From: "Dr. Greg" <greg@enjellic.com>
To: "Daniel P. Berrang??" <berrange@redhat.com>
Cc: "Reshetova, Elena" <elena.reshetova@intel.com>,
"Jason A. Donenfeld" <Jason@zx2c4.com>,
"Hansen, Dave" <dave.hansen@intel.com>,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
"H. Peter Anvin" <hpa@zytor.com>,
"x86@kernel.org" <x86@kernel.org>,
"Theodore Ts'o" <tytso@mit.edu>,
Kuppuswamy Sathyanarayanan
<sathyanarayanan.kuppuswamy@linux.intel.com>,
"Nakajima, Jun" <jun.nakajima@intel.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
"Kalra, Ashish" <ashish.kalra@amd.com>,
Sean Christopherson <seanjc@google.com>,
"linux-coco@lists.linux.dev" <linux-coco@lists.linux.dev>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH 2/2] x86/random: Issue a warning if RDRAND or RDSEED fails
Date: Tue, 6 Feb 2024 06:04:45 -0600 [thread overview]
Message-ID: <20240206120445.GA1247@wind.enjellic.com> (raw)
In-Reply-To: <ZcHoKUElwXGPzrWb@redhat.com>
On Tue, Feb 06, 2024 at 08:04:57AM +0000, Daniel P. Berrang?? wrote:
Good morning to everyone.
> On Mon, Feb 05, 2024 at 07:12:47PM -0600, Dr. Greg wrote:
> >
> > Actually, I now believe there is clear evidence that the problem is
> > indeed Intel specific. In light of our testing, it will be
> > interesting to see what your 'AR' returns with respect to an official
> > response from Intel engineering on this issue.
> >
> > One of the very bright young engineers collaborating on Quixote, who
> > has been following this conversation, took it upon himself to do some
> > very methodical engineering analysis on this issue. I'm the messenger
> > but this is very much his work product.
> >
> > Executive summary is as follows:
> >
> > - No RDRAND depletion failures were observable with either the Intel
> > or AMD hardware that was load tested.
> >
> > - RDSEED depletion is an Intel specific issue, AMD's RDSEED
> > implementation could not be provoked into failure.
> My colleague ran a multithread parallel stress test program on his
> 16core/2HT AMD Ryzen (Zen4 uarch) and saw a 80% failure rate in
> RDSEED.
Interesting datapoint, thanks for forwarding it along, so the issue
shows up on at least some AMD platforms as well.
On the 18 core/socket Intel Skylake platform, the parallelized
depletion test forces RDSEED success rates down to around 2%. It
would appear that your tests suggest that the AMD platform fairs
better than the Intel platform.
So this is turning into even more of a morass, given that RDSEED
depletion on AMD may be a function of the micro-architecture the
platform is based on. The other variable is that our AMD test
platform had a substantially higher core count per socket, one would
assume that would result in higher depletion rates, if the operative
theory of socket common RNG infrastructure is valid.
Unless AMD engineering understands the problem and has taken some type
of action on higher core count systems to address the issue.
Of course, the other variable may be how the parallelized stress test
is conducted. If you would like to share your implementation source
we could give it a twirl on the systems we have access to.
The continuing operative question is whether or not any of this ever
leads to an RDRAND failure.
We've conducted some additional tests on the Intel platform where
RDSEED depletion was driven low as possible, ~1-2% success rates,
while RDRAND depletion tests were being run simultaneously. No RDRAND
failures have been noted.
So the operative question remains, why worry about this if RDRAND is
used as the randomness primitive.
We haven't seen anything out of Intel yet on this, maybe AMD has a
quantifying definition for 'astronomical' when it comes to RDRAND
failures.
The silence appears to be deafening out of the respective engineering
camps... :-)
> > - AMD's RDRAND/RDSEED implementation is significantly slower than
> > Intel's.
> Yes, we also noticed the AMD impl is horribly slow compared to
> Intel, had to cut test iterations x100.
The operative question is the impact of 'slow', in the absence of
artifical stress tests.
It would seem that a major question is what are or were the
engineering thought processes on the throughput of the hardware
randomness instructions.
Intel documents the following randomness throughput rates:
RDSEED: 3 Gbit/second
RDRAND: 6.4 Gbit/second
If there is the possibility of over-harvesting randomness, why not
design the implementations to be clamped at some per core value such
as a megabit/second. In the case of the documented RDSEED generation
rates, that would allow the servicing of 3222 cores, if my math at
0530 in the morning is correct.
Would a core need more than 128 kilobytes of randomness, ie. one
second of output, to effectively seed a random number generator?
A cynical conclusion would suggest engineering acquiesing to marketing
demands... :-)
> With regards,
> Daniel
Have a good day.
