Re: [PATCH 1/2] x86/random: Retry on RDSEED failure

From: Jason A. Donenfeld
Date: Wed Feb 14 2024 - 15:04:57 EST

Next message: Mimi Zohar: "Re: [PATCH v9 12/25] security: Introduce file_post_open hook"
Previous message: Andrey Skvortsov: "Re: [PATCH v2 3/4] iio: magnetometer: add a driver for Voltafield AF8133J magnetometer"
In reply to: Tom Lendacky: "Re: [PATCH 1/2] x86/random: Retry on RDSEED failure"
Next in thread: Theodore Ts'o: "Re: [PATCH 1/2] x86/random: Retry on RDSEED failure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Tom,

On Wed, Feb 14, 2024 at 8:46 PM Tom Lendacky <thomas.lendacky@xxxxxxx> wrote:
> Don't forget that Linux will run on older hardware as well, so the 10
> retries might be valid for that. Or do you intend this change purely for CVMs?

Oh, grr, darnit. That is indeed a very important detail. I meant this
for generic code, so yea, if it's actually just Zen3+, then this won't
fly.

AMD people, Intel people: what are the fullest statements we can rely
on here? Do the following two statements work?

1) On newer chips, RDRAND never fails.
2) On older chips, RDRAND never fails if you try 10 times in a loop,
unless you consider host->guest attacks, which we're not, because CoCo
is only a thing on the newer chips.

If those hold true, then the course of action would be to just add a
WARN_ON(!ok) but keep the loop as-is.

(Anyway, I posted
https://lore.kernel.org/lkml/20240214195744.8332-1-Jason@xxxxxxxxx/
just before seeing this message.)

Jason

Next message: Mimi Zohar: "Re: [PATCH v9 12/25] security: Introduce file_post_open hook"
Previous message: Andrey Skvortsov: "Re: [PATCH v2 3/4] iio: magnetometer: add a driver for Voltafield AF8133J magnetometer"
In reply to: Tom Lendacky: "Re: [PATCH 1/2] x86/random: Retry on RDSEED failure"
Next in thread: Theodore Ts'o: "Re: [PATCH 1/2] x86/random: Retry on RDSEED failure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]