[src/trunk]: src/sys/dev/pci Revert previous change, which was wrong. As Ena...

[tls <tls%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/d85a6c01522a
branches:  trunk
changeset: 551201:d85a6c01522a
user:      tls <tls%NetBSD.org@localhost>
date:      Mon Sep 01 06:30:24 2003 +0000

description:
Revert previous change, which was wrong.  As Enami points out, we really do
want the NO_ESTIMATE flag here, because if the source doesn't have it,
rnd_add_data will *use the time the data was added directly as entropy*,
which is not a good idea either for a hardware RNG that works like this
one (periodically polled by the driver) or, really, like any other that I've
seen, because even for "interrupt when ready" RNGs the data rate (and thus
interrupt time) will vary only slightly for a given RNG configuration over
time, if at all.

The data we add _is_ counted into the pool estimage because we directly
pass in an entropy estimate.

The overloading of the NO_ESTIMATE flag with this meaning seems, to me, like
a design bug (albeit easily fixed) in the rng interface; but until that's
changed, we need to use it here.

diffstat:

 sys/dev/pci/amdpm.c |  18 +++++++++++++++---
 1 files changed, 15 insertions(+), 3 deletions(-)

diffs (39 lines):

diff -r d1fd80aa3113 -r d85a6c01522a sys/dev/pci/amdpm.c
--- a/sys/dev/pci/amdpm.c       Mon Sep 01 06:16:13 2003 +0000
+++ b/sys/dev/pci/amdpm.c       Mon Sep 01 06:30:24 2003 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: amdpm.c,v 1.6 2003/08/12 09:46:46 tls Exp $    */
+/*     $NetBSD: amdpm.c,v 1.7 2003/09/01 06:30:24 tls Exp $    */
 
 /*-
  * Copyright (c) 2002 The NetBSD Foundation, Inc.
@@ -37,7 +37,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: amdpm.c,v 1.6 2003/08/12 09:46:46 tls Exp $");
+__KERNEL_RCSID(0, "$NetBSD: amdpm.c,v 1.7 2003/09/01 06:30:24 tls Exp $");
 
 #include "opt_amdpm.h"
 
@@ -149,7 +149,19 @@
                            sc->sc_dev.dv_xname, i);
                        callout_init(&sc->sc_rnd_ch);
                        rnd_attach_source(&sc->sc_rnd_source,
-                           sc->sc_dev.dv_xname, RND_TYPE_RNG, 0);
+                           sc->sc_dev.dv_xname, RND_TYPE_RNG,
+                           /*
+                            * XXX Careful!  The use of RND_FLAG_NO_ESTIMATE
+                            * XXX here is unobvious: we later feed raw bits
+                            * XXX into the "entropy pool" with rnd_add_data,
+                            * XXX explicitly supplying an entropy estimate.
+                            * XXX In this context, NO_ESTIMATE serves only
+                            * XXX to prevent rnd_add_data from trying to
+                            * XXX use the *time at which we added the data*
+                            * XXX as entropy, which is not a good idea since
+                            * XXX we add data periodically from a callout.
+                            */
+                           RND_FLAG_NO_ESTIMATE);
 #ifdef AMDPM_RND_COUNTERS
                        evcnt_attach_dynamic(&sc->sc_rnd_hits, EVCNT_TYPE_MISC,
                            NULL, sc->sc_dev.dv_xname, "rnd hits");