Re: x86 CPU RNG support, take 2

[Thor Lancelot Simon <tls%panix.com@localhost>]

On Sun, Dec 27, 2015 at 02:26:36AM +0000, Taylor R Campbell wrote:
[...]
> What does MSR_VIA_RNG_2NOISE actually do?  Can you add a documentation
> citation?

As the comment just above noted:
	/* C7 stepping 8 and subsequent CPUs have dual RNG */

For some reason, you have to turn the second noise source on.  I don't
have full PadLock docs, but googling around I see a few things that suggest
originally the intent was to prevent userspace from starving the kernel by
assigning one noise source to each -- but that that does not actually work.

The bits are reserved on earlier CPUs and it is likely safe to frob them,
but given the scarcity of VIA gear for testing these days -- let's not.

[...]
>    +#if defined(__HAVE_CPU_RNG)
>    +       {
>    +               cpu_rng_t test;
>    +
>    +               cpu_rng_init();
>    +               if (cpu_rng(&test)) {
>    +                       rndsource_setcb(&rnd_cpu_source, rnd_cpu_get,
>    +                                       &rnd_cpu_source);
>    +                       rnd_attach_source(&rnd_cpu_source, "cpurng",
>    +                                         RND_TYPE_RNG,
>    +                                         RND_FLAG_COLLECT_VALUE|
>    +                                         RND_FLAG_HASCB|RND_FLAG_HASENABLE);
> 
> Why attach only if it immediately works?  A transient failure here
> seems plausible enough to me, and there's no harm if it fails later.

If I do that, we'll get a cpurng entropy source even on CPUs that don't
actually have one.  I'd rather not.

Thor