Received: by 2002:a05:7412:d1aa:b0:fc:a2b0:25d7 with SMTP id ba42csp639277rdb; Mon, 29 Jan 2024 13:18:25 -0800 (PST) X-Google-Smtp-Source: AGHT+IFpswUinN8XYi/2VvV8Bux1PIf92Ass+g3MwERSXIlj9W3SFZs42wo8I9LUtGXKf3Q6h5HB X-Received: by 2002:a17:902:b70a:b0:1d5:907a:41aa with SMTP id d10-20020a170902b70a00b001d5907a41aamr2449422pls.21.1706563104920; Mon, 29 Jan 2024 13:18:24 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706563104; cv=pass; d=google.com; s=arc-20160816; b=RafuUYf9VBHcwVAvmY/pFPB1y51o5uTL6JFamtXZ0jRjP2Hlh7w3yIhQc7tzqbcmMg FcISzYAfekq/vkHKBHbE1Q0heBCcp1uEOJQ8wuafStqgtGyu2ok3NtHu/myu3IeKWgNC KZlyGmzN/y1uc7v0ztdzOcRXw6fY7dDLkcRDZxrN0gRJWMRlD2b5A2eucvdh5FoDCyV+ v8lGi9z6NEfbGLkeNc+tM2GE9pvNCEeaZzzo2pPTAODJS3tEzM3CTv8R7YWngE36oQQK fWS5Qgh+spHT8sijPXRtUnGrcM2DgTLOxTjeSnkquK0agO1DiJYAq9wkKUvZDMjPeU5Q Fk/A== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=GG9FAqK/rs4rkSMuO+b9BaHe0NF3zGdpSLd1xLn8zF0=; fh=c1v2G0upyKdVtpPQh2u8PgSo7ZatkVmEfC/ZjKq8i/s=; b=XSaUlujaUYTId4fBryxYeaUO5Te1+RC1rw1gMKOIBR1LdNacIkrBnwhDbNDHP0n9DH uQcljH/aVBX6gimSnPP4LqDf7BXeb/WzGKpx2XCepJuzHe5sRTy7rwQK+tlOWNDL+cRm /igbDmO+pUdd1bQbIvwns4t5M/EMK5lkdr4FGvovu9EzpN+xi5GdIsjsuC82o7fNicDm /xRxye2BOEVPgqAd53ZvFw3ftuh8spOnCM5tcm5WrFmwi41y+TJfZD014bxASG7e5F3y ACqN3ThkgbM0n3kRGWUcCkw8v+Xa379cfPSR3p3huYUmBax8K7oDvLdaDvNig+p0QdaK /8gA== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="O/w/xzoV"; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-43163-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-43163-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id q18-20020a170902e31200b001d7461cfe48si788783plc.358.2024.01.29.13.18.24 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Jan 2024 13:18:24 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-43163-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="O/w/xzoV"; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-43163-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-43163-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 8618028BCBC for ; Mon, 29 Jan 2024 16:59:28 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 1607915705C; Mon, 29 Jan 2024 16:59:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="O/w/xzoV" Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8B8F4155A5F for ; Mon, 29 Jan 2024 16:59:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.15 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706547549; cv=none; b=awF53WnnQDSJy7L1eBaiQWMx7vmdHsb5c5Ddf9aSc681FN9bLJPze6ZFdzQwobWWlkT8lJx+QUewEy+5Oo8rn22QdOfALDxgIWBIggCyiyvFS9jZ0LhD+Hj+PofOUa5XQHmpn/SOy5eECsY77SNGoUxCKRILrQhuthoEpDOC4+E= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706547549; c=relaxed/simple; bh=orEs8V0KcQLlcZg+WsnWSS40wmP3mUbL/yu7YTdCOOI=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=AdWNUTDxWuQ3YZb+0lS+vtVyFI1GnTZ10tnFFKdnTaITeUJqTRFXtOYGJXw03WMiTD162IgVm6+OumiE+E+KuRggbWJE12+2eN5ZWcZBcW81U1ZnEYRKTHSL3FSMC0x+CEcXgOeUW9Z7iFTLjwfNPkWKuuywKwjJwYqIFhIirEw= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=O/w/xzoV; arc=none smtp.client-ip=198.175.65.15 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux.intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1706547548; x=1738083548; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=orEs8V0KcQLlcZg+WsnWSS40wmP3mUbL/yu7YTdCOOI=; b=O/w/xzoVKBgNoD1OkahskHDUDbwiHoi2qKYCDOgG7kkeRnF3NUxXNRdR yxGZTR+2LlPsGHKEXMUaM8UR1R35JR9p3KaklcD9fddjumZ1C1vLI9QcG xrc7SjkD8jZ6YE8jAKDk/ytLcUckRu+sjqJhgzl/RkYF+WIfg8gYlAb/4 8MRclTa3jP/im9RT89jTzONBDqz30JM64MsVEj+H3/dGlYvqz8OAXayON fGEcgS3Dy7dP1mXKARzVVpOV8NtXnSVr0jd33q/lUY6O+yxWmQAhkZSt1 CuWMRWrtYKsJlzKdhY9eC/dsT2M0ZlRTseVobPPjutLa70sj9C0ftlW6y A==; X-IronPort-AV: E=McAfee;i="6600,9927,10968"; a="2871385" X-IronPort-AV: E=Sophos;i="6.05,227,1701158400"; d="scan'208";a="2871385" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orvoesa107.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Jan 2024 08:59:07 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10968"; a="911123505" X-IronPort-AV: E=Sophos;i="6.05,227,1701158400"; d="scan'208";a="911123505" Received: from black.fi.intel.com ([10.237.72.28]) by orsmga004.jf.intel.com with ESMTP; 29 Jan 2024 08:59:02 -0800 Received: by black.fi.intel.com (Postfix, from userid 1000) id AE38DFF; Mon, 29 Jan 2024 18:41:49 +0200 (EET) Date: Mon, 29 Jan 2024 18:41:49 +0200 From: "Kirill A. Shutemov" To: Dave Hansen Cc: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , x86@kernel.org, Theodore Ts'o , "Jason A. Donenfeld" , Kuppuswamy Sathyanarayanan , Elena Reshetova , Jun Nakajima , Tom Lendacky , "Kalra, Ashish" , Sean Christopherson , linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org Subject: Re: [RFC] Randomness on confidential computing platforms Message-ID: References: <20240126134230.1166943-1-kirill.shutemov@linux.intel.com> <276aaeee-cb01-47d3-a3bf-f8fa2e59016c@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <276aaeee-cb01-47d3-a3bf-f8fa2e59016c@intel.com> On Mon, Jan 29, 2024 at 08:30:11AM -0800, Dave Hansen wrote: > On 1/26/24 05:42, Kirill A. Shutemov wrote: > > 3. Panic after enough re-tries of RDRAND/RDSEED instructions fail. > > Another DoS variant against the Guest. > > I think Sean was going down the same path, but I really dislike the idea > of having TDX-specific (or CoCo-specific) policy here. > > How about we WARN_ON() RDRAND/RDSEED going bonkers? The paranoid folks > can turn on panic_on_warn, if they haven't already. Sure, we can do it for kernel, but we have no control on what userspace does. Sensible userspace on RDRAND/RDSEED failure should fallback to kernel asking for random bytes, but who knows if it happens in practice everywhere. Do we care? -- Kiryl Shutsemau / Kirill A. Shutemov