From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 674004568A; Wed, 24 Jul 2024 18:16:25 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 0110942DA3; Wed, 24 Jul 2024 18:16:25 +0200 (CEST) Received: from mail-pl1-f170.google.com (mail-pl1-f170.google.com [209.85.214.170]) by mails.dpdk.org (Postfix) with ESMTP id A29DD40B97 for ; Wed, 24 Jul 2024 18:16:23 +0200 (CEST) Received: by mail-pl1-f170.google.com with SMTP id d9443c01a7336-1fec34f94abso6255365ad.2 for ; Wed, 24 Jul 2024 09:16:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=networkplumber-org.20230601.gappssmtp.com; s=20230601; t=1721837782; x=1722442582; darn=dpdk.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:from:to:cc:subject:date :message-id:reply-to; bh=2pqKiTrPiWCq6yhTjsurKRrfeq+8hjIw74ah5Eb9ysQ=; b=iTv4dn49MWq2+zanYBNvEo4ROUe2NBgP9ijhDe0xuQGkpNodOBK5ya1DazRnMxvEHO 1STYQU5k/ZHIk00N8kyUqquD0N2ANTkb2xE+rGetBct7JWmHfMQKx6kJGvKt35CyJA8b bXJy/hI5NRSrwQcx9vnqxNNCPObp3ovq4j4KumTSx6fnGZBojLJeSwZxDLSbaacgTUgA oy3SkivoAjGCICc4yFYmuvuqztGQyM/K3UZp0RGZLeKfmRq2JF9yyVHE8AB8HGv1/d6S LUfx/gZIJFAFUwHN3J0G/VMynAfvZtGzA8af+gwuRToyaap1Y9BOh2dCJIhNwuNL1Fgk 86GQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721837782; x=1722442582; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=2pqKiTrPiWCq6yhTjsurKRrfeq+8hjIw74ah5Eb9ysQ=; b=wd9CZMaCcPc/Inc7GPktLPkNftqjV6eN0PH3VPapVmdSQ5vNBDx7ihN6j34YCA605r qTsWoCsnW3+BF6ENcgs27wr2aporvmx6WbPnLlxol9hjmvPprUUfJFVBfwcq4/eiTyJO Fy3sp25AiYg6sBVcgHj3OZkW/K+57mownzZ8VPgNf+AFnOhPwqvbN1mF+t/tPpQ/hv6Y j5k8cPg1QLPpo8N6rDSH+xdB1yFGoBE5pEPVTJVUue0bkTGvmunNoobFISCmfcZqTJQM us2tEOLu6XwIaPvvdcgRCHboXkdSi41gnnrxLka+f1VzttpqtCByJFkjCYM0p3up02eV pvWQ== X-Forwarded-Encrypted: i=1; AJvYcCW29SkzG1bq7MQ+MhlgVCN+07cNCAuVvIgd16IvuHAVuOyVAsCu5yAJ5o3ykxp+23k9Uowxwl1GlUsABEQ= X-Gm-Message-State: AOJu0YxA7ZPHfVhU7fAg5km9KKht2Fnv1FWKSchAHjb0nxkX/fexYlO9 85tIVx4Dh4bPlyp6aFomRC5HUUOKMxo1oAuhwOlyJnIfDl1wIfgEKq+MPOwGuVY= X-Google-Smtp-Source: AGHT+IEY8TMRN/Z+mY9Z0pDzijb4hcqnTyErHg7/XNphwPW+M1uPqbDMjHd0aPYgcaB+Cm6hvZDz+Q== X-Received: by 2002:a17:902:f68a:b0:1fb:973f:87f with SMTP id d9443c01a7336-1fed3ad59f3mr201815ad.45.1721837782370; Wed, 24 Jul 2024 09:16:22 -0700 (PDT) Received: from hermes.local (204-195-96-226.wavecable.com. [204.195.96.226]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-1fd6f31846dsm96509675ad.164.2024.07.24.09.16.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jul 2024 09:16:22 -0700 (PDT) Date: Wed, 24 Jul 2024 09:16:20 -0700 From: Stephen Hemminger To: Mattias =?UTF-8?B?UsO2bm5ibG9t?= Cc: Shunzhi Wen , Thomas Monjalon , Mattias =?UTF-8?B?UsO2bm5ibG9t?