Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp78624ybp; Tue, 8 Oct 2019 14:21:55 -0700 (PDT) X-Google-Smtp-Source: APXvYqyzgxQicjtj68EGam3LDbu/fwf2rk5trDdO0MaNB96Jv0goQI7cF5huVl5so6Cv9tReg1qZ X-Received: by 2002:a05:6402:649:: with SMTP id u9mr93836edx.200.1570569715280; Tue, 08 Oct 2019 14:21:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570569715; cv=none; d=google.com; s=arc-20160816; b=Z8X/f70qBx4FyWsGuEW2ckKYV6nfYI/1CESUmzKSnqDjgaQYNJJZb4CwezFkPipnAU hLdeQyXhzbzX4bHw37Kf6XgvXSocXRXrakbA10KQJR4Qp0JMWZM+szgJ7aar94JC5LqW 0CHenrmVm+OKaJsTviPQm0SwdSldoidTetIg18qDEtaipJ9aXo1WnxoTcZFVI9HgDUQe /oK5XVotaDIdsbrpWGQGduYqlkahGRp3Yc/uGwIdJa20sl6HOPrKGoTd+USo4jv5+YQo 43GpMdGrwiK+HYrTSfzYApGt28oLx05DjrtgYZ6MmOb089KjjGHcZw7m505Vr9p6EJVK s2UA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=HvS8RuZOPw3UGvp3GP2WAhASepqySNBGIcqM2tcelXk=; b=t+LXRt2kuQK9MKk6wGN3ZT1/mmbCr1cr2bSHoTnHebnx25dDmgBeQxLnaHeaLCydmp TWySmirWO9FSu/LAB/zt5J4KfRnFJmViddsKD0iHP+K/Sp7OE4BHrU5TsPyAC2hTchA9 hOupeBlhhEa8nuCtimnetCDttAOxJ8RzR6uP8sbXvZRFsbo5YBTT9+rawumCxJkN3doo 3Qx8OqUDH/uYRFCIH0yFy0uK5YuZbPJo7vb5EkkR0PW8NAB6aV/nx1WNEMTxYquDTrRR tq8MBurZUZuST/2nEw6okl0tjrsbo+vtQ7wejDG9tiLsan6347SWeaoOb1y8pEDCGhDn el6Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i24si60032ejh.35.2019.10.08.14.21.27; Tue, 08 Oct 2019 14:21:55 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731130AbfJHVUq (ORCPT + 99 others); Tue, 8 Oct 2019 17:20:46 -0400 Received: from atrey.karlin.mff.cuni.cz ([195.113.26.193]:55910 "EHLO atrey.karlin.mff.cuni.cz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730720AbfJHVUp (ORCPT ); Tue, 8 Oct 2019 17:20:45 -0400 Received: by atrey.karlin.mff.cuni.cz (Postfix, from userid 512) id 31D218030B; Tue, 8 Oct 2019 23:20:28 +0200 (CEST) Date: Tue, 8 Oct 2019 23:20:41 +0200 From: Pavel Machek To: "H. Peter Anvin" Cc: linux-kernel@vger.kernel.org, linux-tip-commits@vger.kernel.org, "x86@kernel.org" , Thomas Gleixner , stable@vger.kernel.org, "Rafael J. Wysocki" , Paolo Bonzini , Nathan Chancellor , "linux-pm@vger.kernel.org" , "linux-doc@vger.kernel.org" , Kees Cook , Juergen Gross , Josh Poimboeuf , Jonathan Corbet , Ingo Molnar , Chen Yu , Andrew Morton , Andrew Cooper , Borislav Petkov , Tom Lendacky Subject: Re: [tip: x86/urgent] x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h Message-ID: <20191008212041.GA7222@amd> References: <7543af91666f491547bd86cebb1e17c66824ab9f.1566229943.git.thomas.lendacky@amd.com> <156652264945.9541.4969272027980914591.tip-bot2@tip-bot2> <20190824181929.GA18551@amd> <409703ae-6d70-3f6a-d6fc-b7dada3c2797@zytor.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Nq2Wo0NMKNjxTN9z" Content-Disposition: inline In-Reply-To: <409703ae-6d70-3f6a-d6fc-b7dada3c2797@zytor.com> User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --Nq2Wo0NMKNjxTN9z Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi! > >> x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h > >> > >> There have been reports of RDRAND issues after resuming from suspend on > >> some AMD family 15h and family 16h systems. This issue stems from a BI= OS > >> not performing the proper steps during resume to ensure RDRAND continu= es > >> to function properly. > >=20 > > There are quite a few unanswered questions here. > >=20 > > a) Is there/should there be CVE for this? > >=20 > > b) Can we perform proper steps in kernel, thus making RDRAND usable > > even when BIOS is buggy? > >=20 >=20 > The kernel should at least be able to set its internal "CPUID" bit, visib= le > through /proc/cpuinfo. Actually, with hindsight I see two possible improvements here: 1) Not having enabled s2ram in config does not mean machine was not suspended/resumed, then new kernel executed via kexec. 2) We really can continue using the RDRAND: we know how it fails (constant pattern) so we can check for the failure in kernel, and can continue to use it... It will certainly work until first suspend, and there's good chance it will work after that, too. (We still need to prevent userspace from using it). Best regards, Pavel --=20 (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blo= g.html --Nq2Wo0NMKNjxTN9z Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAl2c/akACgkQMOfwapXb+vIAIgCfTtdPEk+einOr1l0u8g3JJUIR Hw8An3EIBITYsbuZfkKzqYAG/mjHPUe/ =XIae -----END PGP SIGNATURE----- --Nq2Wo0NMKNjxTN9z--