Received: by 2002:a05:7412:1e0b:b0:fc:a2b0:25d7 with SMTP id kr11csp435712rdb; Thu, 15 Feb 2024 05:02:38 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCW6hxS48YhkvJOPU6vLUVBGqNMg6PS6TZV4JRe/PDHi6sErG9jNOKHcBUlm8ksS1+ZQPe5yP00dlmBgYpR47cZpzbyvrHEq2vbIpYXK6A== X-Google-Smtp-Source: AGHT+IGptIHNAqTRNX4qPY29nNywnORJDFYiBSIGt5wKZoZXH1ckO77yP9qp5biFPcEEj9GKE/D9 X-Received: by 2002:a17:906:11ce:b0:a3d:296f:40f5 with SMTP id o14-20020a17090611ce00b00a3d296f40f5mr1231091eja.31.1708002158022; Thu, 15 Feb 2024 05:02:38 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708002158; cv=pass; d=google.com; s=arc-20160816; b=XX4HOBjh/JKIbQYIkGYzRBEbM2pSc04RUJEbSgaTf9QYg4iQIcVZw2IIcftZb9xA2T ZKzsoAknR7s0wBJT3fRyZ486XwPf2O/c9p6d5cUeMi71f6IdZpSVSbZRqcw2S9/uZSQZ mYPnTbDJ7A3bpBAVWmnfp2FYCFX//Ui+NnfpZC5mUJWBCEyz7uSk7moNnp7Vh8zxERrw SjxVULAGCul+yU98hZZSL1UvB3B/p/EDJyCwb89i/euc7KmeqzW/eRFe+KGo1BdVcNmQ EcXng6SiH8w+PPXlSWYWg0pIgzu7HzgWmllzYcbnqtIyldNXiC3v2KSoje52zaC9HTDJ 49dw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=ILV4sGG7xolY2UKGldmnLNxgLZat+Tcj+GmnaSdLwRk=; fh=T4KRGTNh0lrmhf4T5z7PgEnROBEPi3huHuSgvWqcQz4=; b=frPY3CJoCRungiuKLWcTinymB5be5coOKiCfllXjVQ4jTgoZRpmmxl4jWA4GJxj/nD zbiHkBZOdgPd2gUtiz5nUBtgCQchQvX+brFzJnlBttp+rumMsoZXteWCQAb9pqbBzB1P rOguNrHxiwha2nsG0eddcRCaFsEtS/eyXSXfLyq5PLUHQ/v2atOwMWZTMxblQUEzYpkI NuSxkWtnbSTdIAgC4eyWVI4gzF/fG4+QvF7ICJdqUidb5Ogr6l80229aY1kzbogRgyrd zahTjPUwTixQvKiBLMWo9UwRTJn5S80I/oJAv9lnlSYUTu5IGKCpr69X8JH+z2dlmK2G gU3Q==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=pmsDStBA; arc=pass (i=1 dkim=pass dkdomain=zx2c4.com); spf=pass (google.com: domain of linux-kernel+bounces-66947-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-66947-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id p16-20020a1709060dd000b00a385635ef7fsi617835eji.962.2024.02.15.05.02.37 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 15 Feb 2024 05:02:38 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-66947-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=pmsDStBA; arc=pass (i=1 dkim=pass dkdomain=zx2c4.com); spf=pass (google.com: domain of linux-kernel+bounces-66947-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-66947-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 8B8991F2730C for ; Thu, 15 Feb 2024 13:02:21 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 8CF3F12FF9C; Thu, 15 Feb 2024 13:01:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="pmsDStBA" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A5E7512FB3A; Thu, 15 Feb 2024 13:01:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708002068; cv=none; b=fEpufksKNgFnhhBMbZG9u4N/xI3sxBD5dLb+mQT2K5XBCcOZRdRb7avupuEDx8FUzex1qhDPRMsgqmiczedZ2bQWFkHkvJ+74SFYI61k28ObXUo/OoqMCvEeH1k6bgHi7X+zI2VIukq2bOG6vprDp8Lz2yO3RDiYYSeWk2r0Nes= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708002068; c=relaxed/simple; bh=FKlHtZWfNDxZ04AeiSEPpER0SNLeAdM4WdMorVnWmZU=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=bPiA24za8wTcbqcI1KvkhYXhMsREwzox/TxzLjGpyumw7lkcaXLcB274w/SXXSq5/M9TitdEtzi57onDXcOrenTx1lLfWH+DkvMp53a6JKqaWBA9vNZckljgnXNqoz4rUAbnGsye+ZWOMurxUpKReN/Fav4wRHbKi5QRkgA6InQ= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b=pmsDStBA; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 92C7BC433F1; Thu, 15 Feb 2024 13:01:06 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="pmsDStBA" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1708002064; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=ILV4sGG7xolY2UKGldmnLNxgLZat+Tcj+GmnaSdLwRk=; b=pmsDStBAbQNsYJflCVc7Zp+TSrz5YVhfAPL4l1lhEOc67hoMGEa+k0dk932Ql4HicJd5Ng SAYbF+Jcx0egG8YLVoYE79nKC7JDyCnY9K9HCMddZV6AJLVI6bQR5+MTw7JAjcI1cBQ4K8 RIGLSJb/JuYVL9tR/dqsy4hOmTvdEUY= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id bf99dffa (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Thu, 15 Feb 2024 13:01:04 +0000 (UTC) Date: Thu, 15 Feb 2024 14:01:04 +0100 From: "Jason A. Donenfeld" To: Theodore Ts'o Cc: Tom Lendacky , "Reshetova, Elena" , Borislav Petkov , Dave Hansen , "Kirill A. Shutemov" , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , "x86@kernel.org" , Kuppuswamy Sathyanarayanan , "Nakajima, Jun" , "Kalra, Ashish" , Sean Christopherson , "linux-coco@lists.linux.dev" , "linux-kernel@vger.kernel.org" Subject: Re: [PATCH 1/2] x86/random: Retry on RDSEED failure Message-ID: References: <20240201045710.GD2356784@mit.edu> <696a5d98-b6a2-43aa-b259-fd85f68a5707@amd.com> <20240214201103.GD394352@mit.edu> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20240214201103.GD394352@mit.edu> On Wed, Feb 14, 2024 at 03:11:03PM -0500, Theodore Ts'o wrote: > On Wed, Feb 14, 2024 at 09:04:34PM +0100, Jason A. Donenfeld wrote: > > AMD people, Intel people: what are the fullest statements we can rely > > on here? Do the following two statements work? > > > > 1) On newer chips, RDRAND never fails. > > 2) On older chips, RDRAND never fails if you try 10 times in a loop, > > unless you consider host->guest attacks, which we're not, because CoCo > > is only a thing on the newer chips. > > > > If those hold true, then the course of action would be to just add a > > WARN_ON(!ok) but keep the loop as-is. > > I think we may only want to do the WARN_ON in early boot. Otherwise, > on older chips, if a userspace process executes RDRAND is a tight > loop, it might cause the WARN_ON to trigger, which is considered > undesirable (and is certainly going to be something that could result > in a syzbot complaint). Yea, seems reasonable. Or maybe we just don't bother adding any WARN there and just address the CoCo thing with the patch 2/2. As it turns out, on normal systems, the RNG is designed anyway to deal with a broken or missing RDRAND. So maybe adding these heuristics to warn when the CPU is broken isn't worth it? Or maybe that's an interesting thing to do? Dunno, I'm indifferent about it I suppose. But I agree if it's added, doing it at early boot only makes most sense. Jason