From 1b1730d0f9387f22c17aecb51518b2bd8dc376bd Mon Sep 17 00:00:00 2001
From: tls <tls@NetBSD.org>
Date: Sat, 27 Feb 2016 00:09:44 +0000
Subject: [PATCH] Add cpu_rng, a framework for simple on-CPU random number
 generators.

---
 sys/arch/amd64/include/Makefile  |  4 +-
 sys/arch/amd64/include/cpu_rng.h |  8 ++++
 sys/arch/amd64/include/types.h   |  3 +-
 sys/arch/i386/include/Makefile   |  4 +-
 sys/arch/i386/include/cpu_rng.h  |  8 ++++
 sys/arch/i386/include/types.h    |  4 +-
 sys/arch/x86/conf/files.x86      |  3 +-
 sys/arch/x86/include/Makefile    |  3 +-
 sys/arch/x86/include/cpu_rng.h   | 42 +++++++++++++++++
 sys/arch/x86/x86/cpu_rng.c       | 66 ++++++++++++++++++++++++++
 sys/kern/kern_rndq.c             | 79 ++++++++++++++++++++++++++------
 11 files changed, 202 insertions(+), 22 deletions(-)
 create mode 100644 sys/arch/amd64/include/cpu_rng.h
 create mode 100644 sys/arch/i386/include/cpu_rng.h
 create mode 100644 sys/arch/x86/include/cpu_rng.h
 create mode 100644 sys/arch/x86/x86/cpu_rng.c

diff --git a/sys/arch/amd64/include/Makefile b/sys/arch/amd64/include/Makefile
index bd174d2244c4..36d2b70d2150 100644
--- a/sys/arch/amd64/include/Makefile
+++ b/sys/arch/amd64/include/Makefile
@@ -1,10 +1,10 @@
-#	$NetBSD: Makefile,v 1.18 2014/07/23 18:19:43 alnsn Exp $
+#	$NetBSD: Makefile,v 1.19 2016/02/27 00:09:44 tls Exp $
 
 INCSDIR= /usr/include/amd64
 
 INCS=	ansi.h aout_machdep.h asm.h \
 	bootinfo.h bswap.h byte_swap.h \
-	cdefs.h cpu.h \
+	cdefs.h cpu.h cpu_rng.h\
 	disklabel.h \
 	elf_machdep.h endian.h endian_machdep.h \
 	float.h fpu.h frame.h frame_regs.h \
diff --git a/sys/arch/amd64/include/cpu_rng.h b/sys/arch/amd64/include/cpu_rng.h
new file mode 100644
index 000000000000..acea2ef15fb9
--- /dev/null
+++ b/sys/arch/amd64/include/cpu_rng.h
@@ -0,0 +1,8 @@
+/*      $NetBSD: cpu_rng.h,v 1.1 2016/02/27 00:09:45 tls Exp $   */
+
+#ifndef _AMD64_CPU_RNG_H_
+#define _AMD64_CPU_RNG_H_
+
+#include <x86/cpu_rng.h>
+
+#endif
diff --git a/sys/arch/amd64/include/types.h b/sys/arch/amd64/include/types.h
index 0f29baa6874b..c19a1a2c1be8 100644
--- a/sys/arch/amd64/include/types.h
+++ b/sys/arch/amd64/include/types.h
@@ -1,4 +1,4 @@
-/*	$NetBSD: types.h,v 1.50 2016/01/23 22:31:19 christos Exp $	*/
+/*	$NetBSD: types.h,v 1.51 2016/02/27 00:09:45 tls Exp $	*/
 
 /*-
  * Copyright (c) 1990 The Regents of the University of California.
@@ -94,6 +94,7 @@ typedef	unsigned char		__cpu_simple_lock_nv_t;
 #define	__HAVE_TLS_VARIANT_II
 #define	__HAVE_COMMON___TLS_GET_ADDR
 #define	__HAVE_INTR_CONTROL
+#define	__HAVE_CPU_RNG
 
