Re: Question on get random long worse in VM than on host

From: Marc Zyngier
Date: Sat Aug 31 2024 - 03:42:34 EST


[+ Ard, who actually understands the whole RNG thing]

On Sat, 31 Aug 2024 04:34:33 +0100,
Tangnianyao <tangnianyao@xxxxxxxxxx> wrote:
>
> Hi, all
>
> On ARM64 server(Kunpeng), performance of some syscall cases (like fork
> and open) in guest, which need random u64, are 10~20% worse than
> those on host. Because CONFIG_ARCH_HAS_ELF_RANDOMIZE=y and
> CONFIG_STACKPROTECTOR=y, guest kernel need random u64 and
> require them from host kvm using hvc.
>
> If FEAT_RNG is supported and EL3 firmware not support smccc trng, host
> kvm finally return random u64 using RNDRRS to guest.
>
> Shall we firstly let guest get random u64 from RNDRRS to avoid hvc trap?
> For example, if host find smccc trng not available, then tell guest smccc
> trng not available when guest check trng version.

My recollection is that it was a deliberate decision to decouple what
the host firmware offers from what the guest sees (we can always
implement the SMCCC TRNG using any mechanism that the host has to
deliver entropy).

Now, userspace has almost complete freedom to expose what the guest
sees in terms of PV services. In this particular case, it can write to
the KVM_REG_ARM_STD_BMAP pseudo register to remove the
KVM_REG_ARM_STD_BIT_TRNG_V1_0 bit from the bitmap, which will hide the
functionality.

Isn't this sufficient here? Given that you seem to be micro-optimising
for a particular platform, this seems like the easiest way to reach
your goal without having to change anything.

Thanks,

M.

--
Without deviation from the norm, progress is not possible.