Re: [PATCH 2/2] x86/random: Issue a warning if RDRAND or RDSEED fails

From: Jason A. Donenfeld
Date: Fri Feb 09 2024 - 14:50:10 EST

Next message: Sebastian Kranz: "Re: [PATCH V2] hwmon: (oxp-sensors) Add support for Ayaneo Air Plus 7320u."
Previous message: Naik, Avadhut: "Re: [PATCH 1/2] x86/MCE: Extend size of the MCE Records pool"
In reply to: Borislav Petkov: "Re: [PATCH 2/2] x86/random: Issue a warning if RDRAND or RDSEED fails"
Next in thread: Dave Hansen: "Re: [PATCH 2/2] x86/random: Issue a warning if RDRAND or RDSEED fails"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hey Boris,

While you're here, I was wondering if you could comment on one thing related:

On Fri, Feb 9, 2024 at 6:31 PM Borislav Petkov <bp@xxxxxxxxx> wrote:
> Now, considering that this is a finite resource, you can imagine that
> there can be scenarios where that source can be depleted.

Yea, this makes sense.

[As an aside, I would like to note that a different construction of
RDRAND could keep outputting good random numbers for a reeeeeallly
long time without needing to reseed, or without penalty if RDSEED is
depleted, and so could be made to actually never fail. But given the
design goals of RDRAND, this kind of crypto is highly likely to never
be implemented, so I'm not even moving to suggest that AMD/Intel just
'fix' the crypto design goals of the instruction. It's not gonna
happen for lots of reasons.]

So assuming that RDSEED and hence RDRAND can never be made to never
fail, the options are:

1. Finite resource that refills faster than whatever instruction
issuance latency, so it's never observably empty. (Seems unlikely)
2. More secure sharing of the finite resource.

It's this second option I wanted to ask you about. I wrote down what I
thought "secure sharing" meant here [1]:

> - One VMX (or host) context can't DoS another one.
> - Ring 3 can't DoS ring 0.

It's a bit of a scheduling/queueing thing, where different security
contexts shouldn't be able to starve others out of the finite resource
indefinitely.

What I'm wondering is if that kind of fairness is even possible to
achieve in the hardware or the microcode. I don't really know how that
all works under the covers and what sorts of "policies" and such are
feasible to implement. In suggesting it, I feel like a bit of a
presumptuous kernel developer talking to hardware people, not fully
appreciating their domain and its challenges. For, if this were just a
C program, I know exactly what I'd do, but we're talking about a CPU
here.

Is it actually possible to make RDRAND usage "fair" between different
security contexts? Or am I totally delusional and this is not how the
hardware works or can ever work?

Jason

[1] https://lore.kernel.org/all/CAHmME9ps6W5snQrYeNVMFgfhMKFKciky=-UxxGFbAx_RrxSHoA@xxxxxxxxxxxxxx/

Next message: Sebastian Kranz: "Re: [PATCH V2] hwmon: (oxp-sensors) Add support for Ayaneo Air Plus 7320u."
Previous message: Naik, Avadhut: "Re: [PATCH 1/2] x86/MCE: Extend size of the MCE Records pool"
In reply to: Borislav Petkov: "Re: [PATCH 2/2] x86/random: Issue a warning if RDRAND or RDSEED fails"
Next in thread: Dave Hansen: "Re: [PATCH 2/2] x86/random: Issue a warning if RDRAND or RDSEED fails"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]