 #ifdef _KERNEL_OPT
 #define	__HAVE_RAS
diff --git a/sys/arch/i386/include/Makefile b/sys/arch/i386/include/Makefile
index 7df0c4ef655a..89ec9ef1f9d2 100644
--- a/sys/arch/i386/include/Makefile
+++ b/sys/arch/i386/include/Makefile
@@ -1,10 +1,10 @@
-#	$NetBSD: Makefile,v 1.43 2014/07/23 18:19:44 alnsn Exp $
+#	$NetBSD: Makefile,v 1.44 2016/02/27 00:09:45 tls Exp $
 
 INCSDIR= /usr/include/i386
 
 INCS=	ansi.h aout_machdep.h apmvar.h asm.h \
 	bioscall.h bootinfo.h bswap.h byte_swap.h \
-	cdefs.h cpu.h cputypes.h \
+	cdefs.h cpu.h cpu_rng.h cputypes.h \
 	disklabel.h \
 	elf_machdep.h endian.h endian_machdep.h \
 	fenv.h float.h frame.h freebsd_machdep.h \
diff --git a/sys/arch/i386/include/cpu_rng.h b/sys/arch/i386/include/cpu_rng.h
new file mode 100644
index 000000000000..ed848b4282fe
--- /dev/null
+++ b/sys/arch/i386/include/cpu_rng.h
@@ -0,0 +1,8 @@
+/*	$NetBSD: cpu_rng.h,v 1.1 2016/02/27 00:09:45 tls Exp $	*/
+
+#ifndef _I386_CPU_RNG_H_
+#define _I386_CPU_RNG_H_
+
+#include <x86/cpu_rng.h>
+
+#endif
diff --git a/sys/arch/i386/include/types.h b/sys/arch/i386/include/types.h
index 239e103ccd78..5f94c9dd9839 100644
--- a/sys/arch/i386/include/types.h
+++ b/sys/arch/i386/include/types.h
@@ -1,4 +1,4 @@
-/*	$NetBSD: types.h,v 1.86 2016/01/24 18:21:50 christos Exp $	*/
+/*	$NetBSD: types.h,v 1.87 2016/02/27 00:09:45 tls Exp $	*/
 
 /*-
  * Copyright (c) 1990 The Regents of the University of California.
@@ -112,6 +112,8 @@ typedef __register_t	register_t;
 #define	__HAVE_SYSCALL_INTERN
 #define	__HAVE_MINIMAL_EMUL
 #define	__HAVE_OLD_DISKLABEL
+#define	__HAVE_CPU_RNG
+
 #if defined(_KERNEL)
 /*
  * Processors < i586 do not have cmpxchg8b, and we compile for i486
diff --git a/sys/arch/x86/conf/files.x86 b/sys/arch/x86/conf/files.x86
index 95f12d0e1806..d9e696eb3f60 100644
--- a/sys/arch/x86/conf/files.x86
+++ b/sys/arch/x86/conf/files.x86
@@ -1,4 +1,4 @@
-#	$NetBSD: files.x86,v 1.86 2016/01/28 01:09:56 christos Exp $
+#	$NetBSD: files.x86,v 1.87 2016/02/27 00:09:45 tls Exp $
 
 # options for MP configuration through the MP spec
 defflag opt_mpbios.h MPBIOS MPVERBOSE MPDEBUG MPBIOS_SCANPCI
@@ -27,6 +27,7 @@ define  ipmibus {}
 device	cpu: cpufeaturebus
 attach	cpu at cpubus
 file 	arch/x86/x86/cpu.c 		cpu
+file	arch/x86/x86/cpu_rng.c		cpu
 
 device	acpicpu: acpi
 attach	acpicpu at cpufeaturebus
diff --git a/sys/arch/x86/include/Makefile b/sys/arch/x86/include/Makefile
index b9563e977434..d8592ce76374 100644
--- a/sys/arch/x86/include/Makefile
+++ b/sys/arch/x86/include/Makefile
@@ -1,4 +1,4 @@
-# 	$NetBSD: Makefile,v 1.19 2014/02/11 20:17:16 dsl Exp $
+# 	$NetBSD: Makefile,v 1.20 2016/02/27 00:09:45 tls Exp $
 
