Add cpu_rng, a framework for simple on-CPU random number generators.

sys/arch/amd64/include/Makefile

@@ -1,10 +1,10 @@
-#	$NetBSD: Makefile,v 1.18 2014/07/23 18:19:43 alnsn Exp $
+#	$NetBSD: Makefile,v 1.19 2016/02/27 00:09:44 tls Exp $
 
 INCSDIR= /usr/include/amd64
 
 INCS=	ansi.h aout_machdep.h asm.h \
 	bootinfo.h bswap.h byte_swap.h \
-	cdefs.h cpu.h \
+	cdefs.h cpu.h cpu_rng.h\
 	disklabel.h \
 	elf_machdep.h endian.h endian_machdep.h \
 	float.h fpu.h frame.h frame_regs.h \

sys/arch/amd64/include/cpu_rng.h

@@ -0,0 +1,8 @@
+/*      $NetBSD: cpu_rng.h,v 1.1 2016/02/27 00:09:45 tls Exp $   */
+
+#ifndef _AMD64_CPU_RNG_H_
+#define _AMD64_CPU_RNG_H_
+
+#include <x86/cpu_rng.h>
+
+#endif

sys/arch/amd64/include/types.h

@@ -1,4 +1,4 @@
-/*	$NetBSD: types.h,v 1.50 2016/01/23 22:31:19 christos Exp $	*/
+/*	$NetBSD: types.h,v 1.51 2016/02/27 00:09:45 tls Exp $	*/
 
 /*-
  * Copyright (c) 1990 The Regents of the University of California.
@@ -94,6 +94,7 @@ typedef	unsigned char		__cpu_simple_lock_nv_t;
 #define	__HAVE_TLS_VARIANT_II
 #define	__HAVE_COMMON___TLS_GET_ADDR
 #define	__HAVE_INTR_CONTROL
+#define	__HAVE_CPU_RNG
 
 #ifdef _KERNEL_OPT
 #define	__HAVE_RAS

sys/arch/i386/include/Makefile

@@ -1,10 +1,10 @@
-#	$NetBSD: Makefile,v 1.43 2014/07/23 18:19:44 alnsn Exp $
+#	$NetBSD: Makefile,v 1.44 2016/02/27 00:09:45 tls Exp $
 
 INCSDIR= /usr/include/i386
 
 INCS=	ansi.h aout_machdep.h apmvar.h asm.h \
 	bioscall.h bootinfo.h bswap.h byte_swap.h \
-	cdefs.h cpu.h cputypes.h \
+	cdefs.h cpu.h cpu_rng.h cputypes.h \
 	disklabel.h \
 	elf_machdep.h endian.h endian_machdep.h \
 	fenv.h float.h frame.h freebsd_machdep.h \

sys/arch/i386/include/cpu_rng.h

@@ -0,0 +1,8 @@
+/*	$NetBSD: cpu_rng.h,v 1.1 2016/02/27 00:09:45 tls Exp $	*/
+
+#ifndef _I386_CPU_RNG_H_
+#define _I386_CPU_RNG_H_
+
+#include <x86/cpu_rng.h>
+
+#endif

sys/arch/i386/include/types.h

@@ -1,4 +1,4 @@
-/*	$NetBSD: types.h,v 1.86 2016/01/24 18:21:50 christos Exp $	*/
+/*	$NetBSD: types.h,v 1.87 2016/02/27 00:09:45 tls Exp $	*/
 
 /*-
  * Copyright (c) 1990 The Regents of the University of California.
@@ -112,6 +112,8 @@ typedef __register_t	register_t;
 #define	__HAVE_SYSCALL_INTERN
 #define	__HAVE_MINIMAL_EMUL
 #define	__HAVE_OLD_DISKLABEL
+#define	__HAVE_CPU_RNG
+
 #if defined(_KERNEL)
 /*
  * Processors < i586 do not have cmpxchg8b, and we compile for i486

sys/arch/x86/conf/files.x86

@@ -1,4 +1,4 @@
-#	$NetBSD: files.x86,v 1.86 2016/01/28 01:09:56 christos Exp $
+#	$NetBSD: files.x86,v 1.87 2016/02/27 00:09:45 tls Exp $
 