= , Ruifeng Wang , Bruce Richardson , Tyler Retzlaff , Min Zhou , David Christensen , Stanislaw Kardach , Konstantin Ananyev , dev@dpdk.org, nd@arm.com, Wathsala Vithanage , Jack Bond-Preston , Dhruv Tripathi Subject: Re: [PATCH] eal: add support for TRNG with Arm RNG feature Message-ID: <20240724091620.11ce8c38@hermes.local> In-Reply-To: <18c67157-8753-4a95-9ab5-f4f1d4a32010@lysator.liu.se> References: <20240723212703.721050-1-shunzhi.wen@arm.com> <536d1325-ee15-4630-9ae9-00cef9411d34@lysator.liu.se> <20240724073501.70d86435@hermes.local> <18c67157-8753-4a95-9ab5-f4f1d4a32010@lysator.liu.se> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org On Wed, 24 Jul 2024 17:07:49 +0200 Mattias R=C3=B6nnblom wrote: > On 2024-07-24 16:35, Stephen Hemminger wrote: > > On Wed, 24 Jul 2024 08:40:39 +0200 > > Mattias R=C3=B6nnblom wrote: > > =20 > >> On 2024-07-23 23:27, Shunzhi Wen wrote:> True Random Number Generator > >> (TRNG) is capable of =20 > >> > generating random numbers from a physical entropy source. > >> > TRNG is enabled when compiled on Arm arch that supports > >> > FEAT_RNG introduced in Armv8.5-A flagged by __ARM_FEATURE_RNG. > >> > =20 > >> > >> I'm missing a rationale here. Why is this useful? > >> =20 > >> > Signed-off-by: Shunzhi Wen > >> > Reviewed-by: Wathsala Vithanage > >> > Reviewed-by: Jack Bond-Preston > >> > Reviewed-by: Dhruv Tripathi > >> > --- > >> > .mailmap | 2 ++ > >> > app/test/test_rand_perf.c | 25 +++++++++++++= ++++-- > >> > config/arm/meson.build | 2 +- > >> > lib/eal/arm/include/rte_cpuflags_64.h | 3 +++ > >> > lib/eal/arm/meson.build | 1 + > >> > lib/eal/arm/rte_cpuflags.c | 1 + > >> > lib/eal/arm/rte_random.c | 20 +++++++++++++= ++ > >> > .../{rte_random.c =3D> eal_common_random.c} | 0 > >> > lib/eal/common/meson.build | 2 +- > >> > lib/eal/include/rte_random.h | 17 +++++++++++++ > >> > lib/eal/loongarch/meson.build | 1 + > >> > lib/eal/loongarch/rte_random.c | 14 +++++++++++ > >> > lib/eal/ppc/meson.build | 1 + > >> > lib/eal/ppc/rte_random.c | 14 +++++++++++ > >> > lib/eal/riscv/meson.build | 1 + > >> > lib/eal/riscv/rte_random.c | 14 +++++++++++ > >> > lib/eal/version.map | 1 + > >> > lib/eal/x86/meson.build | 1 + > >> > lib/eal/x86/rte_random.c | 14 +++++++++++ > >> > 19 files changed, 130 insertions(+), 4 deletions(-) > >> > create mode 100644 lib/eal/arm/rte_random.c > >> > rename lib/eal/common/{rte_random.c =3D> eal_common_random.c} (1= 00%) > >> > create mode 100644 lib/eal/loongarch/rte_random.c > >> > create mode 100644 lib/eal/ppc/rte_random.c > >> > create mode 100644 lib/eal/riscv/rte_random.c > >> > create mode 100644 lib/eal/x86/rte_random.c > >> > > >> > diff --git a/.mailmap b/.mailmap > >> > index ac06962e82..23209edfd2 100644 > >> > --- a/.mailmap > >> > +++ b/.mailmap > >> > @@ -338,6 +338,7 @@ Dexia Li > >> > Dexuan Cui > >> > Dharmik Thakkar =20 > >> =20 > >> > Dheemanth Mallikarjun > >> > +Dhruv Tripathi > >> > Diana Wang > >> > Didier Pallard > >> > Dilshod Urazov > >> > @@ -1353,6 +1354,7 @@ Shuki