As always,
Dr. Greg
The Quixote Project - Flailing at the Travails of Cybersecurity
https://github.com/Quixote-Project
next prev parent reply other threads:[~2024-02-06 12:09 UTC|newest]
Thread overview: 99+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-30 8:30 [PATCH 1/2] x86/random: Retry on RDSEED failure Kirill A. Shutemov
2024-01-30 8:30 ` [PATCH 2/2] x86/random: Issue a warning if RDRAND or RDSEED fails Kirill A. Shutemov
2024-01-30 12:37 ` Jason A. Donenfeld
2024-01-30 13:45 ` Reshetova, Elena
2024-01-30 14:21 ` Jason A. Donenfeld
2024-01-30 14:55 ` Reshetova, Elena
2024-01-30 15:00 ` Jason A. Donenfeld
2024-01-30 17:31 ` Dave Hansen
2024-01-30 17:49 ` Jason A. Donenfeld
2024-01-30 17:58 ` Dave Hansen
2024-01-30 18:15 ` H. Peter Anvin
2024-01-30 18:23 ` Jason A. Donenfeld
2024-01-30 18:23 ` Jason A. Donenfeld
2024-01-30 18:37 ` Dave Hansen
2024-01-30 18:05 ` Daniel P. Berrangé
2024-01-30 18:24 ` Jason A. Donenfeld
2024-01-30 18:31 ` Jason A. Donenfeld
2024-01-30 18:40 ` H. Peter Anvin
2024-01-31 8:16 ` Reshetova, Elena
2024-01-31 11:59 ` Dr. Greg
2024-01-31 13:06 ` Jason A. Donenfeld
2024-01-31 18:02 ` Reshetova, Elena
2024-01-31 20:35 ` Dr. Greg
2024-02-01 4:47 ` Theodore Ts'o
2024-02-01 9:54 ` Dr. Greg
2024-02-01 11:08 ` Daniel P. Berrangé
2024-02-01 21:04 ` Dr. Greg
2024-02-02 7:56 ` Reshetova, Elena
2024-02-01 7:26 ` Reshetova, Elena
2024-02-01 10:52 ` Dr. Greg
2024-02-06 1:12 ` Dr. Greg
2024-02-06 8:04 ` Daniel P. Berrangé
2024-02-06 12:04 ` Dr. Greg [this message]
2024-02-06 13:00 ` Daniel P. Berrangé
2024-02-08 10:31 ` Dr. Greg
2024-02-06 13:50 ` Daniel P. Berrangé
2024-02-06 15:35 ` Borislav Petkov
2024-02-08 11:44 ` Dr. Greg
2024-02-09 17:31 ` Borislav Petkov
2024-02-09 19:49 ` Jason A. Donenfeld
2024-02-09 20:37 ` Dave Hansen
2024-02-09 21:45 ` Borislav Petkov
2024-02-06 18:49 ` H. Peter Anvin
2024-02-08 16:38 ` Dr. Greg
2024-01-30 15:50 ` Kuppuswamy Sathyanarayanan
2024-01-30 12:29 ` [PATCH 1/2] x86/random: Retry on RDSEED failure Jason A. Donenfeld
2024-01-30 12:51 ` Jason A. Donenfeld
2024-01-30 13:10 ` Reshetova, Elena
2024-01-30 14:06 ` Jason A. Donenfeld
2024-01-30 14:43 ` Daniel P. Berrangé
2024-01-30 15:12 ` Jason A. Donenfeld
2024-01-30 18:35 ` Jason A. Donenfeld
2024-01-30 19:06 ` Reshetova, Elena
2024-01-30 19:16 ` Jason A. Donenfeld
2024-01-31 7:56 ` Reshetova, Elena
2024-01-31 13:14 ` Jason A. Donenfeld
2024-01-31 14:07 ` Theodore Ts'o
2024-01-31 14:45 ` Jason A. Donenfeld
2024-01-31 14:52 ` Jason A. Donenfeld
2024-01-31 17:10 ` Theodore Ts'o
2024-01-31 17:37 ` Reshetova, Elena
2024-01-31 18:01 ` Jason A. Donenfeld
2024-02-01 4:57 ` Theodore Ts'o
2024-02-01 18:09 ` Jason A. Donenfeld
2024-02-01 18:46 ` Dave Hansen
2024-02-01 19:02 ` H. Peter Anvin
2024-02-02 7:25 ` Reshetova, Elena
2024-02-02 15:39 ` Theodore Ts'o
2024-02-03 10:12 ` Jason A. Donenfeld
2024-02-09 19:53 ` Jason A. Donenfeld
2024-02-12 8:25 ` Reshetova, Elena
2024-02-12 16:32 ` Theodore Ts'o
2024-02-13 7:28 ` Dan Williams
2024-02-13 23:13 ` Theodore Ts'o
2024-02-14 0:53 ` Dan Williams
2024-02-14 4:32 ` Theodore Ts'o
2024-02-14 6:48 ` Dan Williams
2024-02-14 6:54 ` Reshetova, Elena
2024-02-14 8:34 ` Nikolay Borisov
2024-02-14 9:34 ` Dr. Greg
2024-02-14 17:30 ` Jason A. Donenfeld
2024-02-14 15:18 ` Reshetova, Elena
2024-02-14 17:21 ` Jason A. Donenfeld
2024-02-14 17:59 ` Reshetova, Elena
2024-02-14 19:32 ` Jason A. Donenfeld
2024-02-15 7:07 ` Reshetova, Elena
2024-02-15 12:58 ` Jason A. Donenfeld
2024-02-14 19:46 ` Tom Lendacky
2024-02-14 20:04 ` Jason A. Donenfeld
2024-02-14 20:11 ` Theodore Ts'o
2024-02-15 13:01 ` Jason A. Donenfeld
2024-02-14 20:14 ` Dave Hansen
2024-02-02 15:47 ` James Bottomley
2024-02-02 16:05 ` Theodore Ts'o
2024-02-02 21:28 ` James Bottomley
2024-02-03 14:35 ` Theodore Ts'o
2024-02-06 19:12 ` H. Peter Anvin
2024-01-30 15:20 ` H. Peter Anvin
2024-01-30 15:44 ` Kuppuswamy Sathyanarayanan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240206120445.GA1247@wind.enjellic.com \
--to=greg@enjellic.com \
--cc=Jason@zx2c4.com \
--cc=ashish.kalra@amd.com \
--cc=berrange@redhat.com \
--cc=bp@alien8.de \
--cc=dave.hansen@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=elena.reshetova@intel.com \
--cc=hpa@zytor.com \
--cc=jun.nakajima@intel.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=tytso@mit.edu \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).