Received: by 2002:a05:7412:d1aa:b0:fc:a2b0:25d7 with SMTP id ba42csp972388rdb;
        Tue, 30 Jan 2024 04:29:33 -0800 (PST)
X-Google-Smtp-Source: AGHT+IHoo1G0azHHe9g6GiorFPGs69H2XrJ7JOO0M4ZSAT/5priIbWdJN1pc9U878y6SM1wcMHt4
X-Received: by 2002:ad4:5e8e:0:b0:685:29c0:cbee with SMTP id jl14-20020ad45e8e000000b0068529c0cbeemr10226720qvb.4.1706617773729;
        Tue, 30 Jan 2024 04:29:33 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1706617773; cv=pass;
        d=google.com; s=arc-20160816;
        b=a6hdwCMHMeMnUP8vs9VNo791t4P+WwbgJ4hHk/3mOKR5077kefgG89UHaxT5JwnzLO
         oEWgWrpkDVVvvyZIBOwkYUGjKZrvo8B1VzGceBxGQZAIkr3yaC8Q70jcsrisAcz0mLle
         cXhMGXzbcZCpyLOHNdYZf8ADhFFDnpzNZJ4UNFYaf4VWO4hBxQmpkWntuVa7UTrkcrKG
         VofFKGMYRdqEcqgu1gUK09MobXVDC5NC8Ib2PuDRgr5c32QTlDzaPP3ZvKSbDsZ35g4w
         mhQNlIPfa1wilCRiTV7Oxsg/Jf9Hasau2I/QMwnly9/KDt7WBeZMwGqwih8BujlRs75+
         ZuKQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe
         :list-id:precedence:dkim-signature;
        bh=+mwVKBiEiIEYjQjxu2rl+y+jfQVIMNK8et3Pu7l5bfk=;
        fh=pEvNxxDqteQFnfu4dMtlobrk3AvgJ1aYkIyhTkPKGXw=;
        b=w0pBJv7+iB95YE8cQzUFXwcoJ1PUS6nO2ruk7yeQyJ4veVL2SBKOr+a908I1JjQlik
         YkNQogRXRjABu95+UaeXAA/GqnpJZ0+8O9jhiy9/J9dSp1QRzh40OkgMs5ta5/zin8bQ
         OJpAh4kGxzKHNVHNTimL5EJZq86QlPbbMmEq73dYY7Qn2A+AaE13rDFqBa2I/Mh9SLj8
         omsGgLCUXASGfu8SGxxCNRx40egBG4q64jZRk26hzawXNeapcsmT99YxJssvEV5DRnTs
         WPhD5xcvt5FI/0bN2hSZjZO97bXwHBXO4QUpjKlLcgFLXm2Cd65L++RwM22OKCf6EWjA
         kJpg==
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=JzMfKxUk;
       arc=pass (i=1 dkim=pass dkdomain=zx2c4.com);
       spf=pass (google.com: domain of linux-kernel+bounces-44606-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-44606-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com
Return-Path: <linux-kernel+bounces-44606-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223])
        by mx.google.com with ESMTPS id h28-20020a05620a21dc00b00783f2040be5si6618987qka.535.2024.01.30.04.29.33
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 30 Jan 2024 04:29:33 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-44606-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=JzMfKxUk;
       arc=pass (i=1 dkim=pass dkdomain=zx2c4.com);
       spf=pass (google.com: domain of linux-kernel+bounces-44606-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-44606-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ny.mirrors.kernel.org (Postfix) with ESMTPS id 6EFF81C248E9
	for <linux.lists.archive@gmail.com>; Tue, 30 Jan 2024 12:29:33 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id D3E206A006;
	Tue, 30 Jan 2024 12:29:27 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="JzMfKxUk"
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id D009F67E7A
	for <linux-kernel@vger.kernel.org>; Tue, 30 Jan 2024 12:29:26 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1706617766; cv=none; b=d9k8y86e4g+gw6nnmix5iicmpxba+nhndOxpRjRYQqy+3C0p0aJrhLt7jz/nmkimxMvyct3zhsFxqLG/MmlLNlzshl+Ak6yuZ7oirgck4hIZHmKVH1u7MOQjFanXQGWksxeD40Nf/wuCd+AWmh+ElQPv2QzEUBBSQeS5vT1UrN0=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1706617766; c=relaxed/simple;
	bh=qsIiCLqaLUknvCs6gj9gNldzzaHio3dXD0f4X/3u4Jc=;
	h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject:
	 To:Cc:Content-Type; b=A/oK/VUR9EQQGhY0GRO2EsmN28f0BwHT5fNsMDwc+Ouq7IT9QR/LCebenxrzTz3DhPUZDG7YAqNWbA9GywHZ1r4wBqYqqD9V7vKIGZsuDaUX4J2noXGqLt6J4ke0nFJWLL/ce0wHeSMd5n6esj31BS7XggOZYXXt+ZGlxVzr+I4=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b=JzMfKxUk; arc=none smtp.client-ip=10.30.226.201
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 177BFC433F1
	for <linux-kernel@vger.kernel.org>; Tue, 30 Jan 2024 12:29:26 +0000 (UTC)
Authentication-Results: smtp.kernel.org;
	dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="JzMfKxUk"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105;
	t=1706617763;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=+mwVKBiEiIEYjQjxu2rl+y+jfQVIMNK8et3Pu7l5bfk=;
	b=JzMfKxUkQK/g4RWE6IHVltGlcUOp8G23T5+z9yTrD2ydRVcbbgpkQYajXhs04VzIdlVp5p
	/tCdNqgdRXQTlVwGJLaA4DyrOrpD9POxARDWEMyqbtRw7tYWgBTxhJm0tvLu2k/MGDKzuX
	+ul8JldwwqMwRvywUZgSy+52sayfWIg=
Received: 
	by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 95299615 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO)
	for <linux-kernel@vger.kernel.org>;
	Tue, 30 Jan 2024 12:29:23 +0000 (UTC)
Received: by mail-yb1-f178.google.com with SMTP id 3f1490d57ef6-dc256e97e0aso2673854276.2
        for <linux-kernel@vger.kernel.org>; Tue, 30 Jan 2024 04:29:22 -0800 (PST)
X-Gm-Message-State: AOJu0Yy0vFY/2ExRfuwSuBV2V0AmF4yYsVv9jHePRbSJKMXy/oawTQ3O
	95mjQORZKoBPBlKvn5tJ8IvwJZFSttVM5lmoxEOmGuf1DJ4ZZXRAUFTbp8M4BxJ2khM4PaLVknn
	64x2EqTyfwJIj5w7ANjM8IzAUgEc=
X-Received: by 2002:a25:8e84:0:b0:dc6:4d0c:e9de with SMTP id
 q4-20020a258e84000000b00dc64d0ce9demr4850031ybl.0.1706617761118; Tue, 30 Jan
 2024 04:29:21 -0800 (PST)
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
References: <20240130083007.1876787-1-kirill.shutemov@linux.intel.com>
In-Reply-To: <20240130083007.1876787-1-kirill.shutemov@linux.intel.com>
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Tue, 30 Jan 2024 13:29:10 +0100
X-Gmail-Original-Message-ID: <CAHmME9pOt=uEmuBzBpgUHw9DqAD2FZTZ3v53AOZbQ3Cd2p97xQ@mail.gmail.com>
Message-ID: <CAHmME9pOt=uEmuBzBpgUHw9DqAD2FZTZ3v53AOZbQ3Cd2p97xQ@mail.gmail.com>
Subject: Re: [PATCH 1/2] x86/random: Retry on RDSEED failure
To: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Cc: Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>, 
	Dave Hansen <dave.hansen@linux.intel.com>, "H. Peter Anvin" <hpa@zytor.com>, x86@kernel.org, 
	"Theodore Ts'o" <tytso@mit.edu>, 
	Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>, 
	Elena Reshetova <elena.reshetova@intel.com>, Jun Nakajima <jun.nakajima@intel.com>, 
	Tom Lendacky <thomas.lendacky@amd.com>, "Kalra, Ashish" <ashish.kalra@amd.com>, 
	Sean Christopherson <seanjc@google.com>, linux-coco@lists.linux.dev, 
	linux-kernel@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hi Kirill,

