From 95034c44e6ba9e5e2532353b5cac1ad714817f47 Mon Sep 17 00:00:00 2001
From: mjg <mjg@FreeBSD.org>
Date: Sun, 12 May 2019 06:32:46 +0000
Subject: [PATCH] random(4): depessimize arc4random

- __predict_false reseeding on entry as it is almost never true.
- don't blindly atomic_cmpset as on x86 it ends up dirtying the cacheline.
it almost ever succeeds per above
- fetch the timestamp prior to getting the cpu number

Reviewed by:	cem
Approved by:	secteam (delphij)
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D20242
---
 sys/libkern/arc4random.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/sys/libkern/arc4random.c b/sys/libkern/arc4random.c
index 313ec986c80..4f733e5cef8 100644
--- a/sys/libkern/arc4random.c
+++ b/sys/libkern/arc4random.c
@@ -173,18 +173,20 @@ arc4rand(void *ptr, u_int len, int reseed)
 	u_int length;
 	u_int8_t *p;
 
-	if (reseed || atomic_cmpset_int(&arc4rand_iniseed_state, ARC4_ENTR_HAVE, ARC4_ENTR_SEED))
+	if (__predict_false(reseed ||
+	    (arc4rand_iniseed_state == ARC4_ENTR_HAVE &&
+	    atomic_cmpset_int(&arc4rand_iniseed_state, ARC4_ENTR_HAVE, ARC4_ENTR_SEED))))
 		CHACHA20_FOREACH(chacha20)
 			chacha20_randomstir(chacha20);
 
-	chacha20 = &chacha20inst[curcpu];
 	getmicrouptime(&tv);
+	chacha20 = &chacha20inst[curcpu];
 	/* We may get unlucky and be migrated off this CPU, but that is expected to be infrequent */
 	if ((chacha20->numbytes > CHACHA20_RESEED_BYTES) || (tv.tv_sec > chacha20->t_reseed))
 		chacha20_randomstir(chacha20);
 
-	mtx_lock(&chacha20->mtx);
 	p = ptr;
+	mtx_lock(&chacha20->mtx);
 	while (len) {
 		length = MIN(CHACHA20_BUFFER_SIZE, len);
 		chacha_encrypt_bytes(&chacha20->ctx, chacha20->m_buffer, p, length);
-- 
2.45.0