linux-arm-kernel.lists.infradead.org archive mirror
 help / color / mirror / Atom feed
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: Richard Henderson <richard.henderson@linaro.org>
Cc: Mark Rutland <mark.rutland@arm.com>,
	"open list:HARDWARE RANDOM NUMBER GENERATOR CORE"
	<linux-crypto@vger.kernel.org>,
	linux-arm-kernel <linux-arm-kernel@lists.infradead.org>
Subject: Re: [PATCH v4 1/1] arm64: Implement archrandom.h for ARMv8.5-RNG
Date: Wed, 6 Nov 2019 22:30:42 +0100	[thread overview]
Message-ID: <CAKv+Gu8pb5pBFBg0wGoORmaS6yzmoX7L45LLnhuZhqw4JX7d+w@mail.gmail.com> (raw)
In-Reply-To: <20191106141954.30657-2-rth@twiddle.net>

On Wed, 6 Nov 2019 at 15:20, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> From: Richard Henderson <richard.henderson@linaro.org>
>
> Expose the ID_AA64ISAR0.RNDR field to userspace, as the
> RNG system registers are always available at EL0.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
> v2: Use __mrs_s and fix missing cc clobber (Mark),
>     Log rng failures with pr_warn (Mark),
>     Use __must_check; put RNDR in arch_get_random_long and RNDRRS
>     in arch_get_random_seed_long (Ard),
>     Use ARM64_CPUCAP_WEAK_LOCAL_CPU_FEATURE, and check this_cpu_has_cap
>     when reading random data.  Move everything out of line, now that
>     there are 5 other function calls involved, and to unify the rate
>     limiting on the pr_warn.
> v3: Keep arch_get_random{,_seed}_long in sync.
> v4: Use __cpus_have_const_cap before falling back to this_cpu_has_cap.
> ---
>  Documentation/arm64/cpu-feature-registers.rst |  2 +
>  arch/arm64/include/asm/archrandom.h           | 35 ++++++++
>  arch/arm64/include/asm/cpucaps.h              |  3 +-
>  arch/arm64/include/asm/sysreg.h               |  4 +
>  arch/arm64/kernel/cpufeature.c                | 13 +++
>  arch/arm64/kernel/random.c                    | 79 +++++++++++++++++++
>  arch/arm64/Kconfig                            | 12 +++
>  arch/arm64/kernel/Makefile                    |  1 +
>  drivers/char/Kconfig                          |  4 +-
>  9 files changed, 150 insertions(+), 3 deletions(-)
>  create mode 100644 arch/arm64/include/asm/archrandom.h
>  create mode 100644 arch/arm64/kernel/random.c
>
> diff --git a/Documentation/arm64/cpu-feature-registers.rst b/Documentation/arm64/cpu-feature-registers.rst
> index 2955287e9acc..78d6f5c6e824 100644
> --- a/Documentation/arm64/cpu-feature-registers.rst
> +++ b/Documentation/arm64/cpu-feature-registers.rst
> @@ -117,6 +117,8 @@ infrastructure:
>       +------------------------------+---------+---------+
>       | Name                         |  bits   | visible |
>       +------------------------------+---------+---------+
> +     | RNDR                         | [63-60] |    y    |
> +     +------------------------------+---------+---------+
>       | TS                           | [55-52] |    y    |
>       +------------------------------+---------+---------+
>       | FHM                          | [51-48] |    y    |
> diff --git a/arch/arm64/include/asm/archrandom.h b/arch/arm64/include/asm/archrandom.h
> new file mode 100644
> index 000000000000..e796a6de7421
> --- /dev/null
> +++ b/arch/arm64/include/asm/archrandom.h
> @@ -0,0 +1,35 @@
> +/* SPDX-License-Identifier: GPL-2.0 */
> +#ifndef _ASM_ARCHRANDOM_H
> +#define _ASM_ARCHRANDOM_H
> +
> +#ifdef CONFIG_ARCH_RANDOM
> +
> +bool __must_check arch_get_random_long(unsigned long *v);
> +bool __must_check arch_get_random_seed_long(unsigned long *v);
> +
> +static inline bool __must_check arch_get_random_int(unsigned int *v)
> +{
> +       unsigned long val;
> +
> +       if (arch_get_random_long(&val)) {
> +               *v = val;
> +               return true;
> +       }
> +
> +       return false;
> +}
> +
> +static inline bool __must_check arch_get_random_seed_int(unsigned int *v)
> +{
> +       unsigned long val;
> +
> +       if (arch_get_random_seed_long(&val)) {
> +               *v = val;
> +               return true;
> +       }
> +
> +       return false;
> +}
> +
> +#endif /* CONFIG_ARCH_RANDOM */
> +#endif /* _ASM_ARCHRANDOM_H */
