1. Patchew
  2. linux
  3. View series

[PATCH 0/2] x86/rdrand: implement sanity check for RDSEED

Mikhail Paulyshka posted 2 patches 9 months, 1 week ago 
arch/x86/include/asm/archrandom.h      |  1 +
arch/x86/include/asm/msr-index.h       |  1 +
arch/x86/kernel/cpu/common.c           |  1 +
arch/x86/kernel/cpu/rdrand.c           | 48 ++++++++++++++++++++++++--
tools/arch/x86/include/asm/msr-index.h |  1 +
5 files changed, 49 insertions(+), 3 deletions(-)
[PATCH 0/2] x86/rdrand: implement sanity check for RDSEED
Posted by Mikhail Paulyshka 9 months, 1 week ago 
On the AMD Cyan Skillfish (Family 0x17 Model 0x47 Stepping 0x0), which 
is a Zen2-based APU found on the AMD BC-250 board, there is a situation 
where RDRAND works fine, but RDSEED generates FF. This leads to some 
applications that use RDSEED to generate random numbers (such as 
Qt and KDE) into a nearly unusable state.

Although AMD has fixed the Zen2 RDRAND issues in 2019 with a microcode update, 
no such update has been released for the Family 0x17 Model 0x47 core.

This patchset introduces an separate sanity check for RDSEED and hides the
RDSEED and RDRAND from CPUID on AMD platforms in the case of a malfunction.

Mikhail Paulyshka (2):
  x86/rdrand: implement sanity check for RDSEED
  x86/rdrand: hide RDRAND and RDSEED from CPUID in case of a malfunction

 arch/x86/include/asm/archrandom.h      |  1 +
 arch/x86/include/asm/msr-index.h       |  1 +
 arch/x86/kernel/cpu/common.c           |  1 +
 arch/x86/kernel/cpu/rdrand.c           | 48 ++++++++++++++++++++++++--
 tools/arch/x86/include/asm/msr-index.h |  1 +
 5 files changed, 49 insertions(+), 3 deletions(-)

-- 
2.48.1
Re: [PATCH 0/2] x86/rdrand: implement sanity check for RDSEED
Posted by Borislav Petkov 8 months, 1 week ago 
On Wed, Mar 12, 2025 at 03:31:28PM +0300, Mikhail Paulyshka wrote:
> On the AMD Cyan Skillfish (Family 0x17 Model 0x47 Stepping 0x0), which 
> is a Zen2-based APU found on the AMD BC-250 board, there is a situation 
> where RDRAND works fine, but RDSEED generates FF. This leads to some 

Ok, sorry, it took a bit longer than expected.

Your patch should simply disable RDSEED in CPUID on that family, model,
stepping CPUs. No need for the RDSEED sanity check.

So feel free to send v2.

I was gonna say, for extra points you could use CPUID faulting and completely
shield off userspace from that RDSEED but your CPU doesn't support it.

:-)

Thx.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette
Re: [PATCH 0/2] x86/rdrand: implement sanity check for RDSEED
Posted by Mario Limonciello 9 months ago 
On 3/12/2025 07:31, Mikhail Paulyshka wrote:
> On the AMD Cyan Skillfish (Family 0x17 Model 0x47 Stepping 0x0), which
> is a Zen2-based APU found on the AMD BC-250 board, there is a situation
> where RDRAND works fine, but RDSEED generates FF. This leads to some
> applications that use RDSEED to generate random numbers (such as
> Qt and KDE) into a nearly unusable state.
> 
> Although AMD has fixed the Zen2 RDRAND issues in 2019 with a microcode update,
> no such update has been released for the Family 0x17 Model 0x47 core.
> 
> This patchset introduces an separate sanity check for RDSEED and hides the
> RDSEED and RDRAND from CPUID on AMD platforms in the case of a malfunction.
> 
> Mikhail Paulyshka (2):
>    x86/rdrand: implement sanity check for RDSEED
>    x86/rdrand: hide RDRAND and RDSEED from CPUID in case of a malfunction
> 
>   arch/x86/include/asm/archrandom.h      |  1 +
>   arch/x86/include/asm/msr-index.h       |  1 +
>   arch/x86/kernel/cpu/common.c           |  1 +
>   arch/x86/kernel/cpu/rdrand.c           | 48 ++++++++++++++++++++++++--
>   tools/arch/x86/include/asm/msr-index.h |  1 +
>   5 files changed, 49 insertions(+), 3 deletions(-)
> 

Can you please share more about the BIOS firmware version on your device?

/sys/class/dmi/id/bios_version

Thanks,
Re: [PATCH 0/2] x86/rdrand: implement sanity check for RDSEED
Posted by Mikhail Paulyshka 9 months ago 
On 3/18/25 11:50 PM, Mario Limonciello wrote:
> On 3/12/2025 07:31, Mikhail Paulyshka wrote:
>> On the AMD Cyan Skillfish (Family 0x17 Model 0x47 Stepping 0x0), which
>> is a Zen2-based APU found on the AMD BC-250 board, there is a situation
>> where RDRAND works fine, but RDSEED generates FF. This leads to some
>> applications that use RDSEED to generate random numbers (such as
>> Qt and KDE) into a nearly unusable state.
>>
>> Although AMD has fixed the Zen2 RDRAND issues in 2019 with a 
>> microcode update,
>> no such update has been released for the Family 0x17 Model 0x47 core.
>>
>> This patchset introduces an separate sanity check for RDSEED and 
>> hides the
>> RDSEED and RDRAND from CPUID on AMD platforms in the case of a 
>> malfunction.
>>
>> Mikhail Paulyshka (2):
>>    x86/rdrand: implement sanity check for RDSEED
>>    x86/rdrand: hide RDRAND and RDSEED from CPUID in case of a 
>> malfunction
>>
>>   arch/x86/include/asm/archrandom.h      |  1 +
>>   arch/x86/include/asm/msr-index.h       |  1 +
>>   arch/x86/kernel/cpu/common.c           |  1 +
>>   arch/x86/kernel/cpu/rdrand.c           | 48 ++++++++++++++++++++++++--
>>   tools/arch/x86/include/asm/msr-index.h |  1 +
>>   5 files changed, 49 insertions(+), 3 deletions(-)
>>
>
> Can you please share more about the BIOS firmware version on your device?
>
> /sys/class/dmi/id/bios_version
>
> Thanks,