I've been following the other discussion closely thinking about the
matter, but I suppose I'll jump in here directly on this patch, if
this is the approach the discussion is congealing around.

A comment below:

On Tue, Jan 30, 2024 at 9:30=E2=80=AFAM Kirill A. Shutemov
<kirill.shutemov@linux.intel.com> wrote:
>  static inline bool __must_check rdseed_long(unsigned long *v)
>  {
> +       unsigned int retry =3D RDRAND_RETRY_LOOPS;
>         bool ok;
> -       asm volatile("rdseed %[out]"
> -                    CC_SET(c)
> -                    : CC_OUT(c) (ok), [out] "=3Dr" (*v));
> -       return ok;
> +
> +       do {
> +               asm volatile("rdseed %[out]"
> +                            CC_SET(c)
> +                            : CC_OUT(c) (ok), [out] "=3Dr" (*v));
> +
> +               if (ok)
> +                       return true;
> +       } while (--retry);
> +
> +       return false;
>  }

So, my understanding of RDRAND vs RDSEED -- deliberately leaving out
any cryptographic discussion here -- is roughly that RDRAND will
expand the seed material for longer, while RDSEED will mostly always
try to sample more bits from the environment. AES is fast, while
sampling is slow, so RDRAND gives better performance and is less
likely to fail, whereas RDSEED always has to wait on the hardware to
collect some bits, so is more likely to fail.

For that reason, most of the usage of RDRAND and RDSEED inside of
random.c is something to the tune of `if (!rdseed(out)) rdrand(out);`,
first trying RDSEED but falling back to RDRAND if it's busy. That
still seems to me like a reasonable approach, which this patch would
partly undermine (in concert with the next patch, which I'll comment
on in a follow up email there).

So maybe this patch #1 (of 2) can be dropped?

Jason