Received: by 2002:a05:7412:bbc7:b0:fc:a2b0:25d7 with SMTP id kh7csp3000641rdb; Tue, 6 Feb 2024 04:29:14 -0800 (PST) X-Google-Smtp-Source: AGHT+IFmDw+gT8bZIuxnYj0T5w/csFjHHHJ4fU507V2sVCj4o5E3ZtJR2wJtlTdVL5+38MdnSFqb X-Received: by 2002:a17:903:11cd:b0:1d9:2a26:d4fa with SMTP id q13-20020a17090311cd00b001d92a26d4famr1691071plh.50.1707222554501; Tue, 06 Feb 2024 04:29:14 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707222554; cv=pass; d=google.com; s=arc-20160816; b=iLzx+If4+4oxY+hy/ErDvDVDHNBat7+OlTP0LWAIaKB2zFORgpnFHnHQEY++nTHRpl MW0OWt6YBEj1pz9sHMhmN1hb81pkFCET96gIcR0OhkNTP64ttZDuXnTfPgKaTiiG9AuK mWsUH7nIkX0RXe4Tt577RfJqrK80GmjT615hUVamquDHr88KWjwQmx1WykbMnPaxgi+9 cubeJKYEedWyDhqQUiSTFESQ9nv5PWqVjsQk1X6CO3ZIdr90uS60/E7K8sVuBRAPtrfn GHdzoTThjvVei+ZfKxUcFy5Z/qq5KQWN9xulFQMHyER23jBESlha53KZHf3KZXdWCNf5 NMbg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=user-agent:in-reply-to:content-disposition:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:references :reply-to:message-id:subject:cc:to:from:date; bh=PiT36n47L3DVrysqedUxfC/0W7I6nBzAD5YC7mZOqmQ=; fh=iYZ/EsVaH1pkZF+DnwQIopVQaQQKmgaG2ia8TI6B9v0=; b=Fy4X1j0Gg+ZX+ukwpdMaurnvDgCeOauj3nRCta5xxMFoCEJhNem9CIKoak7QeM2RYf jr6f6ZxjmWpq3yWAx0PTSZY47g/zmjfG3NQkvlpCAUbUvM6zFjpS9ovY1dAsl/eQJcVH iG6rR9iXJRMt3IVHx3/fX1qfw+QqmyzWtwhIZ+Xi9v5OZx7bnV/bsmd97Dw1vI7sXqy2 LU2IF9MeWKgKzFqiMzj6bzErI9Z5y4kuI1HeqxTJz1tR+GSnBrccFyTTPV8ZFO7Z0gfL Us4apHdRxxHsC9C2A6LSjQIeDB9rpiUsxWQhyzK1NjGEYEPpRg7FyKHaa0B6V3s+20A1 YysQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=wind.enjellic.com); spf=pass (google.com: domain of linux-kernel+bounces-54933-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-54933-linux.lists.archive=gmail.com@vger.kernel.org" X-Forwarded-Encrypted: i=1; AJvYcCVs7E+CiAH9laHx7gbHf2kBIuDzLVK9DiVy/PQkitNLTsAaNZLzajRaoiEffW3TXdehdCtrsPipej4CcRWxSrOIze3TBmdiTrp+2GBK+w== Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id ju10-20020a170903428a00b001d9bd98670asi1560532plb.424.2024.02.06.04.29.14 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Feb 2024 04:29:14 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-54933-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=wind.enjellic.com); spf=pass (google.com: domain of linux-kernel+bounces-54933-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-54933-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 647262818D9 for ; Tue, 6 Feb 2024 12:29:10 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id CCF1B133985; Tue, 6 Feb 2024 12:09:46 +0000 (UTC) Received: from wind.enjellic.com (wind.enjellic.com [76.10.64.91]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 8B1E8153BDE for ; Tue, 6 Feb 2024 12:09:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=76.10.64.91 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707221386; cv=none; b=EjlsgAEbyLY459xJnvlCstUK9a2k6Iv5ZsJW3x2Q5slOshdtPh6qX7GgnPxBPN5Oo9FwpQiXvyh9x5QMbXwJ7UamL5CXDrUdGoyX7SPoN9dcrKZFmaJPvCHk2m4NadBmsXKSzlj0sZQ1Xeeto07ykPFeIAGf9huaa7Ewhb9puvo= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707221386; c=relaxed/simple; bh=EGtKM5D1Vb04Le+B1pWopgp/oS3U/Hrc4JxPx+8xT5U=; h=Date:From:To:Cc:Subject:Message-ID:References:Mime-Version: Content-Type:Content-Disposition:In-Reply-To; b=Bt2vzvn56SxxcHnW/gR3oaPHth/KFtIwB6dUk9D7yD/qYBOcTSSUg9YZQtz0TxeDPdc7MCE7Fo/mM3I90RUhGh7MmqwXxKmPAIOuHkOiW68zBBa5Kmrk4McBJBSDgaOaWCliWc7VWJFIVeRxungvrN4RjT8Eo4NHY6Ta93Mls7o= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=enjellic.com; spf=pass smtp.mailfrom=wind.enjellic.com; arc=none smtp.client-ip=76.10.64.91 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=enjellic.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=wind.enjellic.com Received: from wind.enjellic.com (localhost [127.0.0.1]) by wind.enjellic.com (8.15.2/8.15.2) with ESMTP id 416C4knk001762; Tue, 6 Feb 2024 06:04:46 -0600 Received: (from greg@localhost) by wind.enjellic.com (8.15.2/8.15.2/Submit) id 416C4jTD001748; Tue, 6 Feb 2024 06:04:45 -0600 Date: Tue, 6 Feb 2024 06:04:45 -0600 From: "Dr. Greg" To: "Daniel P. Berrang??" Cc: "Reshetova, Elena" , "Jason A. Donenfeld" , "Hansen, Dave" , "Kirill A. Shutemov" , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , "x86@kernel.org" , "Theodore Ts'o" , Kuppuswamy Sathyanarayanan , "Nakajima, Jun" , Tom Lendacky , "Kalra, Ashish" , Sean Christopherson , "linux-coco@lists.linux.dev" , "linux-kernel@vger.kernel.org" Subject: Re: [PATCH 2/2] x86/random: Issue a warning if RDRAND or RDSEED fails Message-ID: <20240206120445.GA1247@wind.enjellic.com> Reply-To: "Dr. Greg" References: <20240130083007.1876787-1-kirill.shutemov@linux.intel.com> <20240130083007.1876787-2-kirill.shutemov@linux.intel.com> <88a72370-e300-4bbc-8077-acd1cc831fe7@intel.com> <20240206011247.GA29224@wind.enjellic.