier-error-inject.c
oid_registry.c
once.c
packing.c lib: packing: add documentation for pbuflen argument 2020-06-28 20:45:27 -07:00
parman.c
parser.c
pci_iomap.c
percpu_counter.c lib/percpu_counter.c: use helper macro abs() 2020-10-16 11:11:20 -07:00
percpu_test.c
percpu-refcount.c percpu_ref: don't refer to ref->data if it isn't allocated 2020-10-09 12:32:06 -06:00
plist.c
pm-notifier-error-inject.c
radix-tree.c XArray updates for 5.9 2020-10-20 14:39:37 -07:00
random32.c random32: add noise from network and scheduling activity 2020-10-24 20:21:57 +02:00
ratelimit.c
rbtree_test.c augmented rbtree: add new RB_DECLARE_CALLBACKS_MAX macro 2019-09-25 17:51:39 -07:00
rbtree.c lib/: replace HTTP links with HTTPS ones 2020-08-12 10:58:00 -07:00
refcount.c locking/refcount: Consolidate implementations of refcount_t 2019-11-25 09:15:32 +01:00
rhashtable.c rhashtable: Restore RCU marking on rhash_lock_head 2020-07-28 17:09:49 -07:00
sbitmap.c sbitmap: Consider cleared bits in sbitmap_bitmap_show() 2020-07-01 10:53:00 -06:00
scatterlist.c RDMA 5.10 pull request 2020-10-17 11:18:18 -07:00
seq_buf.c seq_buf: Export seq_buf_printf 2020-06-15 18:22:43 -07:00
sg_pool.c
sg_split.c
sha1.c crypto: lib/sha1 - fold linux/cryptohash.h into crypto/sha.h 2020-05-08 15:32:17 +10:00
show_mem.c mm: remove quicklist page table caches 2019-09-24 15:54:09 -07:00
siphash.c lib: Revert use of fallthrough pseudo-keyword in lib/ 2020-08-24 14:17:44 -07:00
smp_processor_id.c lib/smp_processor_id: Move it into noinstr section 2020-06-11 15:14:36 +02:00
sort.c lib/sort: Move swap, cmp and cmp_r function types for wider use 2019-11-14 13:15:11 -05:00
stackdepot.c kasan: stackdepot: move filter_irq_stacks() to stackdepot.c 2020-04-07 10:43:43 -07:00
stmp_device.c
string_helpers.c lib: string_helpers: provide kfree_strarray() 2020-09-30 10:50:30 +02:00
string.c lib/string.c: implement stpcpy 2020-09-26 10:33:57 -07:00
strncpy_from_user.c lib, uaccess: add failure injection to usercopy functions 2020-10-16 11:11:22 -07:00
strnlen_user.c uaccess: Selectively open read or write user access 2020-05-01 12:35:21 +10:00
syscall.c lib: syscall: delete duplicated words 2020-10-16 11:11:20 -07:00
test_bitmap.c test_bitmap: remove user bitmap tests 2020-09-08 22:21:33 -04:00
test_bitops.c lib/test_bitops: do the full test during module init 2020-08-12 10:57:59 -07:00
test_bits.c lib/test_bits.c: add tests of GENMASK 2020-08-12 10:58:00 -07:00
test_blackhole_dev.c
test_bpf.c bpf: revert "test_bpf: Flag tests that cannot be jited on s390" 2020-07-16 20:52:43 +02:00
test_debug_virtual.c
test_firmware.c test_firmware: Test partial read support 2020-10-05 13:37:04 +02:00
test_fpu.c selftests/fpu: Add an FPU selftest 2020-06-29 10:02:23 +02:00
test_free_pages.c mm/page_alloc.c: fix freeing non-compound pages 2020-10-13 18:38:33 -07:00
test_hash.c
test_hexdump.c
test_hmm_uapi.h mm/hmm: add tests for hmm_pfn_to_map_order() 2020-07-10 16:24:28 -03:00
test_hmm.c lib/test_hmm.c: fix an error code in dmirror_allocate_chunk() 2020-10-16 11:11:20 -07:00
test_ida.c
test_kasan_module.c KASAN: port KASAN Tests to KUnit 2020-10-13 18:38:32 -07:00
test_kasan.c KASAN: port KASAN Tests to KUnit 2020-10-13 18:38:32 -07:00
test_kmod.c test_kmod: avoid potential double free in trigger_config_run_type() 2020-08-12 10:58:01 -07:00
test_linear_ranges.c lib/test_linear_ranges: add a test for the 'linear_ranges' 2020-05-08 18:18:12 +01:00
test_list_sort.c
test_lockup.c lib/test_lockup.c: fix return value of test_lockup_init() 2020-08-12 10:58:00 -07:00
test_memcat_p.c
test_meminit.c lib/test_meminit.c: add bulk alloc/free tests 2019-12-04 19:44:13 -08:00
test_min_heap.c lib: Introduce generic min-heap 2020-03-06 11:56:59 +01:00
test_module.c
test_objagg.c test_objagg: Fix potential memory leak in error handling 2020-06-15 13:32:11 -07:00
test_overflow.c
test_parman.c
test_printf.c Driver core patches for 5.8-rc1 2020-06-07 10:53:36 -07:00
test_rhashtable.c rhashtable: fix indentation of a continue statement 2020-09-20 14:10:06 -07:00
test_siphash.c
test_sort.c
test_stackinit.c lib: test_stackinit.c: XFAIL switch variable init tests 2020-04-07 10:43:43 -07:00
test_static_key_base.c
test_static_keys.c
test_string.c
test_strscpy.c
test_sysctl.c lib: test_sysctl: delete duplicated words 2020-10-16 11:11:20 -07:00
test_ubsan.c
test_user_copy.c usercopy: Avoid soft lockups in test_check_nonzero_user() 2019-10-16 14:56:21 +02:00
test_uuid.c
test_vmalloc.c lib/test_vmalloc.c: Add test cases for kvfree_rcu() 2020-06-29 11:59:26 -07:00
test_xarray.c XArray updates for 5.9 2020-10-20 14:39:37 -07:00
test-kstrtox.c
test-string_helpers.c lib/test-string_helpers.c: Add string_upper() and string_lower() tests 2020-07-15 12:45:06 +03:00
textsearch.c lib: textsearch: fix escapes in example code 2019-10-03 12:12:23 -04:00
timerqueue.c
ts_bm.c lib/: replace HTTP links with HTTPS ones 2020-08-12 10:58:00 -07:00
ts_fsm.c lib: Revert use of fallthrough pseudo-keyword in lib/ 2020-08-24 14:17:44 -07:00
ts_kmp.c lib/ts_kmp.c: replace zero-length array with flexible-array member 2020-04-07 10:43:43 -07:00
ubsan.c lib/ubsan.c: fix gcc-10 warnings 2020-06-04 19:06:28 -07:00
ubsan.h int128: move __uint128_t compiler test to Kconfig 2019-11-17 09:02:42 +08:00
ucmpdi2.c
ucs2_string.c
usercopy.c lib, uaccess: add failure injection to usercopy functions 2020-10-16 11:11:22 -07:00
uuid.c uuid: Provide a GUID generator for raw buffer 2020-03-23 17:01:47 +01:00
vsprintf.c vsprintf: use bd_partno in bdev_name 2020-09-25 08:18:58 -06:00
win_minmax.c
xarray.c XArray updates for 5.9 2020-10-20 14:39:37 -07:00
xxhash.c lib/: replace HTTP links with HTTPS ones 2020-08-12 10:58:00 -07:00