From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 95B3D456CF; Sat, 27 Jul 2024 19:07:42 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 2571940299; Sat, 27 Jul 2024 19:07:42 +0200 (CEST) Received: from mail.lysator.liu.se (mail.lysator.liu.se [130.236.254.3]) by mails.dpdk.org (Postfix) with ESMTP id 7BF5F40285 for ; Sat, 27 Jul 2024 19:07:40 +0200 (CEST) Received: from mail.lysator.liu.se (localhost [127.0.0.1]) by mail.lysator.liu.se (Postfix) with ESMTP id 4BF2C1F0D0 for ; Sat, 27 Jul 2024 19:07:39 +0200 (CEST) Received: by mail.lysator.liu.se (Postfix, from userid 1004) id 29A601F0CF; Sat, 27 Jul 2024 19:07:39 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on hermod.lysator.liu.se X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=ALL_TRUSTED,AWL, T_SCC_BODY_TEXT_LINE autolearn=disabled version=4.0.0 X-Spam-Score: -1.3 Received: from [192.168.1.86] (h-62-63-215-114.A163.priv.bahnhof.se [62.63.215.114]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mail.lysator.liu.se (Postfix) with ESMTPSA id 8518F1F148; Sat, 27 Jul 2024 19:07:35 +0200 (CEST) Message-ID: <5d409e6a-1d61-4d8a-b9ab-8cbcf7838ad0@lysator.liu.se> Date: Sat, 27 Jul 2024 19:07:34 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH] eal: add support for TRNG with Arm RNG feature To: Wathsala Wathawana Vithanage , Shunzhi Wen , "thomas@monjalon.net" , =?UTF-8?Q?Mattias_R=C3=B6nnblom?= , Ruifeng Wang , Bruce Richardson , Tyler Retzlaff , Min Zhou , David Christensen , Stanislaw Kardach , Konstantin Ananyev Cc: "dev@dpdk.org" , nd , Jack Bond-Preston , Dhruv Tripathi , Honnappa Nagarahalli References: <20240723212703.721050-1-shunzhi.wen@arm.com> <536d1325-ee15-4630-9ae9-00cef9411d34@lysator.liu.se> <2d28f42f-480b-4070-8ba2-1353a742b46d@lysator.liu.se> Content-Language: en-US From: =?UTF-8?Q?Mattias_R=C3=B6nnblom?= In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV using ClamSMTP X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org On 2024-07-27 17:45, Wathsala Wathawana Vithanage wrote: > Hi Mattias, > >>> The primary goal of this patch is to provide a direct interface to HW, >>> instead of letting kernel handle it. This is not an API just for Arm >>> CPUs, as other vendors also have similar HW features. For instance, >>> Intel and AMD has support for x86 RDRAND and RDSEED instructions, thus >>> can easily implement this API. >>> >> >> No DPDK library (or PMD) currently needs this functionality, and no >> application, to my knowledge, has asked for this. If an app or a DPDK library >> would require cryptographically secure random numbers, it would most likely >> require it on all CPU/OS platforms (and with all DPDK -march flags). >> > > I'm sorry, I'm not following this. Are you saying > > (a) adding a feature someone hasn't already asked for is impossible? > No, not if you can explain why this feature will be useful. You guys made no such attempt. > (b) it is impossible to add support for a feature that is only available in a few CPUs > of an architecture family? > Cryptographically secure random numbers are available on all CPUs, via the operating system. Arguably, such random numbers are more secure than anything that a machine instruction can offer. If your patch are to have non-zero chance of being accepted, it should include a base implementation based on getrandom() (and the Windows equivalent), with the proper optimizations (e.g., batching entropy requests to the kernel on a per-lcore basis). You would also need to provide a rationale why ARM CPU HW random numbers are better than what the kernel can offer. The only potential reason I can think of is performance, so you would need to quantify that in some way. In addition, reliance on CPU CSRNG would need to be a build-time option, and disabled by default. Plus, what I've mentioned several times, give a rationale why DPDK should have this functionality. >> RDRAND is only available on certain x86_64 CPUs, and is incredibly slow >> - slower than getting entropy via the kernel, even with non-vDSO syscalls. >> >> Agner Fog lists the RDRAND latency as ~3700 cc for Zen 2. Later generations of >> both AMD and Intel CPUs have much shorter latencies, but a reciprocal >> throughput so low that one have to wait thousands of clock cycles before >> issuing another RDRAND, or risk stalling the core. >> >> My Raptor Lake seems to require ~1000 cc retire RDRAND, which is ~11x >> slower than getting entropy (in bulk) via getentropy(). >> >> What is the latency for the ARM equivalent? Does it also have a reciprocal >> throughput issue? >> > > Agree, from the numbers you are showing, it looks like they are all slow and > unsuitable for the data plane. But aren't there multi-plane DPDK applications > with control-plane threads that can benefit from a CSRNG, albeit slow? > >