From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 7AA44C433EF for ; Thu, 13 Jan 2022 13:14:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc :To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=gV2o5nJ1MwBVfXL6omJFYWdBoukmdYo2JEGZ7Am1o8k=; b=UeZ6540ypYLjNL Jrfz2e6qC+H1fQBxZn5bmvnAFltas7tBWLUaz/MuvNMSbfo4k25b4jLrjKyRv0R+uMTNNK1XaBwa4 JvGFiWzT7kqIlH0Y6DjKQaRXjbGpVyUPCwe4UITbRz4gYBk6UuGuMftS9SotwSRTaN/Hwss0ewY6F mYSNzj3K4imqXNYrX+2cLNu1oDjKSigBGwaenAsePOFtSjIXSxu/SsrSirjOl/G874osKjXZmwZHQ x3LMnxiLsf97IcWL1SUCsGefd30DGSP2iwD25q9z1TKZJpWIbnniYOPYXrtXgDZHDvq1RIjmCWHEu 32sKZKQtUa2PeVSrL5Yg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1n7zua-0063Dp-94; Thu, 13 Jan 2022 13:13:04 +0000 Received: from dfw.source.kernel.org ([2604:1380:4641:c500::1]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1n7zuU-0063Co-96 for linux-arm-kernel@lists.infradead.org; Thu, 13 Jan 2022 13:13:01 +0000 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id C8CA961C67; Thu, 13 Jan 2022 13:12:57 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D877DC36AE3; Thu, 13 Jan 2022 13:12:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1642079577; bh=bGNi+ex+UzWkUpguvJJa6/xaQBEgncTD4Vip01DnyYc=; h=From:To:Cc:Subject:Date:From; b=L8/2YEdsgs9freNaBZdUkruLWLp62r5l7tqHOVDbOxKjGAikeRwikz8x7ikYtRoH+ t4IXJcv17lfQJYI7vqc8HrY2HmSULn9E9oAXehdvjZ5PJ5IAhIdRm+/fHvx/by3xUG lerKXa/NEUghGftvjAuCmfEjbfKfutl94ThW+eINp45F7yfKLwUESePm3vattWlaPh Tm77Vs00BLzZeYSuC0VvjEBRHSqQ/3YzzRmogXWYbVSGp7p2nUmONaedov1aCO4tcG 9UyopDuuQT+8ObHp4ldBlcre/K+I0Z+iLtdo+hXaJkOGDSomShQya3rOiL+xZlNmyh TgGs9QgamamQQ== From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org Cc: catalin.marinas@arm.com, will@kernel.org, mark.rutland@arm.com, jason@zx2c4.com, Ard Biesheuvel , Andre Przywara , Mark Brown Subject: [PATCH] arm64: random: implement arch_get_random_int/_long based on RNDR Date: Thu, 13 Jan 2022 14:12:39 +0100 Message-Id: <20220113131239.1610455-1-ardb@kernel.org> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=3541; h=from:subject; bh=bGNi+ex+UzWkUpguvJJa6/xaQBEgncTD4Vip01DnyYc=; b=owEB7QES/pANAwAKAcNPIjmS2Y8kAcsmYgBh4CVGbIq4+Idgj78SqQpw10CvdQXzF8Y3S0bLRjIH ZTWwRc+JAbMEAAEKAB0WIQT72WJ8QGnJQhU3VynDTyI5ktmPJAUCYeAlRgAKCRDDTyI5ktmPJG+LC/ 0eYCJf/oncOoUt0Nh0LVTA+VElpx1NuLket2w61KxkXqjQ2uXNtgGNvTgIqW5ZIHBZCXoj780lbKFA vSezzLKXwf98FWVMKbkeDegfyAgD34H1G/UDyZgeIGptqhUdc/6apG7PvCzFnQX6bz+5EJiC69fSJl sYEbz9j1T+M5MHpCvrJ3oKwwzbhdS37+Kb+74w0xY85d04JfDVvrS8BvIz/uVkvqouQfqimYjnXPMI 8zTA80Zpyp5cjZEkHpZ0T0xcbJR3JMFNgStsmilYbBd9NHYGgWvC2tObwE2w6nx1suMWjXmduI0MQq EBb/CNEN59EuBkkw7CTfi/2CBuZnRLhxkhg5efG7W0Uydxg1S5Qa3mFNplerL/i5qjLhSJ2+Y61WKx 4BRumX1U8LrRCkNyWzINc7TXFyuc+eqBR90H9UprP+l/iiPxmi+X2ZmBqPKy8o/eL6RxRb6gsmHe3T Y3d/WKI08Nl0CuIiYYh2GDPW0TLz7Tk6l6bmmdG+emVXs= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220113_051258_424045_F2DC5AC4 X-CRM114-Status: GOOD ( 18.72 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org When support for RNDR/RNDRRS was introduced, we elected to only implement arch_get_random_seed_int/_long(), and back them by RNDR instead of RNDRRS. This was needed to prevent potential performance