 # options for MP configuration through the MP spec
 defflag opt_mpbios.h MPBIOS MPVERBOSE MPDEBUG MPBIOS_SCANPCI
@@ -27,6 +27,7 @@ define  ipmibus {}
 device	cpu: cpufeaturebus
 attach	cpu at cpubus
 file 	arch/x86/x86/cpu.c 		cpu
+file	arch/x86/x86/cpu_rng.c		cpu
 
 device	acpicpu: acpi
 attach	acpicpu at cpufeaturebus

sys/arch/x86/include/Makefile

@@ -1,4 +1,4 @@
-# 	$NetBSD: Makefile,v 1.19 2014/02/11 20:17:16 dsl Exp $
+# 	$NetBSD: Makefile,v 1.20 2016/02/27 00:09:45 tls Exp $
 
 INCSDIR=/usr/include/x86
 
@@ -7,6 +7,7 @@ INCS=	aout_machdep.h \
 	cacheinfo.h \
 	cpu.h \
 	cpu_extended_state.h \
+	cpu_rng.h \
 	cpu_ucode.h \
 	cputypes.h \
 	cpuvar.h \

sys/arch/x86/include/cpu_rng.h

@@ -0,0 +1,42 @@
+/* $NetBSD: cpu_rng.h,v 1.1 2016/02/27 00:09:45 tls Exp $ */
+
+#ifndef _X86_CPU_RNG_H_
+#define _X86_CPU_RNG_H_
+
+/*-
+ * Copyright (c) 2015 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Thor Lancelot Simon.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <sys/types.h>
+
+typedef uint64_t cpu_rng_t;
+
+bool cpu_rng_init(void);
+size_t cpu_rng(cpu_rng_t *);
+
+#endif /* _X86_CPU_RNG_H_ */

sys/arch/x86/x86/cpu_rng.c

@@ -0,0 +1,66 @@
+/* $NetBSD: cpu_rng.c,v 1.1 2016/02/27 00:09:45 tls Exp $ */
+
+/*-
+ * Copyright (c) 2015 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Thor Lancelot Simon.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <sys/param.h>
+#include <sys/systm.h>
+#include <sys/cpu.h>
+
+#include <x86/specialreg.h>
+
+#include <machine/cpufunc.h>
+#include <machine/cpuvar.h>
+#include <machine/cpu_rng.h>
+
+static enum {
+	CPU_RNG_NONE = 0,
+	CPU_RNG_RDRAND,
+	CPU_RNG_RDSEED,
+	CPU_RNG_VIA } cpu_rng_mode __read_mostly = CPU_RNG_NONE;
+
+bool
+cpu_rng_init(void)
+{
+	return false;
+}
+
+size_t
+cpu_rng(cpu_rng_t *out)
+{
+	switch (cpu_rng_mode) {
+	case CPU_RNG_NONE:
+	case CPU_RNG_RDSEED:
+	case CPU_RNG_RDRAND:
+	case CPU_RNG_VIA:
+		return 0;
+	default:
+		panic("cpu_rng: unknown mode %d", (int)cpu_rng_mode);
+	}
+}

sys/kern/kern_rndq.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: kern_rndq.c,v 1.81 2016/02/17 19:44:40 riastradh Exp $	*/
+/*	$NetBSD: kern_rndq.c,v 1.82 2016/02/27 00:09:45 tls Exp $	*/
 
 /*-
  * Copyright (c) 1997-2013 The NetBSD Foundation, Inc.
@@ -32,7 +32,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_rndq.c,v 1.81 2016/02/17 19:44:40 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_rndq.c,v 1.82 2016/02/27 00:09:45 tls Exp $");
 
 #include <sys/param.h>
 #include <sys/atomic.h>
@@ -59,6 +59,10 @@ __KERNEL_RCSID(0, "$NetBSD: kern_rndq.c,v 1.81 2016/02/17 19:44:40 riastradh Exp
 #include <compat/sys/rnd.h>
 #endif
 
+#if defined(__HAVE_CPU_RNG)
+#include <machine/cpu_rng.h>
+#endif
+
 #if defined(__HAVE_CPU_COUNTER)
 #include <machine/cpu_counter.h>
 #endif
@@ -185,17 +189,6 @@ rnd_printf(const char *fmt, ...)
 	rnd_printing = 0;
 }
 
