From owner-svn-src-head@freebsd.org  Wed May  8 09:08:39 2019
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 29DDF15A2AB4;
 Wed,  8 May 2019 09:08:39 +0000 (UTC)
 (envelope-from tuexen@freebsd.org)
Received: from drew.franken.de (drew.ipv6.franken.de
 [IPv6:2001:638:a02:a001:20e:cff:fe4a:feaa])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "*.franken.de",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 8F58892D7D;
 Wed,  8 May 2019 09:08:38 +0000 (UTC)
 (envelope-from tuexen@freebsd.org)
Received: from [IPv6:2a02:c6a0:4015:12:a8fd:d6b7:ed6e:501] (unknown
 [IPv6:2a02:c6a0:4015:12:a8fd:d6b7:ed6e:501])
 (Authenticated sender: macmic)
 by mail-n.franken.de (Postfix) with ESMTPSA id 4FFEA721E280D;
 Wed,  8 May 2019 11:08:34 +0200 (CEST)
Content-Type: text/plain;
	charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\))
Subject: Re: svn commit: r347239 - head/sys/dev/random
From: Michael Tuexen <tuexen@freebsd.org>
In-Reply-To: <201905080045.x480jGpo032140@repo.freebsd.org>
Date: Wed, 8 May 2019 11:08:33 +0200
Cc: src-committers <src-committers@freebsd.org>, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <21F2F871-42E2-4572-97ED-C50CD00F9FC0@freebsd.org>
References: <201905080045.x480jGpo032140@repo.freebsd.org>
To: Conrad Meyer <cem@FreeBSD.org>
X-Mailer: Apple Mail (2.3445.104.8)
X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00
 autolearn=disabled version=3.4.1
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on mail-n.franken.de
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 08 May 2019 09:08:39 -0000

> On 8. May 2019, at 02:45, Conrad Meyer <cem@FreeBSD.org> wrote:
>=20
> Author: cem
> Date: Wed May  8 00:45:16 2019
> New Revision: 347239
> URL: https://svnweb.freebsd.org/changeset/base/347239
>=20
> Log:
>  random: x86 driver: Prefer RDSEED over RDRAND when available
I get a lot of
random_sources_feed: rs_read for hardware device 'Intel Secure Key RNG' =
returned no entropy.
entries in /var/log/messages now...

Any idea how to turn them off?

Best regards
Michael
>=20
>  Per
>  =
https://software.intel.com/en-us/blogs/2012/11/17/the-difference-between-r=
drand-and-rdseed
>  , RDRAND is a PRNG seeded from the same source as RDSEED.  The source =
is
>  more suitable as PRNG seed material, so prefer it when the RDSEED =
intrinsic
>  is available (indicated in CPU feature bits).
>=20
>  Reviewed by:	delphij, jhb, imp (earlier version)
>  Approved by:	secteam(delphij)
>  Security:	yes
>  Sponsored by:	Dell EMC Isilon
>  Differential Revision:	https://reviews.freebsd.org/D20192
>=20
> Modified:
>  head/sys/dev/random/ivy.c
>=20
> Modified: head/sys/dev/random/ivy.c
> =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D
> --- head/sys/dev/random/ivy.c	Wed May  8 00:40:08 2019	=
(r347238)
> +++ head/sys/dev/random/ivy.c	Wed May  8 00:45:16 2019	=
(r347239)
> @@ -44,11 +44,13 @@ __FBSDID("$FreeBSD$");
>=20
> #include <machine/md_var.h>
> #include <machine/specialreg.h>
> +#include <x86/ifunc.h>
>=20
> #include <dev/random/randomdev.h>
>=20
> #define	RETRY_COUNT	10
>=20
> +static bool has_rdrand, has_rdseed;
> static u_int random_ivy_read(void *, u_int);
>=20
> static struct random_source random_ivy =3D {
> @@ -57,10 +59,9 @@ static struct random_source random_ivy =3D {
> 	.rs_read =3D random_ivy_read
> };
>=20
> -static inline int
> -ivy_rng_store(u_long *buf)
> +static int
> +x86_rdrand_store(u_long *buf)
> {
> -#ifdef __GNUCLIKE_ASM
> 	u_long rndval;
> 	int retry;
>=20
> @@ -75,11 +76,40 @@ ivy_rng_store(u_long *buf)
> 	    : "+r" (retry), "=3Dr" (rndval) : : "cc");
> 	*buf =3D rndval;
> 	return (retry);
> -#else /* __GNUCLIKE_ASM */
> -	return (0);
> -#endif
> }
>=20
> +static int
> +x86_rdseed_store(u_long *buf)
> +{
> +	u_long rndval;
> +	int retry;
> +
> +	retry =3D RETRY_COUNT;
> +	__asm __volatile(
> +	    "1:\n\t"
> +	    "rdseed	%1\n\t"	/* read randomness into rndval */
> +	    "jc		2f\n\t" /* CF is set on success, exit retry loop =
*/
> +	    "dec	%0\n\t" /* otherwise, retry-- */
> +	    "jne	1b\n\t" /* and loop if retries are not exhausted =
*/
> +	    "2:"
> +	    : "+r" (retry), "=3Dr" (rndval) : : "cc");
> +	*buf =3D rndval;
> +	return (retry);
> +}
> +
> +DEFINE_IFUNC(static, int, x86_rng_store, (u_long *buf), static)
> +{
> +	has_rdrand =3D (cpu_feature2 & CPUID2_RDRAND);
> +	has_rdseed =3D (cpu_stdext_feature & CPUID_STDEXT_RDSEED);
> +
> +	if (has_rdseed)
> +		return (x86_rdseed_store);
> +	else if (has_rdrand)
> +		return (x86_rdrand_store);
> +	else
> +		return (NULL);
> +}
> +
> /* It is required that buf length is a multiple of sizeof(u_long). */
> static u_int
> random_ivy_read(void *buf, u_int c)
> @@ -90,7 +120,7 @@ random_ivy_read(void *buf, u_int c)
> 	KASSERT(c % sizeof(*b) =3D=3D 0, ("partial read %d", c));
> 	b =3D buf;
> 	for (count =3D c; count > 0; count -=3D sizeof(*b)) {
> -		if (ivy_rng_store(&rndval) =3D=3D 0)
> +		if (x86_rng_store(&rndval) =3D=3D 0)
> 			break;
> 		*b++ =3D rndval;
> 	}
> @@ -104,14 +134,14 @@ rdrand_modevent(module_t mod, int type, void =
*unused)
>=20
> 	switch (type) {
> 	case MOD_LOAD:
> -		if (cpu_feature2 & CPUID2_RDRAND) {
> +		if (has_rdrand || has_rdseed) {
> 			random_source_register(&random_ivy);
> 			printf("random: fast provider: \"%s\"\n", =
random_ivy.rs_ident);
> 		}
> 		break;
>=20
> 	case MOD_UNLOAD:
> -		if (cpu_feature2 & CPUID2_RDRAND)
> +		if (has_rdrand || has_rdseed)
> 			random_source_deregister(&random_ivy);
> 		break;
>=20
>=20