and/or starvation issues resulting from the fact that the /dev/random driver used to invoke these routines on various hot paths. These issues have all been addressed now [0] [1], and so we can wire up this API more straight-forwardly: - map arch_get_random_int/_long() onto RNDR, which returns the output of a DRBG that is reseeded at an implemented defined rate; - map arch_get_random_seed_int/_long() onto the TRNG firmware service, which returns true, conditioned entropy, or onto RNDRRS if the TRNG service is unavailable, which returns the output of a DRBG that is reseeded every time it is used. [0] 390596c9959c random: avoid arch_get_random_seed_long() when collecting IRQ randomness [1] 2ee25b6968b1 random: avoid superfluous call to RDRAND in CRNG extraction Cc: Andre Przywara Cc: Mark Brown Signed-off-by: Ard Biesheuvel --- arch/arm64/include/asm/archrandom.h | 45 +++++++++++++++++--- 1 file changed, 39 insertions(+), 6 deletions(-) diff --git a/arch/arm64/include/asm/archrandom.h b/arch/arm64/include/asm/archrandom.h index 09e43272ccb0..d1bb5e71df25 100644 --- a/arch/arm64/include/asm/archrandom.h +++ b/arch/arm64/include/asm/archrandom.h @@ -42,13 +42,47 @@ static inline bool __arm64_rndr(unsigned long *v) return ok; } +static inline bool __arm64_rndrrs(unsigned long *v) +{ + bool ok; + + /* + * Reads of RNDRRS set PSTATE.NZCV to 0b0000 on success, + * and set PSTATE.NZCV to 0b0100 otherwise. + */ + asm volatile( + __mrs_s("%0", SYS_RNDRRS_EL0) "\n" + " cset %w1, ne\n" + : "=r" (*v), "=r" (ok) + : + : "cc"); + + return ok; +} + static inline bool __must_check arch_get_random_long(unsigned long *v) { + /* + * Only support the generic interface after we have detected + * the system wide capability, avoiding complexity with the + * cpufeature code and with potential scheduling between CPUs + * with and without the feature. + */ + if (cpus_have_const_cap(ARM64_HAS_RNG) && __arm64_rndr(v)) + return true; return false; } static inline bool __must_check arch_get_random_int(unsigned int *v) { + if (cpus_have_const_cap(ARM64_HAS_RNG)) { + unsigned long val; + + if (__arm64_rndr(&val)) { + *v = val; + return true; + } + } return false; } @@ -71,12 +105,11 @@ static inline bool __must_check arch_get_random_seed_long(unsigned long *v) } /* - * Only support the generic interface after we have detected - * the system wide capability, avoiding complexity with the - * cpufeature code and with potential scheduling between CPUs - * with and without the feature. + * RNDRRS is not backed by an entropy source but by a DRBG that is + * reseeded after each invocation. This is not a 100% fit but good + * enough to implement this API if no other entropy source exists. */ - if (cpus_have_const_cap(ARM64_HAS_RNG) && __arm64_rndr(v)) + if (cpus_have_const_cap(ARM64_HAS_RNG) && __arm64_rndrrs(v)) return true; return false; @@ -96,7 +129,7 @@ static inline bool __must_check arch_get_random_seed_int(unsigned int *v) } if (cpus_have_const_cap(ARM64_HAS_RNG)) { - if (__arm64_rndr(&val)) { + if (__arm64_rndrrs(&val)) { *v = val; return true; } -- 2.30.2 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel