random: help compiler out with fast_mix() by using simpler arguments
authorJason A. Donenfeld <Jason@zx2c4.com>
Fri, 6 May 2022 21:19:43 +0000 (23:19 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 25 Jun 2022 09:46:39 +0000 (11:46 +0200)
commit 791332b3cbb080510954a4c152ce02af8832eac9 upstream.

Now that fast_mix() has more than one caller, gcc no longer inlines it.
That's fine. But it also doesn't handle the compound literal argument we
pass it very efficiently, nor does it handle the loop as well as it
could. So just expand the code to spell out this function so that it
generates the same code as it did before. Performance-wise, this now
behaves as it did before the last commit. The difference in actual code
size on x86 is 45 bytes, which is less than a cache line.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/char/random.c

index 872e4ad2cba810135c08f4562e1458664d4ae0c5..7eccee0d3c60867ac892bb8363cceb9a4b1be106 100644 (file)
@@ -1026,25 +1026,30 @@ static DEFINE_PER_CPU(struct fast_pool, irq_randomness) = {
  * and therefore this has no security on its own. s represents the
  * four-word SipHash state, while v represents a two-word input.
  */
-static void fast_mix(unsigned long s[4], const unsigned long v[2])
+static void fast_mix(unsigned long s[4], unsigned long v1, unsigned long v2)
 {
-       size_t i;
-
-       for (i = 0; i < 2; ++i) {
-               s[3] ^= v[i];
 #ifdef CONFIG_64BIT
-               s[0] += s[1]; s[1] = rol64(s[1], 13); s[1] ^= s[0]; s[0] = rol64(s[0], 32);
-               s[2] += s[3]; s[3] = rol64(s[3], 16); s[3] ^= s[2];
-               s[0] += s[3]; s[3] = rol64(s[3], 21); s[3] ^= s[0];
-               s[2] += s[1]; s[1] = rol64(s[1], 17); s[1] ^= s[2]; s[2] = rol64(s[2], 32);
+#define PERM() do { \
+       s[0] += s[1]; s[1] = rol64(s[1], 13); s[1] ^= s[0]; s[0] = rol64(s[0], 32); \
+       s[2] += s[3]; s[3] = rol64(s[3], 16); s[3] ^= s[2]; \
+       s[0] += s[3]; s[3] = rol64(s[3], 21); s[3] ^= s[0]; \
+       s[2] += s[1]; s[1] = rol64(s[1], 17); s[1] ^= s[2]; s[2] = rol64(s[2], 32); \
+} while (0)
 #else
-               s[0] += s[1]; s[1] = rol32(s[1],  5); s[1] ^= s[0]; s[0] = rol32(s[0], 16);
-               s[2] += s[3]; s[3] = rol32(s[3],  8); s[3] ^= s[2];
-               s[0] += s[3]; s[3] = rol32(s[3],  7); s[3] ^= s[0];
-               s[2] += s[1]; s[1] = rol32(s[1], 13); s[1] ^= s[2]; s[2] = rol32(s[2], 16);
+#define PERM() do { \
+       s[0] += s[1]; s[1] = rol32(s[1],  5); s[1] ^= s[0]; s[0] = rol32(s[0], 16); \
+       s[2] += s[3]; s[3] = rol32(s[3],  8); s[3] ^= s[2]; \
+       s[0] += s[3]; s[3] = rol32(s[3],  7); s[3] ^= s[0]; \
+       s[2] += s[1]; s[1] = rol32(s[1], 13); s[1] ^= s[2]; s[2] = rol32(s[2], 16); \
+} while (0)
 #endif
-               s[0] ^= v[i];
-       }
+
+       s[3] ^= v1;
+       PERM();
+       s[0] ^= v1;
+       s[3] ^= v2;
+       PERM();
+       s[0] ^= v2;
 }
 
 #ifdef CONFIG_SMP
@@ -1114,10 +1119,8 @@ void add_interrupt_randomness(int irq)
        struct pt_regs *regs = get_irq_regs();
        unsigned int new_count;
 
-       fast_mix(fast_pool->pool, (unsigned long[2]){
-               entropy,
-               (regs ? instruction_pointer(regs) : _RET_IP_) ^ swab(irq)
-       });
+       fast_mix(fast_pool->pool, entropy,
+                (regs ? instruction_pointer(regs) : _RET_IP_) ^ swab(irq));
        new_count = ++fast_pool->count;
 
        if (new_count & MIX_INFLIGHT)
@@ -1157,8 +1160,7 @@ static void add_timer_randomness(struct timer_rand_state *state, unsigned int nu
         * sometime after, so mix into the fast pool.
         */
        if (in_irq()) {
-               fast_mix(this_cpu_ptr(&irq_randomness)->pool,
-                        (unsigned long[2]){ entropy, num });
+               fast_mix(this_cpu_ptr(&irq_randomness)->pool, entropy, num);
        } else {
                spin_lock_irqsave(&input_pool.lock, flags);
                _mix_pool_bytes(&entropy, sizeof(entropy));