Received: by 2002:a05:7412:d1aa:b0:fc:a2b0:25d7 with SMTP id ba42csp972388rdb; Tue, 30 Jan 2024 04:29:33 -0800 (PST) X-Google-Smtp-Source: AGHT+IHoo1G0azHHe9g6GiorFPGs69H2XrJ7JOO0M4ZSAT/5priIbWdJN1pc9U878y6SM1wcMHt4 X-Received: by 2002:ad4:5e8e:0:b0:685:29c0:cbee with SMTP id jl14-20020ad45e8e000000b0068529c0cbeemr10226720qvb.4.1706617773729; Tue, 30 Jan 2024 04:29:33 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706617773; cv=pass; d=google.com; s=arc-20160816; b=a6hdwCMHMeMnUP8vs9VNo791t4P+WwbgJ4hHk/3mOKR5077kefgG89UHaxT5JwnzLO oEWgWrpkDVVvvyZIBOwkYUGjKZrvo8B1VzGceBxGQZAIkr3yaC8Q70jcsrisAcz0mLle cXhMGXzbcZCpyLOHNdYZf8ADhFFDnpzNZJ4UNFYaf4VWO4hBxQmpkWntuVa7UTrkcrKG VofFKGMYRdqEcqgu1gUK09MobXVDC5NC8Ib2PuDRgr5c32QTlDzaPP3ZvKSbDsZ35g4w mhQNlIPfa1wilCRiTV7Oxsg/Jf9Hasau2I/QMwnly9/KDt7WBeZMwGqwih8BujlRs75+ ZuKQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=+mwVKBiEiIEYjQjxu2rl+y+jfQVIMNK8et3Pu7l5bfk=; fh=pEvNxxDqteQFnfu4dMtlobrk3AvgJ1aYkIyhTkPKGXw=; b=w0pBJv7+iB95YE8cQzUFXwcoJ1PUS6nO2ruk7yeQyJ4veVL2SBKOr+a908I1JjQlik YkNQogRXRjABu95+UaeXAA/GqnpJZ0+8O9jhiy9/J9dSp1QRzh40OkgMs5ta5/zin8bQ OJpAh4kGxzKHNVHNTimL5EJZq86QlPbbMmEq73dYY7Qn2A+AaE13rDFqBa2I/Mh9SLj8 omsGgLCUXASGfu8SGxxCNRx40egBG4q64jZRk26hzawXNeapcsmT99YxJssvEV5DRnTs WPhD5xcvt5FI/0bN2hSZjZO97bXwHBXO4QUpjKlLcgFLXm2Cd65L++RwM22OKCf6EWjA kJpg== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=JzMfKxUk; arc=pass (i=1 dkim=pass dkdomain=zx2c4.com); spf=pass (google.com: domain of linux-kernel+bounces-44606-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-44606-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id h28-20020a05620a21dc00b00783f2040be5si6618987qka.535.2024.01.30.04.29.33 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Jan 2024 04:29:33 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-44606-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=JzMfKxUk; arc=pass (i=1 dkim=pass dkdomain=zx2c4.com); spf=pass (google.com: domain of linux-kernel+bounces-44606-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-44606-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 6EFF81C248E9 for ; Tue, 30 Jan 2024 12:29:33 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id D3E206A006; Tue, 30 Jan 2024 12:29:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="JzMfKxUk" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D009F67E7A for ; Tue, 30 Jan 2024 12:29:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706617766; cv=none; b=d9k8y86e4g+gw6nnmix5iicmpxba+nhndOxpRjRYQqy+3C0p0aJrhLt7jz/nmkimxMvyct3zhsFxqLG/MmlLNlzshl+Ak6yuZ7oirgck4hIZHmKVH1u7MOQjFanXQGWksxeD40Nf/wuCd+AWmh+ElQPv2QzEUBBSQeS5vT1UrN0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706617766; c=relaxed/simple; bh=qsIiCLqaLUknvCs6gj9gNldzzaHio3dXD0f4X/3u4Jc=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=A/oK/VUR9EQQGhY0GRO2EsmN28f0BwHT5fNsMDwc+Ouq7IT9QR/LCebenxrzTz3DhPUZDG7YAqNWbA9GywHZ1r4wBqYqqD9V7vKIGZsuDaUX4J2noXGqLt6J4ke0nFJWLL/ce0wHeSMd5n6esj31BS7XggOZYXXt+ZGlxVzr+I4= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b=JzMfKxUk; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 177BFC433F1 for ; Tue, 30 Jan 2024 12:29:26 