Received: by 2002:a05:7412:bbc7:b0:fc:a2b0:25d7 with SMTP id kh7csp914502rdb; Fri, 2 Feb 2024 07:48:50 -0800 (PST) X-Google-Smtp-Source: AGHT+IGet+RrQz4+Evyz9O9J5gyhdWBE8TnwzAVZmSLlRdcc49KhZtQabDYkBJQozKvJQq0+LmIV X-Received: by 2002:a05:6402:128b:b0:55f:ead0:1fe6 with SMTP id w11-20020a056402128b00b0055fead01fe6mr33557edv.35.1706888929985; Fri, 02 Feb 2024 07:48:49 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706888929; cv=pass; d=google.com; s=arc-20160816; b=Kjl3cZlFKQrbClZAH8E6Xst19+WM+dVz0TRzUL7h+3TQHVXhVXtPnAqylHVbm3AUsm q49Z1rshmrMfSrKWrUtuNXT0wbrMl2JGLZYVE4ybBOjlAW8I2XZXXEa4vP3qnr99Ad2a yDea6Ti+SUlvpFO8njbrZBXk2QPXncDHw2sAPWiBxs0P5tSETMFRN8/GtBQWxai4e6rS 99YawCBzer2+R3jDTeyjTBIdGpOMIaeeX0GTZwnXFQmylKpFq4soj2PO6MzgtlyvdCyg zWP1YG3zwGIKsqLiOox9tWinLPOqTGoDPbNf0VeCHfTYbCJos5pbKp1mBmWPt/7S930s 9pPA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:user-agent:references:in-reply-to :date:cc:to:reply-to:from:subject:message-id:dkim-signature; bh=1ef4mOELuh88KqIagstx3A2AF2Vq8w0YGFedSZMdHPU=; fh=tFs1/OVqj3aeEm7jLKMWev7x7BNctk7PJFvDcxZO6WM=; b=r628RWxSdL0nikJdsOuK+pduxOsCp/j5+stiDKwkLLOqxSIUW7fRKMiCu6Sk42rtzF HsNuOQzFyc99WWrPCgnyLfmSKH50WGHTHFHJ+AC3M+g7/PoGl+azWSIhYd1b/NO0i+rZ /5oVs7ZSQCzg+z5nlGXZhvLyTNGkKlf1N04ut3OyuexF8rxcdtKlO47xLZZvfs14WbnA 6ozVqEKe2lyqwpxJssR5XXDwTCZsAiEUITQsVYkm5iDuuXQI5KVSFagkb53cp36YP+JJ q6UjR1fy3UHjt49p23AudFTSKW3EEDVDAjGzBsmrq6p55+vX8XPwtifLABwM6Ws97f7X 89dg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=R3jBlFsX; arc=pass (i=1 spf=pass spfdomain=linux.ibm.com dkim=pass dkdomain=ibm.com dmarc=pass fromdomain=linux.ibm.com); spf=pass (google.com: domain of linux-kernel+bounces-50045-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-50045-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com X-Forwarded-Encrypted: i=1; AJvYcCVlTYo86T/L8yykDOZKjoA+qeLXg1gH9xHMfukz2czN74+321iMEwWxvOgBJ8hyLdwy1D66Vlwhy3KSIdS2UWG4NmEOrnAXMuPZHHB0dQ== Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id cb12-20020a0564020b6c00b0055eed572f54si915110edb.287.2024.02.02.07.48.49 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 02 Feb 2024 07:48:49 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-50045-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=R3jBlFsX; arc=pass (i=1 spf=pass spfdomain=linux.ibm.com dkim=pass dkdomain=ibm.com dmarc=pass fromdomain=linux.ibm.com); spf=pass (google.com: domain of linux-kernel+bounces-50045-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-50045-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 775AE1F295C4 for ; Fri, 2 Feb 2024 15:48:49 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 0DF811474A7; Fri, 2 Feb 2024 15:48:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="R3jBlFsX" Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 64E451474C8 for ; Fri, 2 Feb 2024 15:48:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.158.5 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706888919; cv=none; b=RwY2jezEy0HUL77w1pU9b+DJvWhfoB/0GpkYCUW0n2sEhb24J2KipE8LGIbYQizPDoQFENSTEzQN51arRBHjWSEgRjioe+0qwM2LwYa+X1gMO1nCFesuhnQY7x+bBRolPOLT8ZtlgpWb1txdRi9oynytq7j6OYOhDMD8XhvjrDs= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706888919; c=relaxed/simple; bh=5UJrbH6ZRN4kNuthN5UYTDRlbVX89oUehKj0D9FGXoI=; h=Message-ID:Subject:From:To:Cc:Date:In-Reply-To:References: Content-Type:MIME-Version; b=AF4ih7knAObsf6H74A+Tia5TVnFcwNpnYbjc3Xaa/3usSGn2ckjQfApfSTrO/mYJ3FGS42DPLqox3tp5ZbuW/QtKsp/2OZApjEEnQIT/os3LWEFg0gSFx67mCmcCRbTggRA7wAIsceRXUpNjowt5801WlF8b8jxNeVgNHSOz4mE= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=R3jBlFsX; arc=none smtp.client-ip=148.163.158.5 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Received: from pps.filterd (m0353725.