> diff --git a/arch/arm64/include/asm/cpucaps.h b/arch/arm64/include/asm/cpucaps.h
> index ac1dbca3d0cd..1dd7644bc59a 100644
> --- a/arch/arm64/include/asm/cpucaps.h
> +++ b/arch/arm64/include/asm/cpucaps.h
> @@ -54,7 +54,8 @@
>  #define ARM64_WORKAROUND_1463225               44
>  #define ARM64_WORKAROUND_CAVIUM_TX2_219_TVM    45
>  #define ARM64_WORKAROUND_CAVIUM_TX2_219_PRFM   46
> +#define ARM64_HAS_RNG                          47
>
> -#define ARM64_NCAPS                            47
> +#define ARM64_NCAPS                            48
>
>  #endif /* __ASM_CPUCAPS_H */
> diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h
> index 6e919fafb43d..5e718f279469 100644
> --- a/arch/arm64/include/asm/sysreg.h
> +++ b/arch/arm64/include/asm/sysreg.h
> @@ -365,6 +365,9 @@
>  #define SYS_CTR_EL0                    sys_reg(3, 3, 0, 0, 1)
>  #define SYS_DCZID_EL0                  sys_reg(3, 3, 0, 0, 7)
>
> +#define SYS_RNDR_EL0                   sys_reg(3, 3, 2, 4, 0)
> +#define SYS_RNDRRS_EL0                 sys_reg(3, 3, 2, 4, 1)
> +
>  #define SYS_PMCR_EL0                   sys_reg(3, 3, 9, 12, 0)
>  #define SYS_PMCNTENSET_EL0             sys_reg(3, 3, 9, 12, 1)
>  #define SYS_PMCNTENCLR_EL0             sys_reg(3, 3, 9, 12, 2)
> @@ -539,6 +542,7 @@
>                          ENDIAN_SET_EL1 | SCTLR_EL1_UCI  | SCTLR_EL1_RES1)
>
>  /* id_aa64isar0 */
> +#define ID_AA64ISAR0_RNDR_SHIFT                60
>  #define ID_AA64ISAR0_TS_SHIFT          52
>  #define ID_AA64ISAR0_FHM_SHIFT         48
>  #define ID_AA64ISAR0_DP_SHIFT          44
> diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
> index 80f459ad0190..456d5c461cbf 100644
> --- a/arch/arm64/kernel/cpufeature.c
> +++ b/arch/arm64/kernel/cpufeature.c
> @@ -119,6 +119,7 @@ static void cpu_enable_cnp(struct arm64_cpu_capabilities const *cap);
>   * sync with the documentation of the CPU feature register ABI.
>   */
>  static const struct arm64_ftr_bits ftr_id_aa64isar0[] = {
> +       ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR0_RNDR_SHIFT, 4, 0),
>         ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR0_TS_SHIFT, 4, 0),
>         ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR0_FHM_SHIFT, 4, 0),
>         ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR0_DP_SHIFT, 4, 0),
> @@ -1565,6 +1566,18 @@ static const struct arm64_cpu_capabilities arm64_features[] = {
>                 .sign = FTR_UNSIGNED,
>                 .min_field_value = 1,
>         },
> +#endif
> +#ifdef CONFIG_ARCH_RANDOM
> +       {
> +               .desc = "Random Number Generator",
> +               .capability = ARM64_HAS_RNG,
> +               .type = ARM64_CPUCAP_WEAK_LOCAL_CPU_FEATURE,
> +               .matches = has_cpuid_feature,
> +               .sys_reg = SYS_ID_AA64ISAR0_EL1,
> +               .field_pos = ID_AA64ISAR0_RNDR_SHIFT,
> +               .sign = FTR_UNSIGNED,
> +               .min_field_value = 1,
> +       },
>  #endif
>         {},
>  };
> diff --git a/arch/arm64/kernel/random.c b/arch/arm64/kernel/random.c
> new file mode 100644
> index 000000000000..a13f082d88e6
> --- /dev/null
> +++ b/arch/arm64/kernel/random.c
> @@ -0,0 +1,79 @@
> +/* SPDX-License-Identifier: GPL-2.0 */
> +/*
> + * Random number generation using ARMv8.5-RNG.
> + */
> +
> +#include <linux/random.h>
> +#include <linux/ratelimit.h>
> +#include <linux/printk.h>
> +#include <linux/preempt.h>
> +#include <asm/cpufeature.h>
> +
> +static inline bool has_random(void)
> +{
> +       /*
> +        * We "have" RNG if either
> +        * (1) every cpu in the system has RNG, or
> +        * (2) in a non-preemptable context, current cpu has RNG.
> +        * Case 1 is the expected case when RNG is deployed, but
> +        * case 2 is present as a backup in case some big/little
> +        * system only has RNG on big cpus, we can still add entropy
> +        * from the interrupt handler of the big cpus.

I don't understand the reference to the interrupt handler here. It is
worth mentioning though that this arrangement permits
rand_initialize() to use the instructions regardless of whether they
are implemented only by the boot CPU or by all of them.