 INCSDIR=/usr/include/x86
 
@@ -7,6 +7,7 @@ INCS=	aout_machdep.h \
 	cacheinfo.h \
 	cpu.h \
 	cpu_extended_state.h \
+	cpu_rng.h \
 	cpu_ucode.h \
 	cputypes.h \
 	cpuvar.h \
diff --git a/sys/arch/x86/include/cpu_rng.h b/sys/arch/x86/include/cpu_rng.h
new file mode 100644
index 000000000000..45913271e8e6
--- /dev/null
+++ b/sys/arch/x86/include/cpu_rng.h
@@ -0,0 +1,42 @@
+/* $NetBSD: cpu_rng.h,v 1.1 2016/02/27 00:09:45 tls Exp $ */
+
+#ifndef _X86_CPU_RNG_H_
+#define _X86_CPU_RNG_H_
+
+/*-
+ * Copyright (c) 2015 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Thor Lancelot Simon.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <sys/types.h>
+
+typedef uint64_t cpu_rng_t;
+
+bool cpu_rng_init(void);
+size_t cpu_rng(cpu_rng_t *);
+
+#endif /* _X86_CPU_RNG_H_ */
diff --git a/sys/arch/x86/x86/cpu_rng.c b/sys/arch/x86/x86/cpu_rng.c
new file mode 100644
index 000000000000..bd9487114b00
--- /dev/null
+++ b/sys/arch/x86/x86/cpu_rng.c
@@ -0,0 +1,66 @@
+/* $NetBSD: cpu_rng.c,v 1.1 2016/02/27 00:09:45 tls Exp $ */
+
+/*-
+ * Copyright (c) 2015 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Thor Lancelot Simon.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <sys/param.h>
+#include <sys/systm.h>
+#include <sys/cpu.h>
+
+#include <x86/specialreg.h>
+
+#include <machine/cpufunc.h>
+#include <machine/cpuvar.h>
+#include <machine/cpu_rng.h>
+
+static enum {
+	CPU_RNG_NONE = 0,
+	CPU_RNG_RDRAND,
+	CPU_RNG_RDSEED,
+	CPU_RNG_VIA } cpu_rng_mode __read_mostly = CPU_RNG_NONE;
+
+bool
+cpu_rng_init(void)
+{
+	return false;
+}
+
+size_t
+cpu_rng(cpu_rng_t *out)
+{
+	switch (cpu_rng_mode) {
+	case CPU_RNG_NONE:
+	case CPU_RNG_RDSEED:
+	case CPU_RNG_RDRAND:
+	case CPU_RNG_VIA:
+		return 0;
+	default:
+		panic("cpu_rng: unknown mode %d", (int)cpu_rng_mode);
+	}
+}
diff --git a/sys/kern/kern_rndq.c b/sys/kern/kern_rndq.c
index a1e9d8a46513..84876c7e6153 100644
--- a/sys/kern/kern_rndq.c
+++ b/sys/kern/kern_rndq.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: kern_rndq.c,v 1.81 2016/02/17 19:44:40 riastradh Exp $	*/
+/*	$NetBSD: kern_rndq.c,v 1.82 2016/02/27 00:09:45 tls Exp $	*/
 
 /*-
  * Copyright (c) 1997-2013 The NetBSD Foundation, Inc.
@@ -32,7 +32,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_rndq.c,v 1.81 2016/02/17 19:44:40 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_rndq.c,v 1.82 2016/02/27 00:09:45 tls Exp $");
 
 #include <sys/param.h>
 #include <sys/atomic.h>
@@ -59,6 +59,10 @@ __KERNEL_RCSID(0, "$NetBSD: kern_rndq.c,v 1.81 2016/02/17 19:44:40 riastradh Exp
 #include <compat/sys/rnd.h>
 #endif
 
+#if defined(__HAVE_CPU_RNG)
+#include <machine/cpu_rng.h>
+#endif
+
 #if defined(__HAVE_CPU_COUNTER)
 #include <machine/cpu_counter.h>
 #endif
@@ -185,17 +189,6 @@ rnd_printf(const char *fmt, ...)
 	rnd_printing = 0;
 }
 