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 412EDQAq014369; Fri, 2 Feb 2024 15:47:58 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=message-id : subject : from : reply-to : to : cc : date : in-reply-to : references : content-type : mime-version : content-transfer-encoding; s=pp1; bh=1ef4mOELuh88KqIagstx3A2AF2Vq8w0YGFedSZMdHPU=; b=R3jBlFsXoHhyX6T3rKUKn88b6Cl1VojB1OoqbpxRbp3lfWbhnKFKYVnXjzR8TdPSdOss g+6U4gWx1tc+f2PiqWguoxEn7kcUVdNpfCaQYVfld2VIcTd+uIWaxG+oIjWkl7cPCul5 2wUfFoyCGawXRTDheJtLBf2yPtD3nDDQeGPapbU4lTBy6KMAlTU59mcYDStQIuVBDF7j Va8pG4AWeHIP/Lqi6oZbb5Ac4clHPhTaWvk8WpnSquytsG9CgjhjAEC/fth26SEVEJE5 fpc7k/ScTmdHq0rQ2/rEjnzsyE8jvcsEb9JUfB1+ndE+ErEPCrJQV3P/FfG2HyZnHjxT GQ== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3w11yca83v-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 02 Feb 2024 15:47:57 +0000 Received: from m0353725.ppops.net (m0353725.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 412FRZnX018586; Fri, 2 Feb 2024 15:47:55 GMT Received: from ppma21.wdc07v.mail.ibm.com (5b.69.3da9.ip4.static.sl-reverse.com [169.61.105.91]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3w11yca7ty-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 02 Feb 2024 15:47:53 +0000 Received: from pps.filterd (ppma21.wdc07v.mail.ibm.com [127.0.0.1]) by ppma21.wdc07v.mail.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 412D3CNa010496; Fri, 2 Feb 2024 15:47:20 GMT Received: from smtprelay04.dal12v.mail.ibm.com ([172.16.1.6]) by ppma21.wdc07v.mail.ibm.com (PPS) with ESMTPS id 3vwd5pc5nf-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 02 Feb 2024 15:47:20 +0000 Received: from smtpav01.dal12v.mail.ibm.com (smtpav01.dal12v.mail.ibm.com [10.241.53.100]) by smtprelay04.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 412FlJdU22544918 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 2 Feb 2024 15:47:19 GMT Received: from smtpav01.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 7846158058; Fri, 2 Feb 2024 15:47:19 +0000 (GMT) Received: from smtpav01.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 3E1D858057; Fri, 2 Feb 2024 15:47:14 +0000 (GMT) Received: from [192.168.1.228] (unknown [9.67.185.238]) by smtpav01.dal12v.mail.ibm.com (Postfix) with ESMTP; Fri, 2 Feb 2024 15:47:13 +0000 (GMT) Message-ID: Subject: Re: [PATCH 1/2] x86/random: Retry on RDSEED failure From: James Bottomley Reply-To: jejb@linux.ibm.com To: "Jason A. Donenfeld" , "Theodore Ts'o" , "Reshetova, Elena" , Dave Hansen Cc: "Kirill A. Shutemov" , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , "x86@kernel.org" , Kuppuswamy Sathyanarayanan , "Nakajima, Jun" , Tom Lendacky , "Kalra, Ashish" , Sean Christopherson , "linux-coco@lists.linux.dev" , "linux-kernel@vger.kernel.org" Date: Fri, 02 Feb 2024 16:47:11 +0100 In-Reply-To: References: <20240131140756.GB2356784@mit.edu> <20240131171042.GA2371371@mit.edu> <20240201045710.GD2356784@mit.edu> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.42.4 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-TM-AS-GCONF: 00 X-Proofpoint-GUID: ShPhA6Ky6HaXA1fIPMY4Y1vwgghlcoo9 X-Proofpoint-ORIG-GUID: iWF4rlzPIgjsVCLw-_PZOFXnNoSH4MJm X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-02-02_09,2024-01-31_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 malwarescore=0 impostorscore=0 bulkscore=0 mlxlogscore=867 clxscore=1011 suspectscore=0 priorityscore=1501 adultscore=0 mlxscore=0 spamscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2311290000 definitions=main-2402020115 On Thu, 2024-02-01 at 19:09 +0100, Jason A. Donenfeld wrote: [...] > Anyway, that's about where I'm at. I figure I'll wait to see if the > internal inquiry within Intel yields anything interesting, and then > maybe we can move forward with solutions (B) or (F) or (G) or a > different Roald Dahl novel instead. It's a lot to quote, so I cut it, but all of your solutions assume a rdseed/rdrand failure equates to a system one but it really doesn't: in most systems there are other entropy sources. In confidential computing it is an issue because we have no other trusted sources. The problem with picking on rdseed/rdrand is that there are bound to be older CPUs somewhere that have rng generation bugs that this will expose. How about making the failure contingent on the entropy pool not having any entropy when the first random number is requested? That way systems with more than one usable entropy source won't flag a bug, but it will still flag up confidential computing systems where there's a malicious entropy depleter. James