Add an Armv8 rndr random number provider
ClosedPublic
Actions

Authored by andrew on Jun 6 2022, 12:10 PM.

Details

Reviewers

manu
imp
delphij

Group Reviewers

arm64
csprng

Commits

rG11b099f8030b: Add an Armv8 rndr random number provider
rG9eecef052155: Add an Armv8 rndr random number provider

Summary

Armv8.5 adds an optional random number generator. This is implemented
as two special registers one to read a random number, the other to
re-seed the entropy pool before reading a random number. Both registers
will set the condition flags to tell the caller they can't produce a
random number in a reasonable amount of time.

Without a signal to reseed the entropy pool use the former register
to provide random numbers to the kernel pool. On an Amazon AWS
Graviton3 VM this never failed, however this may not be the case on
low end CPUs so retry reading the random number 10 times before
returning an error.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

andrew created this revision.Jun 6 2022, 12:10 PM

Herald added a reviewer: manu. · View Herald TranscriptJun 6 2022, 12:10 PM

Herald added subscribers: jmg, emaste, imp. · View Herald Transcript

andrew requested review of this revision.Jun 6 2022, 12:10 PM

Harbormaster completed remote builds in B45861: Diff 106664.Jun 6 2022, 12:10 PM

Rebase past D35412

Harbormaster completed remote builds in B45863: Diff 106666.Jun 6 2022, 12:16 PM

cem added a subscriber: cem.Jun 6 2022, 1:01 PM

cem added inline comments.

sys/dev/random/armv8rng.c
64	I think `RNDRRS` would make more sense, if available. (On x86, we prefer `RDSEED` to `RDRAND`.)

andrew added inline comments.Jun 6 2022, 1:41 PM

sys/dev/random/armv8rng.c
64	My understanding is `RNDR` is equivilant to `RDSEED` [1]. `RNDRRS` just adds a reseed of the hardware CSPRNG used to generate random numbers. [1] https://lore.kernel.org/linux-arm-kernel/6e75d7b9-1c30-adab-bb74-1aaaa4e98ad4@linaro.org/

cem added inline comments.Jun 6 2022, 2:06 PM

sys/dev/random/armv8rng.c
64	Huh. I’m not sure how to reconcile that with the language in the ISA doc, which reads more or less like RDRAND. What’s the downside of using RNDRRS?

andrew added inline comments.Jun 6 2022, 2:23 PM

sys/dev/random/armv8rng.c
64	`K11.1 Properties of the generated random number` talks about the random number generator as a whole. In userspace I tested a loop reading from each register. For `RNDR` I can read just under 15 million random numbers per second, for `RNDRRS` it's about 20500, so the former is ~730 times as fast as the latter (on an AWS Graviton3 instance).

rebase
use rndrrs
clean up the style

Herald added a subscriber: obrien. · View Herald TranscriptOct 27 2023, 12:00 PM

Harbormaster completed remote builds in B54184: Diff 129450.Oct 27 2023, 12:00 PM

One formatting nit and one very strong suggestion for a comment to document the conversation in the review.
Normally they don't matter, but in this case it will likely be a question on many people's minds that read the code.
Your choice either way, but please consider it.
Otherwise looks good to go.

sys/dev/random/armv8rng.c
64	I'd be tempted to make a comment here. We don't need to reseed the pool often, so we use the stronger random source. Explain why we chose this one and possibly some of the numbers behind that choice. Future explorers will be happy you did.
75	Need a blank line.