> +        * We can use __cpus_have_const_cap because we then fall
> +        * back to checking the current cpu.
> +        */
> +       return __cpus_have_const_cap(ARM64_HAS_RNG) ||
> +              (!preemptible() && this_cpu_has_cap(ARM64_HAS_RNG));
> +}
> +
> +bool arch_get_random_long(unsigned long *v)
> +{
> +       bool ok;
> +
> +       if (!has_random()) {
> +               return false;
> +       }
> +
> +       /*
> +        * Reads of RNDR set PSTATE.NZCV to 0b0000 on success,
> +        * and set PSTATE.NZCV to 0b0100 otherwise.
> +        */
> +       asm volatile(
> +               __mrs_s("%0", SYS_RNDR_EL0) "\n"
> +       "       cset %w1, ne\n"
> +       : "=r"(*v), "=r"(ok)
> +       :
> +       : "cc");
> +
> +       if (unlikely(!ok)) {
> +               pr_warn_ratelimited("cpu%d: sys_rndr failed\n",
> +                                   read_cpuid_id());
> +       }
> +       return ok;
> +}
> +
> +bool arch_get_random_seed_long(unsigned long *v)
> +{
> +       bool ok;
> +
> +       if (!has_random()) {
> +               return false;
> +       }
> +
> +       /*
> +        * Reads of RNDRRS set PSTATE.NZCV to 0b0000 on success,
> +        * and set PSTATE.NZCV to 0b0100 otherwise.
> +        */
> +       asm volatile(
> +               __mrs_s("%0", SYS_RNDRRS_EL0) "\n"
> +       "       cset %w1, ne\n"
> +       : "=r"(*v), "=r"(ok)
> +       :
> +       : "cc");
> +
> +       if (unlikely(!ok)) {
> +               pr_warn_ratelimited("cpu%d: sys_rndrrs failed\n",
> +                                   read_cpuid_id());
> +       }
> +       return ok;
> +}
> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
> index 3f047afb982c..5bc88601f07b 100644
> --- a/arch/arm64/Kconfig
> +++ b/arch/arm64/Kconfig
> @@ -1438,6 +1438,18 @@ config ARM64_PTR_AUTH
>
>  endmenu
>
> +menu "ARMv8.5 architectural features"
> +
> +config ARCH_RANDOM
> +       bool "Enable support for random number generation"
> +       default y
> +       help
> +         Random number generation (part of the ARMv8.5 Extensions)
> +         provides a high bandwidth, cryptographically secure
> +         hardware random number generator.
> +
> +endmenu
> +
>  config ARM64_SVE
>         bool "ARM Scalable Vector Extension support"
>         default y
> diff --git a/arch/arm64/kernel/Makefile b/arch/arm64/kernel/Makefile
> index 478491f07b4f..a47c2b984da7 100644
> --- a/arch/arm64/kernel/Makefile
> +++ b/arch/arm64/kernel/Makefile
> @@ -63,6 +63,7 @@ obj-$(CONFIG_CRASH_CORE)              += crash_core.o
>  obj-$(CONFIG_ARM_SDE_INTERFACE)                += sdei.o
>  obj-$(CONFIG_ARM64_SSBD)               += ssbd.o
>  obj-$(CONFIG_ARM64_PTR_AUTH)           += pointer_auth.o
> +obj-$(CONFIG_ARCH_RANDOM)              += random.o
>
>  obj-y                                  += vdso/ probes/
>  obj-$(CONFIG_COMPAT_VDSO)              += vdso32/
> diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig
> index df0fc997dc3e..f26a0a8cc0d0 100644
> --- a/drivers/char/Kconfig
> +++ b/drivers/char/Kconfig
> @@ -539,7 +539,7 @@ endmenu
>
>  config RANDOM_TRUST_CPU
>         bool "Trust the CPU manufacturer to initialize Linux's CRNG"
> -       depends on X86 || S390 || PPC
> +       depends on X86 || S390 || PPC || ARM64
>         default n
>         help
>         Assume that CPU manufacturer (e.g., Intel or AMD for RDSEED or
> @@ -559,4 +559,4 @@ config RANDOM_TRUST_BOOTLOADER
>         device randomness. Say Y here to assume the entropy provided by the
>         booloader is trustworthy so it will be added to the kernel's entropy
>         pool. Otherwise, say N here so it will be regarded as device input that
> -       only mixes the entropy pool.
> \ No newline at end of file
> +       only mixes the entropy pool.
> --
> 2.17.1
>

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

  reply	other threads:[~2019-11-06 21:31 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-11-06 14:19 [PATCH v4 0/1] arm64: Implement archrandom.h for ARMv8.5-RNG Richard Henderson
2019-11-06 14:19 ` [PATCH v4 1/1] " Richard Henderson
2019-11-06 21:30   ` Ard Biesheuvel [this message]
2019-11-08 11:09     ` Richard Henderson
2019-11-08 13:03       ` Ard Biesheuvel
2019-11-08 14:24         ` Ard Biesheuvel
2019-11-08 14:52           ` Richard Henderson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAKv+Gu8pb5pBFBg0wGoORmaS6yzmoX7L45LLnhuZhqw4JX7d+w@mail.gmail.com \
    --to=ard.biesheuvel@linaro.org \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=mark.rutland@arm.com \
    --cc=richard.henderson@linaro.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).