From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 3AF21C433EF for ; Thu, 13 Jan 2022 13:42:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References: Message-ID:Subject:Cc:To:From:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=Tq45jdW+nzkul7F+VCYB2yqhu2Wm9mlsIIlKUYcbDfs=; b=sNvRFUeeo02Q65 hXuql/SWPw/iQKVDBI7Pn5Kxz2oFdkXCMJpgy1TtDAtlqr1kpDuycdLhQr9RbI+e8TyBGJLsiOPJK QHij4N7ArEgSapGPRXzElQt8DFoYBHzZxuQZmHCBV4Uqf2Q5PiZegR5C+upuV3if5FWxssmDVc82R Px+rb6UKQwg/MOODXfpQ4pSO4Ca7HEzYtEmcK3BrudhXf/xnnvZpXB2g8V0CueZeWuyJxQd+/Nc+3 IcYowxH2GAyQ5o/7gBTPM+NNxTrPZ9RZaNSxMvWpYiCWwbUmgiL7+BeTTu1hjbIZ0smQMwpuLTmlT 5GBG1yzgBnW2A2PCNL1g==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1n80M3-0069oF-L9; Thu, 13 Jan 2022 13:41:27 +0000 Received: from dfw.source.kernel.org ([2604:1380:4641:c500::1]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1n80Lz-0069nJ-Ls for linux-arm-kernel@lists.infradead.org; Thu, 13 Jan 2022 13:41:25 +0000 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id C32B961CD6; Thu, 13 Jan 2022 13:41:22 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6CB5DC36AE3; Thu, 13 Jan 2022 13:41:21 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="iPEUeo6J" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1642081280; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=3r/+7XHg7r6Qh7P9kiI9x3qLkirlCAiFDhet8BkTAtM=; b=iPEUeo6Ja0TsU1V20BVpkrm/DRfqCyZUKmPNGe4KS9D8LXQv5PBWdIZlq3d58uj4WrgqPX bLF1asHYt4i1Y3MJwvE0h8P1Xps3BjFPwrIENYBIdg4NyEbHqOJzBTYwYN6RBwUa/zIQcg KOAwj9h11MyL9Zcp+/QA9+uuWRJNR1U= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id da880d79 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO); Thu, 13 Jan 2022 13:41:19 +0000 (UTC) Date: Thu, 13 Jan 2022 14:41:16 +0100 From: "Jason A. Donenfeld" To: Ard Biesheuvel Cc: linux-arm-kernel@lists.infradead.org, catalin.marinas@arm.com, will@kernel.org, mark.rutland@arm.com, Andre Przywara , Mark Brown Subject: Re: [PATCH] arm64: random: implement arch_get_random_int/_long based on RNDR Message-ID: References: <20220113131239.1610455-1-ardb@kernel.org> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20220113131239.1610455-1-ardb@kernel.org> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220113_054123_908948_792B750F X-CRM114-Status: GOOD ( 24.59 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Hi Ard, Wow, didn't expect for this to come so fast. Excellent. On Thu, Jan 13, 2022 at 02:12:39PM +0100, Ard Biesheuvel wrote: > - map arch_get_random_int/_long() onto RNDR, which returns the output of > a DRBG that is reseeded at an implemented defined rate; implemented -> implementation? > static inline bool __must_check arch_get_random_long(unsigned long *v) > { > + /* > + * Only support the generic interface after we have detected > + * the system wide capability, avoiding complexity with the > + * cpufeature code and with potential scheduling between CPUs > + * with and without the feature. > + */ > + if (cpus_have_const_cap(ARM64_HAS_RNG) && __arm64_rndr(v)) > + return true; > return false; > } Can't this just become: return cpus_have_const_cap(ARM64_HAS_RNG) && __arm64_rndr(v); > > static inline bool __must_check arch_get_random_int(unsigned int *v) > { > + if (cpus_have_const_cap(ARM64_HAS_RNG)) { > + unsigned long val; > + > + if (__arm64_rndr(&val)) { > + *v = val; > + return true; > + } > + } > return false; > } Why not implement arch_get_random_int with the same type of flow as arch_get_random_long? static inline bool __must_check arch_get_random_int(unsigned int *v) { unsigned long val; if (cpus_have_const_cap(ARM64_HAS_RNG) && __arm64_rndr(&val))) { *v = val; return true; } return false; } Or, even better, just define arch_get_random_int in terms of arch_get_random_long: static inline bool __must_check arch_get_random_int(unsigned int *v) { unsigned long val; if (arch_get_random_long(&val)) { *v = val; return true; } return false; } > @@ -71,12 +105,11 @@ static inline bool __must_check arch_get_random_seed_long(unsigned long *v) > } > > /* > - * Only support the generic interface after we have detected > - * the system wide capability, avoiding complexity with the > - * cpufeature code and with potential scheduling between CPUs > - * with and without the feature. > + * RNDRRS is not backed by an entropy source but by a DRBG that is > + * reseeded after each invocation. This is not a 100% fit but good > + * enough to implement this API if no other entropy source exists. The docs are actually a bit more optimistic than that: https://developer.arm.com/documentation/ddi0595/2021-03/AArch64-Registers/RNDRRS--Reseeded-Random-Number ~ Reseeded Random Number. Returns a 64-bit random number which is reseeded ~ from the True Random Number source immediately before the read of the ~ random number. If I'm reading that correctly, it looks like the reseeding happens *before* the read, and it looks like it comes from a TRNG. In other words, it sounds to me like it's just doing something like HASH(READ_TRNG()). That would be pretty darn good. > */ > - if (cpus_have_const_cap(ARM64_HAS_RNG) && __arm64_rndr(v)) > + if (cpus_have_const_cap(ARM64_HAS_RNG) && __arm64_rndrrs(v)) > return true; > > return false; > @@ -96,7 +129,7 @@ static inline bool __must_check arch_get_random_seed_int(unsigned int *v) > } > > if (cpus_have_const_cap(ARM64_HAS_RNG)) { > - if (__arm64_rndr(&val)) { > + if (__arm64_rndrrs(&val)) { > *v = val; > return true; > } I suppose the same control flow simplification stuff mentioned above could be done here too, if you feel like what I mentioned earlier is worthwhile. >From a randomness perspective: Acked-by: Jason A. Donenfeld Thanks, Jason _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel