From owner-svn-src-all@freebsd.org Wed May 8 13:55:40 2019 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D335F1585D13; Wed, 8 May 2019 13:55:39 +0000 (UTC) (envelope-from cse.cem@gmail.com) Received: from mail-it1-f182.google.com (mail-it1-f182.google.com [209.85.166.182]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7009E74334; Wed, 8 May 2019 13:55:39 +0000 (UTC) (envelope-from cse.cem@gmail.com) Received: by mail-it1-f182.google.com with SMTP id a190so4158976ite.4; Wed, 08 May 2019 06:55:39 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:reply-to :from:date:message-id:subject:to:cc; bh=aBGC4+1cmF+9xw0Q35DM/+cxdTQ4JgNYAWr74NGLW+A=; b=TYpubbks7KJyztzAn101lYVPd6Dizj+xIffEcPgDd2xvbMIPvI3kj71Z3hKs5fGhNU VRgepsKLorN4+Em2HWH9Tx8sslz38bOrvCgTTmnKPTA+5+vGGVX8LDCrqZRkwJN/qTtI uLCBWZpK/dC0X1X6j3/JhORf2/Rr9pRb6bFlV8hxW6pn0TyGAjJ9Z3WwA4R0Y4d62D7s c5DmLch3YFmPQLzYw0nxTbYWLHps3kpCL8OWvVD3yP+ZyHqTwyQbEAyR7snCto7uitFu eNM2P87iAwJGE0TLCW4RZZolhyav6dyjn8bG+v8V7Jq8olxjUF/R0VFmlbRFwf875C9D dIXQ== X-Gm-Message-State: APjAAAUsVLuDfOTRro7uMwxlazOlciY9zthkvHXPfr4Itz5P39wTHI6U 9drY/E6s0elPGJGq0LSTBPaNDcHA X-Google-Smtp-Source: APXvYqwlNSFZNESSE64E/r/37TuK3E3FMUee8HlrBS+JEI+e1Zwz1kdMBy1qhQLAtSaZCYLqUUcBBQ== X-Received: by 2002:a02:c043:: with SMTP id u3mr27870350jam.35.1557323737902; Wed, 08 May 2019 06:55:37 -0700 (PDT) Received: from mail-io1-f51.google.com (mail-io1-f51.google.com. [209.85.166.51]) by smtp.gmail.com with ESMTPSA id t191sm1290294itt.17.2019.05.08.06.55.37 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 06:55:37 -0700 (PDT) Received: by mail-io1-f51.google.com with SMTP id b3so11459341iob.12; Wed, 08 May 2019 06:55:37 -0700 (PDT) X-Received: by 2002:a5d:84ce:: with SMTP id z14mr7548156ior.107.1557323737262; Wed, 08 May 2019 06:55:37 -0700 (PDT) MIME-Version: 1.0 References: <201905080045.x480jGpo032140@repo.freebsd.org> <21F2F871-42E2-4572-97ED-C50CD00F9FC0@freebsd.org> In-Reply-To: <21F2F871-42E2-4572-97ED-C50CD00F9FC0@freebsd.org> Reply-To: cem@freebsd.org From: Conrad Meyer Date: Wed, 8 May 2019 06:55:26 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: svn commit: r347239 - head/sys/dev/random To: Michael Tuexen Cc: Conrad Meyer , src-committers , svn-src-all@freebsd.org, svn-src-head@freebsd.org X-Rspamd-Queue-Id: 7009E74334 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-6.99 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.99)[-0.987,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; REPLY(-4.00)[]; TAGGED_FROM(0.00)[] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 May 2019 13:55:40 -0000 Unfortunately, no real knob for it. I have proposed disabling the warning in https://reviews.freebsd.org/D20195 . Sorry about the noise. Best, Conrad On Wed, May 8, 2019 at 2:08 AM Michael Tuexen wrote: > > On 8. May 2019, at 02:45, Conrad Meyer wrote: > > > > Author: cem > > Date: Wed May 8 00:45:16 2019 > > New Revision: 347239 > > URL: https://svnweb.freebsd.org/changeset/base/347239 > > > > Log: > > random: x86 driver: Prefer RDSEED over RDRAND when available > I get a lot of > random_sources_feed: rs_read for hardware device 'Intel Secure Key RNG' > returned no entropy. > entries in /var/log/messages now... > > Any idea how to turn them off? > > Best regards > Michael > > > > Per > > > https://software.intel.com/en-us/blogs/2012/11/17/the-difference-between-rdrand-and-rdseed > > , RDRAND is a PRNG seeded from the same source as RDSEED. The source is > > more suitable as PRNG seed material, so prefer it when the RDSEED > intrinsic > > is available (indicated in CPU feature bits). > > > > Reviewed by: delphij, jhb, imp (earlier version) > > Approved by: secteam(delphij) > > Security: yes > > Sponsored by: Dell EMC Isilon > > Differential Revision: https://reviews.freebsd.org/D20192 > > > > Modified: > > head/sys/dev/random/ivy.c > > > > Modified: head/sys/dev/random/ivy.c > > > ============================================================================== > > --- head/sys/dev/random/ivy.c Wed May 8 00:40:08 2019 (r347238) > > +++ head/sys/dev/random/ivy.c Wed May 8 00:45:16 2019 (r347239) > > @@ -44,11 +44,13 @@ __FBSDID("$FreeBSD$"); > > > > #include > > #include > > +#include > > > > #include > > > > #define RETRY_COUNT 10 > > > > +static bool has_rdrand, has_rdseed; > > static u_int random_ivy_read(void *, u_int); > > > > static struct random_source random_ivy = { > > @@ -57,10 +59,9 @@ static struct random_source random_ivy = { > > .rs_read = random_ivy_read > > }; > > > > -static inline int > > -ivy_rng_store(u_long *buf) > > +static int > > +x86_rdrand_store(u_long *buf) > > { > > -#ifdef __GNUCLIKE_ASM > > u_long rndval; > > int retry; > > > > @@ -75,11 +76,40 @@ ivy_rng_store(u_long *buf) > > : "+r" (retry), "=r" (rndval) : : "cc"); > > *buf = rndval; > > return (retry); > > -#else /* __GNUCLIKE_ASM */ > > - return (0); > > -#endif > > } > > > > +static int > > +x86_rdseed_store(u_long *buf) > > +{ > > + u_long rndval; > > + int retry; > > + > > + retry = RETRY_COUNT; > > + __asm __volatile( > > + "1:\n\t" > > + "rdseed %1\n\t" /* read randomness into rndval */ > > + "jc 2f\n\t" /* CF is set on success, exit retry loop */ > > + "dec %0\n\t" /* otherwise, retry-- */ > > + "jne 1b\n\t" /* and loop if retries are not exhausted */ > > + "2:" > > + : "+r" (retry), "=r" (rndval) : : "cc"); > > + *buf = rndval; > > + return (retry); > > +} > > + > > +DEFINE_IFUNC(static, int, x86_rng_store, (u_long *buf), static) > > +{ > > + has_rdrand = (cpu_feature2 & CPUID2_RDRAND); > > + has_rdseed = (cpu_stdext_feature & CPUID_STDEXT_RDSEED); > > + > > + if (has_rdseed) > > + return (x86_rdseed_store); > > + else if (has_rdrand) > > + return (x86_rdrand_store); > > + else > > + return (NULL); > > +} > > + > > /* It is required that buf length is a multiple of sizeof(u_long). */ > > static u_int > > random_ivy_read(void *buf, u_int c) > > @@ -90,7 +120,7 @@ random_ivy_read(void *buf, u_int c) > > KASSERT(c % sizeof(*b) == 0, ("partial read %d", c)); > > b = buf; > > for (count = c; count > 0; count -= sizeof(*b)) { > > - if (ivy_rng_store(&rndval) == 0) > > + if (x86_rng_store(&rndval) == 0) > > break; > > *b++ = rndval; > > } > > @@ -104,14 +134,14 @@ rdrand_modevent(module_t mod, int type, void > *unused) > > > > switch (type) { > > case MOD_LOAD: > > - if (cpu_feature2 & CPUID2_RDRAND) { > > + if (has_rdrand || has_rdseed) { > > random_source_register(&random_ivy); > > printf("random: fast provider: \"%s\"\n", > random_ivy.rs_ident); > > } > > break; > > > > case MOD_UNLOAD: > > - if (cpu_feature2 & CPUID2_RDRAND) > > + if (has_rdrand || has_rdseed) > > random_source_deregister(&random_ivy); > > break; > > > > > >