Katzenelson > >> > Shun Hao > >> > Shu Shen > >> > Shujing Dong > >> > +Shunzhi Wen > >> > Shweta Choudaha > >> > Shyam Kumar Shrivastav > >> > Shy Shyman > >> > diff --git a/app/test/test_rand_perf.c b/app/test/test_rand_perf.c > >> > index 30204e12c0..b61cc75014 100644 > >> > --- a/app/test/test_rand_perf.c > >> > +++ b/app/test/test_rand_perf.c > >> > @@ -20,6 +20,7 @@ static volatile uint64_t vsum; > >> > > >> > enum rand_type { > >> > rand_type_64, > >> > + rand_type_true_rand_64, > >> > rand_type_float, > >> > rand_type_bounded_best_case, > >> > rand_type_bounded_worst_case > >> > @@ -31,6 +32,8 @@ rand_type_desc(enum rand_type rand_type) > >> > switch (rand_type) { > >> > case rand_type_64: > >> > return "Full 64-bit [rte_rand()]"; > >> > + case rand_type_true_rand_64: > >> > + return "Full 64-bit True Random [rte_trand()]"; > >> > case rand_type_float: > >> > return "Floating point [rte_drand()]"; > >> > case rand_type_bounded_best_case: > >> > @@ -50,6 +53,9 @@ test_rand_perf_type(enum rand_type rand_type) > >> > uint64_t end; > >> > uint64_t sum =3D 0; > >> > uint64_t op_latency; > >> > + int ret; > >> > + uint64_t val; > >> > + uint32_t fail_count =3D 0; > >> > > >> > start =3D rte_rdtsc(); > >> > > >> > @@ -58,6 +64,13 @@ test_rand_perf_type(enum rand_type rand_type) > >> > case rand_type_64: > >> > sum +=3D rte_rand(); > >> > break; > >> > + case rand_type_true_rand_64: > >> > + ret =3D rte_trand(&val); > >> > + if (ret =3D=3D 0) > >> > + sum +=3D val; > >> > + else > >> > + fail_count++; > >> > + break; > >> > case rand_type_float: > >> > sum +=3D 1000. * rte_drand(); > >> > break; > >> > @@ -77,8 +90,15 @@ test_rand_perf_type(enum rand_type rand_type) > >> > > >> > op_latency =3D (end - start) / ITERATIONS; > >> > > >> > - printf("%s: %"PRId64" TSC cycles/op\n", rand_type_desc(rand_type= ), > >> > - op_latency); > >> > + if (!fail_count) > >> > + printf("%s: %"PRId64" TSC cycles/op\n", > >> > + rand_type_desc(rand_type), > >> > + op_latency); > >> > + else > >> > + printf("%s: %"PRId64" TSC cycles/op (failed %d time(s))\n", > >> > + rand_type_desc(rand_type), > >> > + op_latency, > >> > + fail_count); > >> > } > >> > > >> > static int > >> > @@ -89,6 +109,7 @@ test_rand_perf(void) > >> > printf("Pseudo-random number generation latencies:\n"); > >> > > >> > test_rand_perf_type(rand_type_64); > >> > + test_rand_perf_type(rand_type_true_rand_64); > >> > test_rand_perf_type(rand_type_float); > >> > test_rand_perf_type(rand_type_bounded_best_case); > >> > test_rand_perf_type(rand_type_bounded_worst_case); > >> > diff --git a/config/arm/meson.build b/config/arm/meson.build > >> > index 012935d5d7..13be94254e 100644 > >> > --- a/config/arm/meson.build > >> > +++ b/config/arm/meson.build > >> > @@ -95,7 +95,7 @@ part_number_config_arm =3D { > >> > }, > >> > '0xd49': { > >> > 