#cat /sys/class/dmi/id/bios_version
P5.00

I have tried P4.00G and P5.00, both have the same microcode and behavior.
Re: [PATCH 0/2] x86/rdrand: implement sanity check for RDSEED
Posted by Borislav Petkov 9 months, 1 week ago 
On Wed, Mar 12, 2025 at 03:31:28PM +0300, Mikhail Paulyshka wrote:
> On the AMD Cyan Skillfish (Family 0x17 Model 0x47 Stepping 0x0), which 
> is a Zen2-based APU found on the AMD BC-250 board, there is a situation 
> where RDRAND works fine, but RDSEED generates FF.

On every read? Or only sometimes?

Is CF clear when it returns FF?

Thx.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette
Re: [PATCH 0/2] x86/rdrand: implement sanity check for RDSEED
Posted by Mikhail Paulyshka 9 months, 1 week ago 
On 3/13/25 8:32 PM, Borislav Petkov wrote:
> On Wed, Mar 12, 2025 at 03:31:28PM +0300, Mikhail Paulyshka wrote:
>> On the AMD Cyan Skillfish (Family 0x17 Model 0x47 Stepping 0x0), which
>> is a Zen2-based APU found on the AMD BC-250 board, there is a situation
>> where RDRAND works fine, but RDSEED generates FF.
> On every read? Or only sometimes?

I didn't find a situation where it returns something different, so yes, 
I believe it happens on every read and tested on 3+ hardware samples.

> Is CF clear when it returns FF?


Just right after rdseed %edx


# info registers edx

edx 0xffffffff -1


# info registers eflags

eflags 0x203 [ CF IF ]
Re: [PATCH 0/2] x86/rdrand: implement sanity check for RDSEED
Posted by Borislav Petkov 9 months, 1 week ago 
On Wed, Mar 12, 2025 at 03:31:28PM +0300, Mikhail Paulyshka wrote:
> On the AMD Cyan Skillfish (Family 0x17 Model 0x47 Stepping 0x0), which 
> is a Zen2-based APU found on the AMD BC-250 board, there is a situation 
> where RDRAND works fine, but RDSEED generates FF. This leads to some 
> applications that use RDSEED to generate random numbers (such as 
> Qt and KDE) into a nearly unusable state.
> 
> Although AMD has fixed the Zen2 RDRAND issues in 2019 with a microcode update, 
> no such update has been released for the Family 0x17 Model 0x47 core.

What's the microcode level on that machine?

Also, send

cpuid -r

output pls.

Thx.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette
Re: [PATCH 0/2] x86/rdrand: implement sanity check for RDSEED
Posted by Mikhail Paulyshka 9 months, 1 week ago 
On 3/12/25 3:40 PM, Borislav Petkov wrote:
> On Wed, Mar 12, 2025 at 03:31:28PM +0300, Mikhail Paulyshka wrote:
>> On the AMD Cyan Skillfish (Family 0x17 Model 0x47 Stepping 0x0), which
>> is a Zen2-based APU found on the AMD BC-250 board, there is a situation
>> where RDRAND works fine, but RDSEED generates FF. This leads to some
>> applications that use RDSEED to generate random numbers (such as
>> Qt and KDE) into a nearly unusable state.
>>
>> Although AMD has fixed the Zen2 RDRAND issues in 2019 with a microcode update,
>> no such update has been released for the Family 0x17 Model 0x47 core.
> What's the microcode level on that machine?
> dmesg | grep -i microcode [ 0.059689] [ T0] Zenbleed: please update your microcode for the most 
optimal fix [ 0.663746] [ T1] microcode: Current revision: 0x08407007
> Also, send
>
> cpuid -r

https://paste.debian.net/1362645
Re: [PATCH 0/2] x86/rdrand: implement sanity check for RDSEED
Posted by Mikhail Paulyshka 9 months, 1 week ago 
On 3/12/25 4:17 PM, Mikhail Paulyshka wrote:
> On 3/12/25 3:40 PM, Borislav Petkov wrote:
>> On Wed, Mar 12, 2025 at 03:31:28PM +0300, Mikhail Paulyshka wrote:
>>> On the AMD Cyan Skillfish (Family 0x17 Model 0x47 Stepping 0x0), which
>>> is a Zen2-based APU found on the AMD BC-250 board, there is a situation
>>> where RDRAND works fine, but RDSEED generates FF. This leads to some
>>> applications that use RDSEED to generate random numbers (such as
>>> Qt and KDE) into a nearly unusable state.
>>>
>>> Although AMD has fixed the Zen2 RDRAND issues in 2019 with a 
>>> microcode update,
>>> no such update has been released for the Family 0x17 Model 0x47 core.
>> What's the microcode level on that machine?
>> dmesg | grep -i microcode [ 0.059689] [ T0] Zenbleed: please update 
>> your microcode for the most 
> optimal fix [ 0.663746] [ T1] microcode: Current revision: 0x08407007
>> Also, send
>>
>> cpuid -r
>
> https://paste.debian.net/1362645
>
Link expired. Permanent link: 
https://mixaill.net/linux-kernel-lists/bc250_log_1.txt

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.