Received: by 2002:a05:7412:bbc7:b0:fc:a2b0:25d7 with SMTP id kh7csp97412rdb; Thu, 1 Feb 2024 03:18:45 -0800 (PST) X-Google-Smtp-Source: AGHT+IEk8zmTFndSbtOr9TDKAaLcAYJQCLV9QdI06cI2o50kEXTYcfAHZuBn9FJ1NY4fCEfeHnNp X-Received: by 2002:a92:d388:0:b0:363:9d3b:8622 with SMTP id o8-20020a92d388000000b003639d3b8622mr1905565ilo.13.1706786325246; Thu, 01 Feb 2024 03:18:45 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706786325; cv=pass; d=google.com; s=arc-20160816; b=MaBg1/Ip6CXeJp0X3VX4ZDMQ5j+s7PjghGuKZ0QUvGsAznfI/t9+mVSEbAfNwr/6M9 QFjEjDAf69dPFXMi12NDHZ3n0ECQgSKYjTaYQhPIAPGg7DzwpTMGMJieqE+dnzhazglt rqtSTf1sEKfNTLi1aVYFRLT8kmH2hGJ0JEeQP5qmVBs3ywCCiZDx+6fkMiYxw/01SOqT FfNcvMSuYjZFGfIGeDfcd50pH9wo6139P0x3/JVV9Dkpv55D4jrA3xoT5hBL2pzzSpZy K/ROWd5j/Z06/dFbttZXH5Qdz8B+zB/2PKv5OYiaazircTxmrWcKRo8asG+UFKc6JxyA 7KCw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=user-agent:in-reply-to:content-disposition:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:references :reply-to:message-id:subject:cc:to:from:date:dkim-signature; bh=iqZ5JRJy43iWfp90Eqz1PBQSxSigu8T95uN4/9prhd8=; fh=CSA+/2ayi6ja66qWwiPb3BiuqM2xunfPXsG77+UjWSs=; b=sLiyb8O2OO/hbW47gfEF+17R71Utu6pokM/nH6wY9ulTCv3y1O/QtdxqBOgqICVtSm /96fMHqTm0wjnSC257K6t6W5Aj2RTqAUHAJv/l0OcsyVQILUHyTkAEO5Bcu56RIW3iim q1wMXMwQA4svOysYtIc2VzHePI5fRT7yHr9u9FP46ydSs7/HvalXi6FNrPIhemfCZCqM iJc803T7l/WmwTW3l8pWBGDdQC8wY2GrY6TAzqspm1aqDl+0UgFkENVfmlqslJ+ow+3R o2xE4tDhTuXM3miT4K7tDnbwlvpJzU3f9IETTyoXoenP4JpIMX/E0AgDu9h/M6TcIW5J 7p4Q==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=F6O+QLgS; arc=pass (i=1 spf=pass spfdomain=redhat.com dkim=pass dkdomain=redhat.com dmarc=pass fromdomain=redhat.com); spf=pass (google.com: domain of linux-kernel+bounces-48000-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-48000-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com X-Forwarded-Encrypted: i=1; AJvYcCWRJmJ1QBlYjMJ7qpwiz4UwMFeAZI9Q+LB3tLkt0S4bc0Lg8RsJi2EbYmGWZQOkLSjOWFdhDqM7BRRWvwB9FRGwQRjE+0egjOifhXPnjw== Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id t18-20020a63dd12000000b005d8b313de26si9870478pgg.594.2024.02.01.03.18.44 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Feb 2024 03:18:45 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-48000-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=F6O+QLgS; arc=pass (i=1 spf=pass spfdomain=redhat.com dkim=pass dkdomain=redhat.com dmarc=pass fromdomain=redhat.com); spf=pass (google.com: domain of linux-kernel+bounces-48000-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-48000-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 8242628FCEE for ; Thu, 1 Feb 2024 11:08:31 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 6A81615B995; Thu, 1 Feb 2024 11:08:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="F6O+QLgS" Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E382615B11A for ; Thu, 1 Feb 2024 11:08:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706785708; cv=none; b=Kib4zGMCS8LXw3Dhgqc+JCRGkVZDJRhmwL95cajS6469AGrRCPA7CzuS8Apodyayb6dlBVMVvUb6XAJ4PApMddSJWB1/rGMAtJ5lOLIq9frRS08aEplRu05MwVlrEIzloj4gxLUj+SvcnmthXJfS3iFhuOcRG2fy96mb+y7h4o8= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706785708; c=relaxed/simple; bh=KfgcXYo0f/Af5r4OvmqFwbexL3jInyqjg5dLZ2bl3Ew=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=XyxOAkwdaT79MpSGij3em6DamqtVAnnIrsLVxCOAYWjNlEg/8x52VX6KELT8/Uy3aWIyLvynnL1pBdewGH/XxLoiK8NX4SC5D9/GxA1oLYGGnbzIxBKpu+1o3Ypx74lDereYM5T2eA7fu5iS4DZXBoPhm3WFV0w51nCrFPUMROI= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=F6O+QLgS; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1706785705; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references; bh=iqZ5JRJy43iWfp90Eqz1PBQSxSigu8T95uN4/9prhd8=; b=F6O+QLgSJx7e+yIH4EOit5qdwiRzSk1d8z+qoHiV34r94nwuhsKZtro1vWftiNNF/qwyjc