'march': 'armv9-a', > >> > - 'march_features': ['sve2'], > >> > + 'march_features': ['sve2', 'rng'], > >> > 'fallback_march': 'armv8.5-a', > >> > 'mcpu': 'neoverse-n2', > >> > 'flags': [ > >> > diff --git a/lib/eal/arm/include/rte_cpuflags_64.h =20 > >> b/lib/eal/arm/include/rte_cpuflags_64.h =20 > >> > index afe70209c3..6aa067339f 100644 > >> > --- a/lib/eal/arm/include/rte_cpuflags_64.h > >> > +++ b/lib/eal/arm/include/rte_cpuflags_64.h > >> > @@ -36,6 +36,9 @@ enum rte_cpu_flag_t { > >> > RTE_CPUFLAG_SVEF64MM, > >> > RTE_CPUFLAG_SVEBF16, > >> > RTE_CPUFLAG_AARCH64, > >> > + > >> > + /* RNDR, RNDRRS instructions */ > >> > + RTE_CPUFLAG_RNG, > >> > }; > >> > > >> > #include "generic/rte_cpuflags.h" > >> > diff --git a/lib/eal/arm/meson.build b/lib/eal/arm/meson.build > >> > index 6fba3d6ba7..e9e468cbf0 100644 > >> > --- a/lib/eal/arm/meson.build > >> > +++ b/lib/eal/arm/meson.build > >> > @@ -9,4 +9,5 @@ sources +=3D files( > >> > 'rte_hypervisor.c', > >> > 'rte_mmu.c', > >> > 'rte_power_intrinsics.c', > >> > + 'rte_random.c', > >> > ) > >> > diff --git a/lib/eal/arm/rte_cpuflags.c b/lib/eal/arm/rte_cpuflags= .c > >> > index 7ba4f8ba97..56074f0c6a 100644 > >> > --- a/lib/eal/arm/rte_cpuflags.c > >> > +++ b/lib/eal/arm/rte_cpuflags.c > >> > @@ -116,6 +116,7 @@ const struct feature_entry =20 > >> rte_cpu_feature_table[] =3D { =20 > >> > FEAT_DEF(SVEF64MM, REG_HWCAP2, 11) > >> > FEAT_DEF(SVEBF16, REG_HWCAP2, 12) > >> > FEAT_DEF(AARCH64, REG_PLATFORM, 0) > >> > + FEAT_DEF(RNG, REG_HWCAP2, 16) > >> > }; > >> > #endif /* RTE_ARCH */ > >> > > >> > diff --git a/lib/eal/arm/rte_random.c b/lib/eal/arm/rte_random.c > >> > new file mode 100644 > >> > index 0000000000..74c8fa733b > >> > --- /dev/null > >> > +++ b/lib/eal/arm/rte_random.c > >> > @@ -0,0 +1,20 @@ > >> > +/* SPDX-License-Identifier: BSD-3-Clause > >> > + * Copyright(c) 2024 Arm Limited > >> > + */ > >> > + > >> > +#include "arm_acle.h" > >> > +#include "rte_common.h" > >> > +#include "rte_random.h" > >> > +#include > >> > + > >> > +int > >> > +rte_trand(uint64_t *val) > >> > +{ > >> > +#if defined __ARM_FEATURE_RNG > >> > + int ret =3D __rndr(val); > >> > + return (ret =3D=3D 0) ? 0 : -ENODATA; > >> > +#else > >> > + RTE_SET_USED(val); > >> > + return -ENOTSUP; > >> > +#endif > >> > +} > >> > diff --git a/lib/eal/common/rte_random.c =20 > >> b/lib/eal/common/eal_common_random.c =20 > >> > similarity index 100% > >> > rename from lib/eal/common/rte_random.c > >> > rename to lib/eal/common/eal_common_random.c > >> > diff --git a/lib/eal/common/meson.build b/lib/eal/common/meson.bui= ld > >> > index 22a626ba6f..c4405aa48b 100644 > >> > --- a/lib/eal/common/meson.build > >> > +++ b/lib/eal/common/meson.build > >> > @@ -32,7 +32,6 @@ sources +=3D files( > >> > 'malloc_elem.c', > >> > 'malloc_heap.c', > >> > 