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4i X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.2.3 (wind.enjellic.com [127.0.0.1]); Tue, 06 Feb 2024 06:04:46 -0600 (CST) On Tue, Feb 06, 2024 at 08:04:57AM +0000, Daniel P. Berrang?? wrote: Good morning to everyone. > On Mon, Feb 05, 2024 at 07:12:47PM -0600, Dr. Greg wrote: > > > > Actually, I now believe there is clear evidence that the problem is > > indeed Intel specific. In light of our testing, it will be > > interesting to see what your 'AR' returns with respect to an official > > response from Intel engineering on this issue. > > > > One of the very bright young engineers collaborating on Quixote, who > > has been following this conversation, took it upon himself to do some > > very methodical engineering analysis on this issue. I'm the messenger > > but this is very much his work product. > > > > Executive summary is as follows: > > > > - No RDRAND depletion failures were observable with either the Intel > > or AMD hardware that was load tested. > > > > - RDSEED depletion is an Intel specific issue, AMD's RDSEED > > implementation could not be provoked into failure. > My colleague ran a multithread parallel stress test program on his > 16core/2HT AMD Ryzen (Zen4 uarch) and saw a 80% failure rate in > RDSEED. Interesting datapoint, thanks for forwarding it along, so the issue shows up on at least some AMD platforms as well. On the 18 core/socket Intel Skylake platform, the parallelized depletion test forces RDSEED success rates down to around 2%. It would appear that your tests suggest that the AMD platform fairs better than the Intel platform. So this is turning into even more of a morass, given that RDSEED depletion on AMD may be a function of the micro-architecture the platform is based on. The other variable is that our AMD test platform had a substantially higher core count per socket, one would assume that would result in higher depletion rates, if the operative theory of socket common RNG infrastructure is valid. Unless AMD engineering understands the problem and has taken some type of action on higher core count systems to address the issue. Of course, the other variable may be how the parallelized stress test is conducted. If you would like to share your implementation source we could give it a twirl on the systems we have access to. The continuing operative question is whether or not any of this ever leads to an RDRAND failure. We've conducted some additional tests on the Intel platform where RDSEED depletion was driven low as possible, ~1-2% success rates, while RDRAND depletion tests were being run simultaneously. No RDRAND failures have been noted. So the operative question remains, why worry about this if RDRAND is used as the randomness primitive. We haven't seen anything out of Intel yet on this, maybe AMD has a quantifying definition for 'astronomical' when it comes to RDRAND failures. The silence appears to be deafening out of the respective engineering camps... :-) > > - AMD's RDRAND/RDSEED implementation is significantly slower than > > Intel's. > Yes, we also noticed the AMD impl is horribly slow compared to > Intel, had to cut test iterations x100. The operative question is the impact of 'slow', in the absence of artifical stress tests. It would seem that a major question is what are or were the engineering thought processes on the throughput of the hardware randomness instructions. Intel documents the following randomness throughput rates: RDSEED: 3 Gbit/second RDRAND: 6.4 Gbit/second If there is the possibility of over-harvesting randomness, why not design the implementations to be clamped at some per core value such as a megabit/second. In the case of the documented RDSEED generation rates, that would allow the servicing of 3222 cores, if my math at 0530 in the morning is correct. Would a core need more than 128 kilobytes of randomness, ie. one second of output, to effectively seed a random number generator? A cynical conclusion would suggest engineering acquiesing to marketing demands... :-) > With regards, > Daniel Have a good day. As always, Dr. Greg The Quixote Project - Flailing at the Travails of Cybersecurity https://github.com/Quixote-Project