From: "Theodore Ts'o" <tytso@mit.edu>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>,
"Reshetova, Elena" <elena.reshetova@intel.com>,
Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>,
"x86@kernel.org" <x86@kernel.org>,
Kuppuswamy Sathyanarayanan
<sathyanarayanan.kuppuswamy@linux.intel.com>,
"Nakajima, Jun" <jun.nakajima@intel.com>,
"Kalra, Ashish" <ashish.kalra@amd.com>,
Sean Christopherson <seanjc@google.com>,
"linux-coco@lists.linux.dev" <linux-coco@lists.linux.dev>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH 1/2] x86/random: Retry on RDSEED failure
Date: Wed, 14 Feb 2024 15:11:03 -0500 [thread overview]
Message-ID: <20240214201103.GD394352@mit.edu> (raw)
In-Reply-To: <CAHmME9pzOTdkNr=mM7yKKqLWApQ5cxjvb7R9C2eQ2QFeUEqT6A@mail.gmail.com>
On Wed, Feb 14, 2024 at 09:04:34PM +0100, Jason A. Donenfeld wrote:
> AMD people, Intel people: what are the fullest statements we can rely
> on here? Do the following two statements work?
>
> 1) On newer chips, RDRAND never fails.
> 2) On older chips, RDRAND never fails if you try 10 times in a loop,
> unless you consider host->guest attacks, which we're not, because CoCo
> is only a thing on the newer chips.
>
> If those hold true, then the course of action would be to just add a
> WARN_ON(!ok) but keep the loop as-is.
I think we may only want to do the WARN_ON in early boot. Otherwise,
on older chips, if a userspace process executes RDRAND is a tight
loop, it might cause the WARN_ON to trigger, which is considered
undesirable (and is certainly going to be something that could result
in a syzbot complaint).
- Ted
next prev parent reply other threads:[~2024-02-14 20:11 UTC|newest]
Thread overview: 99+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-30 8:30 [PATCH 1/2] x86/random: Retry on RDSEED failure Kirill A. Shutemov
2024-01-30 8:30 ` [PATCH 2/2] x86/random: Issue a warning if RDRAND or RDSEED fails Kirill A. Shutemov
2024-01-30 12:37 ` Jason A. Donenfeld
2024-01-30 13:45 ` Reshetova, Elena
2024-01-30 14:21 ` Jason A. Donenfeld
2024-01-30 14:55 ` Reshetova, Elena
2024-01-30 15:00 ` Jason A. Donenfeld
2024-01-30 17:31 ` Dave Hansen
2024-01-30 17:49 ` Jason A. Donenfeld
2024-01-30 17:58 ` Dave Hansen
2024-01-30 18:15 ` H. Peter Anvin
2024-01-30 18:23 ` Jason A. Donenfeld
2024-01-30 18:23 ` Jason A. Donenfeld
2024-01-30 18:37 ` Dave Hansen
2024-01-30 18:05 ` Daniel P. Berrangé
2024-01-30 18:24 ` Jason A. Donenfeld
2024-01-30 18:31 ` Jason A. Donenfeld
2024-01-30 18:40 ` H. Peter Anvin
2024-01-31 8:16 ` Reshetova, Elena
2024-01-31 11:59 ` Dr. Greg
2024-01-31 13:06 ` Jason A. Donenfeld
2024-01-31 18:02 ` Reshetova, Elena
2024-01-31 20:35 ` Dr. Greg
2024-02-01 4:47 ` Theodore Ts'o
2024-02-01 9:54 ` Dr. Greg
2024-02-01 11:08 ` Daniel P. Berrangé
2024-02-01 21:04 ` Dr. Greg
2024-02-02 7:56 ` Reshetova, Elena
2024-02-01 7:26 ` Reshetova, Elena