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="JzMfKxUk" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1706617763; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=+mwVKBiEiIEYjQjxu2rl+y+jfQVIMNK8et3Pu7l5bfk=; b=JzMfKxUkQK/g4RWE6IHVltGlcUOp8G23T5+z9yTrD2ydRVcbbgpkQYajXhs04VzIdlVp5p /tCdNqgdRXQTlVwGJLaA4DyrOrpD9POxARDWEMyqbtRw7tYWgBTxhJm0tvLu2k/MGDKzuX +ul8JldwwqMwRvywUZgSy+52sayfWIg= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 95299615 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for ; Tue, 30 Jan 2024 12:29:23 +0000 (UTC) Received: by mail-yb1-f178.google.com with SMTP id 3f1490d57ef6-dc256e97e0aso2673854276.2 for ; Tue, 30 Jan 2024 04:29:22 -0800 (PST) X-Gm-Message-State: AOJu0Yy0vFY/2ExRfuwSuBV2V0AmF4yYsVv9jHePRbSJKMXy/oawTQ3O 95mjQORZKoBPBlKvn5tJ8IvwJZFSttVM5lmoxEOmGuf1DJ4ZZXRAUFTbp8M4BxJ2khM4PaLVknn 64x2EqTyfwJIj5w7ANjM8IzAUgEc= X-Received: by 2002:a25:8e84:0:b0:dc6:4d0c:e9de with SMTP id q4-20020a258e84000000b00dc64d0ce9demr4850031ybl.0.1706617761118; Tue, 30 Jan 2024 04:29:21 -0800 (PST) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20240130083007.1876787-1-kirill.shutemov@linux.intel.com> In-Reply-To: <20240130083007.1876787-1-kirill.shutemov@linux.intel.com> From: "Jason A. Donenfeld" Date: Tue, 30 Jan 2024 13:29:10 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 1/2] x86/random: Retry on RDSEED failure To: "Kirill A. Shutemov" Cc: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , x86@kernel.org, "Theodore Ts'o" , Kuppuswamy Sathyanarayanan , Elena Reshetova , Jun Nakajima , Tom Lendacky , "Kalra, Ashish" , Sean Christopherson , linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Kirill, I've been following the other discussion closely thinking about the matter, but I suppose I'll jump in here directly on this patch, if this is the approach the discussion is congealing around. A comment below: On Tue, Jan 30, 2024 at 9:30=E2=80=AFAM Kirill A. Shutemov wrote: > static inline bool __must_check rdseed_long(unsigned long *v) > { > + unsigned int retry =3D RDRAND_RETRY_LOOPS; > bool ok; > - asm volatile("rdseed %[out]" > - CC_SET(c) > - : CC_OUT(c) (ok), [out] "=3Dr" (*v)); > - return ok; > + > + do { > + asm volatile("rdseed %[out]" > + CC_SET(c) > + : CC_OUT(c) (ok), [out] "=3Dr" (*v)); > + > + if (ok) > + return true; > + } while (--retry); > + > + return false; > } So, my understanding of RDRAND vs RDSEED -- deliberately leaving out any cryptographic discussion here -- is roughly that RDRAND will expand the seed material for longer, while RDSEED will mostly always try to sample more bits from the environment. AES is fast, while sampling is slow, so RDRAND gives better performance and is less likely to fail, whereas RDSEED always has to wait on the hardware to collect some bits, so is more likely to fail. For that reason, most of the usage of RDRAND and RDSEED inside of random.c is something to the tune of `if (!rdseed(out)) rdrand(out);`, first trying RDSEED but falling back to RDRAND if it's busy. That still seems to me like a reasonable approach, which this patch would partly undermine (in concert with the next patch, which I'll comment on in a follow up email there). So maybe this patch #1 (of 2) can be dropped? Jason