-void
-rnd_init_softint(void)
-{
-
-	rnd_process = softint_establish(SOFTINT_SERIAL|SOFTINT_MPSAFE,
-	    rnd_intr, NULL);
-	rnd_wakeup = softint_establish(SOFTINT_CLOCK|SOFTINT_MPSAFE,
-	    rnd_wake, NULL);
-	rnd_schedule_process();
-}
-
 /*
  * Generate a 32-bit counter.
  */
@@ -412,6 +405,38 @@ rnd_dv_estimate(krndsource_t *rs, uint32_t v)
 	return ret;
 }
 
+#if defined(__HAVE_CPU_RNG)
+static struct {
+	kmutex_t	lock;	/* unfortunately, must protect krndsource */
+	krndsource_t	source;
+} rnd_cpu __cacheline_aligned;
+	
+static void
+rnd_cpu_get(size_t bytes, void *priv)
+{
+	krndsource_t *cpusrcp = priv;
+	KASSERT(cpusrcp == &rnd_cpu.source);
+
+        if (RND_ENABLED(cpusrcp)) {
+		cpu_rng_t buf[2 * RND_ENTROPY_THRESHOLD / sizeof(cpu_rng_t)];
+		cpu_rng_t *bufp;
+		size_t cnt = howmany(sizeof(buf), sizeof(cpu_rng_t));
+		size_t entropy = 0;
+
+		for (bufp = buf; bufp < buf + cnt; bufp++) {
+			entropy += cpu_rng(bufp);
+		}
+		if (__predict_true(entropy)) {
+			mutex_spin_enter(&rnd_cpu.lock);
+			rnd_add_data_sync(cpusrcp, buf, sizeof(buf), entropy);
+			explicit_memset(buf, 0, sizeof(buf));
+			mutex_spin_exit(&rnd_cpu.lock);
+		}
+        }
+}
+
+#endif
+
 #if defined(__HAVE_CPU_COUNTER)
 static struct {
 	kmutex_t	lock;
@@ -471,6 +496,17 @@ rnd_skew_intr(void *arg)
 }
 #endif
 
+void
+rnd_init_softint(void)
+{
+
+	rnd_process = softint_establish(SOFTINT_SERIAL|SOFTINT_MPSAFE,
+	    rnd_intr, NULL);
+	rnd_wakeup = softint_establish(SOFTINT_CLOCK|SOFTINT_MPSAFE,
+	    rnd_wake, NULL);
+	rnd_schedule_process();
+}
+
 /*
  * Entropy was just added to the pool.  If we crossed the threshold for
  * the first time, set rnd_initial_entropy = 1.
@@ -549,6 +585,21 @@ rnd_init(void)
 		mutex_spin_exit(&rnd_global.lock);
 	}
 
+	/*
+	 * Attach CPU RNG if available.
+	 */
+#if defined(__HAVE_CPU_RNG)
+	if (cpu_rng_init()) {
+		/* IPL_VM because taken while rnd_global.lock is held.  */
+		mutex_init(&rnd_cpu.lock, MUTEX_DEFAULT, IPL_VM);
+		rndsource_setcb(&rnd_cpu.source, rnd_cpu_get, &rnd_cpu.source);
+		rnd_attach_source(&rnd_cpu.source, "cpurng",
+		    RND_TYPE_RNG, RND_FLAG_COLLECT_VALUE|
+		    RND_FLAG_HASCB|RND_FLAG_HASENABLE);
+		rnd_cpu_get(RND_ENTROPY_THRESHOLD, &rnd_cpu.source);
+	}
+#endif
+
 	/*
 	 * If we have a cycle counter, take its error with respect
 	 * to the callout mechanism as a source of entropy, ala
@@ -1217,7 +1268,7 @@ rnd_extract_data(void *p, uint32_t len, uint32_t flags)
 		explicit_memset(&rnd_rt, 0, sizeof(rnd_rt));
 		rndpool_add_data(&rnd_global.pool, rnd_testbits,
 		    sizeof(rnd_testbits), entropy_count);
-		memset(rnd_testbits, 0, sizeof(rnd_testbits));
+		explicit_memset(rnd_testbits, 0, sizeof(rnd_testbits));
 		rnd_printf_verbose("rnd: statistical RNG test done,"
 		    " entropy = %d.\n",
 		    rndpool_get_entropy_count(&rnd_global.pool));