'rte_malloc.c', > >> > - 'rte_random.c', > >> > 'rte_reciprocal.c', > >> > 'rte_service.c', > >> > 'rte_version.c', > >> > @@ -48,6 +47,7 @@ if not is_windows > >> > 'eal_common_trace.c', > >> > 'eal_common_trace_ctf.c', > >> > 'eal_common_trace_utils.c', > >> > + 'eal_common_random.c', > >> > 'hotplug_mp.c', > >> > 'malloc_mp.c', > >> > 'rte_keepalive.c', > >> > diff --git a/lib/eal/include/rte_random.h b/lib/eal/include/rte_ra= ndom.h > >> > index 5031c6fe5f..e6b5ac46ed 100644 > >> > --- a/lib/eal/include/rte_random.h > >> > +++ b/lib/eal/include/rte_random.h > >> > @@ -15,6 +15,7 @@ > >> > extern "C" { > >> > #endif > >> > > >> > +#include > >> > #include > >> > > >> > /** > >> > @@ -84,6 +85,22 @@ rte_rand_max(uint64_t upper_bound); > >> > */ > >> > double rte_drand(void); > >> > > >> > +/** > >> > + * Get a true random value. > >> > + * > >> > + * The generator is cryptographically secure. =20 > >> > >> If you want to extend with a cryptographically secure > >> random number generator, that's fine. > >> > >> To have an API that's only available on certain ARM CPUs is not. > >> > >> NAK > >> > >> A new function should be called something with "secure", rather than > >> "true" (which is a bit silly, since we might well live in a completely > >> deterministic universe). "secure" would more clearly communicate the > >> intent, and also doesn't imply any particular implementation. =20 > >=20 > > Agree, with Mattias. What constitutes a secure random number generator > > is a matter of much debate. Most of the HW random generators are taking > > diode (Schottky noise) and doing transforms on it to get something unif= orm. > >=20 > > If a key generation type API was added, why not just use existing and m= ore > > researched kernel get_random()? > > =20 >=20 > Ideally, you want to avoid system calls on lcore workers doing packet=20 > processing. If you have to do system calls (which I believe is the case=20 > here), it's better to a simple call, not so often. >=20 > getentropy() seems to need about 800 core clock cycles on my x86_64, on=20 > average. (rte_rand() needs ~11 cc/call.) 800 cc is not too horrible, but= =20 > system calls tend to have some pretty bad tail latencies. >=20 > To improve efficiency, one could do a getentropy() on a relatively large= =20 > buffer, and cache the result on a per-lcore basis, amortizing the system= =20 > call overhead over many calls. >=20 > You still have the tail latency issue to deal with. We could have a=20 > control thread providing entropy for the lcores, but that seems like=20 > massive overkill. Getrandom is a vsyscall on current kernels, and it manages use of entropy a= cross multiple sources. If you are doing lots of key generation, you don't want to hit the hardware every time. https://lwn.net/Articles/974468/