:> I think it would be a much better idea to cap the number of interrupts
:> per second the reseeder accepts. e.g. have a sysctl to set the
:> max and default it to something reasonable, like 200. The seeder would
:> thus only run 200 times a second even if A person were getting
:> 7750 interrupts/sec. Frankly, once we have a good random seed it would
:> only take about 10 interrupts a second to keep the random number
:> generator in good shape, and possibly even less. Overkill is not
:> necessary.
:
:This effectively happens.
:
:The harvest ring is a limited length, and any overflows are discarded.
:
:M
The harvest ring is *HUGE* -- the ring is 1024 entries. Obviously it
does not have a problem keeping up with a high interrupt rate.
Also, my read of the thread that eats the data off that ring is that
the thread pulls everything off the ring in a tight loop, which means
that the ring will effectively be empty most of the time no matter
how much data gets stuffed into it.
So the 'limited length', even a small limited length, does not
effectively limit the amount of work being done by the interrupt
code.
You need to do two things:
1) Reduce the ring size to something reasonable. 1024 is massive
overkill. 32 would be just fine.
2) Add a mandatory tsleep in random_kthread() for EACH entry scanned
from the harvest ring. Something reasonable like 1/10 second (similar
to what you do if the harvest ring is empty. Or may you could pull
off 5 entries at a time and then sleep. Right now you run it in a
tight loop until the ring is completely empty.
A 1/10 second sleep and a ring limit of 32 still gives you an effective
320 seeds per second. Still overkill, but at least not the massive
overkill that its doing now.
-Matt
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message