x86, random: Enable the RDSEED instruction

Upcoming Intel silicon adds a new RDSEED instruction, which is similar to RDRAND but provides a stronger guarantee: unlike RDRAND, RDSEED will always reseed the PRNG from the true random number source between each read. Thus, the output of RDSEED is guaranteed to be 100% entropic, unlike RDRAND which is only architecturally guaranteed to be 1/512 entropic (although in practice is much more.) The RDSEED instruction takes the same time to execute as RDRAND, but RDSEED unlike RDRAND can legitimately return failure (CF=0) due to entropy exhaustion if too many threads on too many cores are hammering the RDSEED instruction at the same time. Therefore, we have to be more conservative and only use it in places where we can tolerate failures. This patch introduces the primitives arch_get_random_seed_{int,long}() but does not use it yet. Signed-off-by: H. Peter Anvin <hpa@linux.intel.com> Reviewed-by: Ingo Molnar <mingo@kernel.org> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Paul Mackerras <paulus@samba.org> Cc: Michael Ellerman <michael@ellerman.id.au> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
author: H. Peter Anvin <hpa@linux.intel.com> 2014-03-17 19:36:27 -0400
committer: Theodore Ts'o <tytso@mit.edu> 2014-03-19 22:22:06 -0400
commit: d20f78d252778e0fae8f8256e602bd682eb2185c (patch)
tree: 5f88e6bc17c69028085dc18d8252d5f3de9ee12b
parent: 46884442fc5bb81a896f7245bd850fde9b435509 (diff)
3 files changed, 55 insertions, 1 deletions
diff --git a/arch/powerpc/include/asm/archrandom.h b/arch/powerpc/include/asm/archrandom.h
index d853d163ba47..801beba4e64b 100644
--- a/arch/powerpc/include/asm/archrandom.h
+++ b/arch/powerpc/include/asm/archrandom.h
@@ -27,6 +27,15 @@ static inline int arch_get_random_int(unsigned int *v)
 int powernv_get_random_long(unsigned long *v);
+static inline int arch_get_random_seed_long(unsigned long *v)
+{
+        return 0;
+}
+static inline int arch_get_random_seed_int(unsigned int *v)
+{
+        return 0;
+}
 #endif /* CONFIG_ARCH_RANDOM */
 #endif /* _ASM_POWERPC_ARCHRANDOM_H */
diff --git a/arch/x86/include/asm/archrandom.h b/arch/x86/include/asm/archrandom.h
index e6a92455740e..6ad7f6d3f97f 100644
--- a/arch/x86/include/asm/archrandom.h
+++ b/arch/x86/include/asm/archrandom.h
@@ -1,7 +1,7 @@
 /*
 * This file is part of the Linux kernel.
 *
- * Copyright (c) 2011, Intel Corporation
+ * Copyright (c) 2011-2014, Intel Corporation
 * Authors: Fenghua Yu <fenghua.yu@intel.com>,
 *          H. Peter Anvin <hpa@linux.intel.com>
 *
@@ -31,10 +31,13 @@
 #define RDRAND_RETRY_LOOPS      10
 #define RDRAND_INT      ".byte 0x0f,0xc7,0xf0"
+#define RDSEED_INT      ".byte 0x0f,0xc7,0xf8"
 #ifdef CONFIG_X86_64
 # define RDRAND_LONG    ".byte 0x48,0x0f,0xc7,0xf0"
+# define RDSEED_LONG    ".byte 0x48,0x0f,0xc7,0xf8"
 #else
 # define RDRAND_LONG    RDRAND_INT
+# define RDSEED_LONG    RDSEED_INT
 #endif
 #ifdef CONFIG_ARCH_RANDOM
@@ -53,6 +56,16 @@ static inline int rdrand_long(unsigned long *v)
        return ok;
 }
+/* A single attempt at RDSEED */
+static inline bool rdseed_long(unsigned long *v)
+{
+        unsigned char ok;
+        asm volatile(RDSEED_LONG "\n\t"
+                     "setc %0"
+                     : "=qm" (ok), "=a" (*v));
+        return ok;
+}
 #define GET_RANDOM(name, type, rdrand, nop)                     \
 static inline int name(type *v)                                 \
 {                                                               \
@@ -70,16 +83,35 @@ static inline int name(type *v)					\
        return ok;                                              \
 }
+#define GET_SEED(name, type, rdseed, nop)                       \
+static inline int name(type *v)                                 \
+{                                                               \
+        unsigned char ok;                                       \
+        alternative_io("movb $0, %0\n\t"                        \
+                       nop,                                     \
+                       rdseed "\n\t"                            \
+                       "setc %0",                               \
+                       X86_FEATURE_RDSEED,                      \
+                       ASM_OUTPUT2("=q" (ok), "=a" (*v)));      \
+        return ok;                                              \
+}
 #ifdef CONFIG_X86_64
 GET_RANDOM(arch_get_random_long, unsigned long, RDRAND_LONG, ASM_NOP5);
 GET_RANDOM(arch_get_random_int, unsigned int, RDRAND_INT, ASM_NOP4);
+GET_SEED(arch_get_random_seed_long, unsigned long, RDSEED_LONG, ASM_NOP5);
+GET_SEED(arch_get_random_seed_int, unsigned int, RDSEED_INT, ASM_NOP4);
 #else
 GET_RANDOM(arch_get_random_long, unsigned long, RDRAND_LONG, ASM_NOP3);
 GET_RANDOM(arch_get_random_int, unsigned int, RDRAND_INT, ASM_NOP3);
+GET_SEED(arch_get_random_seed_long, unsigned long, RDSEED_LONG, ASM_NOP4);
+GET_SEED(arch_get_random_seed_int, unsigned int, RDSEED_INT, ASM_NOP4);
 #endif /* CONFIG_X86_64 */
 #else
@@ -89,6 +121,11 @@ static inline int rdrand_long(unsigned long *v)
        return 0;
 }
+static inline bool rdseed_long(unsigned long *v)
+{
+        return 0;
+}
 #endif  /* CONFIG_ARCH_RANDOM */
 extern void x86_init_rdrand(struct cpuinfo_x86 *c);
diff --git a/include/linux/random.h b/include/linux/random.h
index 1cfce0e24dbd..c2f08131050d 100644
--- a/include/linux/random.h
+++ b/include/linux/random.h
@@ -88,6 +88,14 @@ static inline int arch_get_random_int(unsigned int *v)
 {
        return 0;
 }
+static inline int arch_get_random_seed_long(unsigned long *v)
+{
+        return 0;
+}
+static inline int arch_get_random_seed_int(unsigned int *v)
+{
+        return 0;
+}
 #endif
 /* Pseudo random number generator from numerical recipes. */
author	H. Peter Anvin <hpa@linux.intel.com>	2014-03-17 19:36:27 -0400
committer	Theodore Ts'o <tytso@mit.edu>	2014-03-19 22:22:06 -0400
commit	d20f78d252778e0fae8f8256e602bd682eb2185c (patch)
tree	5f88e6bc17c69028085dc18d8252d5f3de9ee12b
parent	46884442fc5bb81a896f7245bd850fde9b435509 (diff)