2024-02-01 10:52 ` Dr. Greg
2024-02-06 1:12 ` Dr. Greg
2024-02-06 8:04 ` Daniel P. Berrangé
2024-02-06 12:04 ` Dr. Greg
2024-02-06 13:00 ` Daniel P. Berrangé
2024-02-08 10:31 ` Dr. Greg
2024-02-06 13:50 ` Daniel P. Berrangé
2024-02-06 15:35 ` Borislav Petkov
2024-02-08 11:44 ` Dr. Greg
2024-02-09 17:31 ` Borislav Petkov
2024-02-09 19:49 ` Jason A. Donenfeld
2024-02-09 20:37 ` Dave Hansen
2024-02-09 21:45 ` Borislav Petkov
2024-02-06 18:49 ` H. Peter Anvin
2024-02-08 16:38 ` Dr. Greg
2024-01-30 15:50 ` Kuppuswamy Sathyanarayanan
2024-01-30 12:29 ` [PATCH 1/2] x86/random: Retry on RDSEED failure Jason A. Donenfeld
2024-01-30 12:51 ` Jason A. Donenfeld
2024-01-30 13:10 ` Reshetova, Elena
2024-01-30 14:06 ` Jason A. Donenfeld
2024-01-30 14:43 ` Daniel P. Berrangé
2024-01-30 15:12 ` Jason A. Donenfeld
2024-01-30 18:35 ` Jason A. Donenfeld
2024-01-30 19:06 ` Reshetova, Elena
2024-01-30 19:16 ` Jason A. Donenfeld
2024-01-31 7:56 ` Reshetova, Elena
2024-01-31 13:14 ` Jason A. Donenfeld
2024-01-31 14:07 ` Theodore Ts'o
2024-01-31 14:45 ` Jason A. Donenfeld
2024-01-31 14:52 ` Jason A. Donenfeld
2024-01-31 17:10 ` Theodore Ts'o
2024-01-31 17:37 ` Reshetova, Elena
2024-01-31 18:01 ` Jason A. Donenfeld
2024-02-01 4:57 ` Theodore Ts'o
2024-02-01 18:09 ` Jason A. Donenfeld
2024-02-01 18:46 ` Dave Hansen
2024-02-01 19:02 ` H. Peter Anvin
2024-02-02 7:25 ` Reshetova, Elena
2024-02-02 15:39 ` Theodore Ts'o
2024-02-03 10:12 ` Jason A. Donenfeld
2024-02-09 19:53 ` Jason A. Donenfeld
2024-02-12 8:25 ` Reshetova, Elena
2024-02-12 16:32 ` Theodore Ts'o
2024-02-13 7:28 ` Dan Williams
2024-02-13 23:13 ` Theodore Ts'o
2024-02-14 0:53 ` Dan Williams
2024-02-14 4:32 ` Theodore Ts'o
2024-02-14 6:48 ` Dan Williams
2024-02-14 6:54 ` Reshetova, Elena
2024-02-14 8:34 ` Nikolay Borisov
2024-02-14 9:34 ` Dr. Greg
2024-02-14 17:30 ` Jason A. Donenfeld
2024-02-14 15:18 ` Reshetova, Elena
2024-02-14 17:21 ` Jason A. Donenfeld
2024-02-14 17:59 ` Reshetova, Elena
2024-02-14 19:32 ` Jason A. Donenfeld
2024-02-15 7:07 ` Reshetova, Elena
2024-02-15 12:58 ` Jason A. Donenfeld
2024-02-14 19:46 ` Tom Lendacky
2024-02-14 20:04 ` Jason A. Donenfeld
2024-02-14 20:11 ` Theodore Ts'o [this message]
2024-02-15 13:01 ` Jason A. Donenfeld
2024-02-14 20:14 ` Dave Hansen
2024-02-02 15:47 ` James Bottomley
2024-02-02 16:05 ` Theodore Ts'o
2024-02-02 21:28 ` James Bottomley
2024-02-03 14:35 ` Theodore Ts'o
2024-02-06 19:12 ` H. Peter Anvin
2024-01-30 15:20 ` H. Peter Anvin
2024-01-30 15:44 ` Kuppuswamy Sathyanarayanan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240214201103.GD394352@mit.edu \
--to=tytso@mit.edu \
--cc=Jason@zx2c4.com \
--cc=ashish.kalra@amd.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=elena.reshetova@intel.com \
--cc=hpa@zytor.com \
--cc=jun.nakajima@intel.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.