mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-15 23:25:07 +00:00
Code Issues Releases Wiki Activity
linux-stable/arch/s390/crypto
History
Jason A. Donenfeld e4f7440030 s390/archrandom: simplify back to earlier design and initialize earlier 
s390x appears to present two RNG interfaces:
- a "TRNG" that gathers entropy using some hardware function; and
- a "DRBG" that takes in a seed and expands it.

Previously, the TRNG was wired up to arch_get_random_{long,int}(), but
it was observed that this was being called really frequently, resulting
in high overhead. So it was changed to be wired up to arch_get_random_
seed_{long,int}(), which was a reasonable decision. Later on, the DRBG
was then wired up to arch_get_random_{long,int}(), with a complicated
buffer filling thread, to control overhead and rate.

Fortunately, none of the performance issues matter much now. The RNG
always attempts to use arch_get_random_seed_{long,int}() first, which
means a complicated implementation of arch_get_random_{long,int}() isn't
really valuable or useful to have around. And it's only used when
reseeding, which means it won't hit the high throughput complications
that were faced before.

So this commit returns to an earlier design of just calling the TRNG in
arch_get_random_seed_{long,int}(), and returning false in arch_get_
random_{long,int}().

Part of what makes the simplification possible is that the RNG now seeds
itself using the TRNG at bootup. But this only works if the TRNG is
detected early in boot, before random_init() is called. So this commit
also causes that check to happen in setup_arch().

Cc: stable@vger.kernel.org
Cc: Harald Freudenberger <freude@linux.ibm.com>
Cc: Ingo Franzki <ifranzki@linux.ibm.com>
Cc: Juergen Christ <jchrist@linux.ibm.com>
Cc: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Link: https://lore.kernel.org/r/20220610222023.378448-1-Jason@zx2c4.com
Reviewed-by: Harald Freudenberger <freude@linux.ibm.com>
Acked-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
2022-06-30 19:40:36 +02:00
..
aes_s390.c s390/crypto: fix scatterwalk_unmap() callers in AES-GCM 2022-05-25 11:46:02 +02:00
arch_random.c s390/archrandom: simplify back to earlier design and initialize earlier 2022-06-30 19:40:36 +02:00
chacha-glue.c crypto: s390 - add crypto library interface for ChaCha20 2022-05-13 17:24:49 +08:00
chacha-s390.h s390/crypto: add SIMD implementation for ChaCha20 2021-12-06 14:42:24 +01:00
chacha-s390.S s390: convert ".insn" encoding to instruction names 2022-03-10 15:58:17 +01:00
crc32-vx.c crypto: remove CRYPTO_TFM_RES_BAD_KEY_LEN 2020-01-09 11:30:53 +08:00
crc32be-vx.S s390/crc32-vx: couple of typo fixes 2021-03-24 16:06:19 +01:00
crc32le-vx.S s390: add missing ENDPROC statements to assembler functions 2019-05-02 13:54:11 +02:00
des_s390.c s390/crypto: fix typos in comments 2022-05-06 20:45:13 +02:00
ghash_s390.c crypto: remove CRYPTO_TFM_RES_BAD_KEY_LEN 2020-01-09 11:30:53 +08:00
Makefile s390/crypto: add SIMD implementation for ChaCha20 2021-12-06 14:42:24 +01:00
paes_s390.c s390/crypto: improve retry logic in case of master key change 2021-01-27 13:00:48 +01:00
prng.c s390/crypto: fix typos in comments 2022-05-06 20:45:13 +02:00
sha.h crypto: sha - split sha.h into sha1.h and sha2.h 2020-11-20 14:45:33 +11:00
sha1_s390.c crypto: sha - split sha.h into sha1.h and sha2.h 2020-11-20 14:45:33 +11:00
sha3_256_s390.c crypto: sha - split sha.h into sha1.h and sha2.h 2020-11-20 14:45:33 +11:00
sha3_512_s390.c crypto: sha - split sha.h into sha1.h and sha2.h 2020-11-20 14:45:33 +11:00
sha256_s390.c crypto: sha - split sha.h into sha1.h and sha2.h 2020-11-20 14:45:33 +11:00
sha512_s390.c crypto: s390/sha512 - Use macros instead of direct IV numbers 2021-12-31 18:10:55 +11:00
sha_common.c s390/crypto: Fix unsigned variable compared with zero 2019-11-20 12:58:12 +01:00