-void
-rnd_init_softint(void)
-{
-
-	rnd_process = softint_establish(SOFTINT_SERIAL|SOFTINT_MPSAFE,
-	    rnd_intr, NULL);
-	rnd_wakeup = softint_establish(SOFTINT_CLOCK|SOFTINT_MPSAFE,
-	    rnd_wake, NULL);
-	rnd_schedule_process();
-}
-
 /*
  * Generate a 32-bit counter.
  */
@@ -412,6 +405,38 @@ rnd_dv_estimate(krndsource_t *rs, uint32_t v)
 	return ret;
 }
 
+#if defined(__HAVE_CPU_RNG)
+static struct {
+	kmutex_t	lock;	/* unfortunately, must protect krndsource */
+	krndsource_t	source;
+} rnd_cpu __cacheline_aligned;
+	
+static void
+rnd_cpu_get(size_t bytes, void *priv)
+{
+	krndsource_t *cpusrcp = priv;
+	KASSERT(cpusrcp == &rnd_cpu.source);
+
+        if (RND_ENABLED(cpusrcp)) {
+		cpu_rng_t buf[2 * RND_ENTROPY_THRESHOLD / sizeof(cpu_rng_t)];
+		cpu_rng_t *bufp;
+		size_t cnt = howmany(sizeof(buf), sizeof(cpu_rng_t));
+		size_t entropy = 0;
+
+		for (bufp = buf; bufp < buf + cnt; bufp++) {
+			entropy += cpu_rng(bufp);
+		}
+		if (__predict_true(entropy)) {
+			mutex_spin_enter(&rnd_cpu.lock);
+			rnd_add_data_sync(cpusrcp, buf, sizeof(buf), entropy);
+			explicit_memset(buf, 0, sizeof(buf));
+			mutex_spin_exit(&rnd_cpu.lock);
+		}
+        }
+}
+
+#endif
+
 #if defined(__HAVE_CPU_COUNTER)
 static struct {
 	kmutex_t	lock;
@@ -471,6 +496,17 @@ rnd_skew_intr(void *arg)
 }
 #endif
 
+void
+rnd_init_softint(void)
+{
+
+	rnd_process = softint_establish(SOFTINT_SERIAL|SOFTINT_MPSAFE,
+	    rnd_intr, NULL);
+	rnd_wakeup = softint_establish(SOFTINT_CLOCK|SOFTINT_MPSAFE,
+	    rnd_wake, NULL);
+	rnd_schedule_process();
+}
+
 /*
  * Entropy was just added to the pool.  If we crossed the threshold for
  * the first time, set rnd_initial_entropy = 1.
@@ -549,6 +585,21 @@ rnd_init(void)
 		mutex_spin_exit(&rnd_global.lock);
 	}
 
+	/*
+	 * Attach CPU RNG if available.
+	 */
+#if defined(__HAVE_CPU_RNG)
+	if (cpu_rng_init()) {
+		/* IPL_VM because taken while rnd_global.lock is held.  */
+		mutex_init(&rnd_cpu.lock, MUTEX_DEFAULT, IPL_VM);
+		rndsource_setcb(&rnd_cpu.source, rnd_cpu_get, &rnd_cpu.source);
+		rnd_attach_source(&rnd_cpu.source, "cpurng",
+		    RND_TYPE_RNG, RND_FLAG_COLLECT_VALUE|
+		    RND_FLAG_HASCB|RND_FLAG_HASENABLE);
+		rnd_cpu_get(RND_ENTROPY_THRESHOLD, &rnd_cpu.source);
+	}
+#endif
+
 	/*
 	 * If we have a cycle counter, take its error with respect
 	 * to the callout mechanism as a source of entropy, ala
@@ -1217,7 +1268,7 @@ rnd_extract_data(void *p, uint32_t len, uint32_t flags)
 		explicit_memset(&rnd_rt, 0, sizeof(rnd_rt));
 		rndpool_add_data(&rnd_global.pool, rnd_testbits,
 		    sizeof(rnd_testbits), entropy_count);
-		memset(rnd_testbits, 0, sizeof(rnd_testbits));
+		explicit_memset(rnd_testbits, 0, sizeof(rnd_testbits));
 		rnd_printf_verbose("rnd: statistical RNG test done,"
 		    " entropy = %d.\n",
 		    rndpool_get_entropy_count(&rnd_global.pool));