uAig9AfdI7hlOuyHbPLa1EG8vhd06l98BGy0etHEn31LE4vlYWcuaNEKU0gDrsHmLjv7TA kdDdQNu22vpTs/KSfNyW02SSgqJN2+c= Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-193-Qiq-GBI2P5adnKvT_dnxVg-1; Thu, 01 Feb 2024 06:08:19 -0500 X-MC-Unique: Qiq-GBI2P5adnKvT_dnxVg-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id C7D6F3C0BE48; Thu, 1 Feb 2024 11:08:18 +0000 (UTC) Received: from redhat.com (unknown [10.42.28.46]) by smtp.corp.redhat.com (Postfix) with ESMTPS id EF1682166B34; Thu, 1 Feb 2024 11:08:15 +0000 (UTC) Date: Thu, 1 Feb 2024 11:08:09 +0000 From: Daniel =?utf-8?B?UC4gQmVycmFuZ8Op?= To: "Dr. Greg" Cc: Theodore Ts'o , "Jason A. Donenfeld" , "Reshetova, Elena" , "Hansen, Dave" , "Kirill A. Shutemov" , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , "x86@kernel.org" , Kuppuswamy Sathyanarayanan , "Nakajima, Jun" , Tom Lendacky , "Kalra, Ashish" , Sean Christopherson , "linux-coco@lists.linux.dev" , "linux-kernel@vger.kernel.org" Subject: Re: [PATCH 2/2] x86/random: Issue a warning if RDRAND or RDSEED fails Message-ID: Reply-To: Daniel =?utf-8?B?UC4gQmVycmFuZ8Op?= References: <88a72370-e300-4bbc-8077-acd1cc831fe7@intel.com> <20240131203531.GA12035@wind.enjellic.com> <20240201044735.GC2356784@mit.edu> <20240201095451.GA17612@wind.enjellic.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20240201095451.GA17612@wind.enjellic.com> User-Agent: Mutt/2.2.12 (2023-09-09) X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.6 On Thu, Feb 01, 2024 at 03:54:51AM -0600, Dr. Greg wrote: > I suspect that the achievable socket core count cannot effectively > overwhelm the 1022x amplification factor inherent in the design of the > RDSEED based seeding of RDRAND. In testing I could get RDSEED down to < 3% success rate when running on 20 cores in parallel on a laptop class i7. If that failure rate can be improved by a little more than one order of magnitude to 0.1% we're starting to get to the point where it might be enough to make RDRAND re-seed fail. Intel's Sierra Forest CPUs are said to have a variant with 288 cores per socket, which is an order of magnitude larger. It is conceivable this might be large enough to demonstrate RDRAND failure in extreme load. Then again who knows what else has changed that might alter the equation, maybe the DRBG is also better / faster. Only real world testing can say for sure. One thing is certain though, core counts per socket keep going up, so the potential worst case load on RDSEED will increase... > We will see if Elena can come up with what Intel engineering's > definition of 'astronomical' is.. :-) > > > There's a special case with Confidential Compute VM's, since the > > assumption is that you want to protect against even a malicious > > hypervisor who could theoretically control all other sources of > > timing uncertainty. And so, yes, in that case, the only thing we > > can do is Panic if RDRAND fails. > > Indeed. > > The bigger question, which I will respond to Elena with, is how much > this issue calls the entire question of confidential computing into > question. A denial of service (from a panic on RDRAND fail) doesn't undermine confidental computing. Guest data confidentiality is maintained by panicing on RDRAND failure and DoS protection isn't a threat that CC claims to be able to mitigate in general. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|