Xen project Mailing List

Re: [PATCH v2 for-4.21 0/2] x86/AMD: deal with RDSEED issues

To: Jan Beulich <jbeulich@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Mon, 3 Nov 2025 14:10:27 +0000

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=3onIjthpmHhBsy+KQ4CCh6zxX5I/6thsGoo/Yqp7hWs=; b=UYYuxn9r/Z5O/U2xzTHs77riCwvMsPLOya1KjO9vugB7bfSTaCoY/Y0SlOyCPJjBBBdurDq5+JH2rvixlgeBrzSaDfA4z8Me6T6ROjE66j/ERYdVIjSXdZ4reBxTGm1sCnLKMOQ0SSbFXXEDY2P/fwkb7eDJ9rsfxNGoQB0w1uaqNHpcddKuaQpir+q50BYz1oX3x+536yCqcwZYUT/5WQvyxkKLopaViIrYNe/yKRsBNrC4Yc1imAzuGP3fWkGHKpGMrE7E1M7ouORts54pnntaVshYT4FecgwxQA0i7a2CRftNhePBG3p7QjuLYJSKvwhJniSv0Apkf60qZ8EgUQ==

Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=N8Gy/0oquLfSqlQieghaEs3qgGFHfC3U2yP8MwSVnsY6PfulaKNYUo2lnjXCNvqU6id1KQDW9Yk4lsdFNp3CBlyw7crd/E59XK5bOEpB03B8lF5T64cw+3+aEuSwHLoxu6SAUIp/x4uDste1VomB+ueKqrGCEKSF8G8D6lFeoEfwSgu3j2hj4GEc36s2UUC15qJYUHD/2dK4+9FLKDkwDSqYjG0AcsAYqZUBCPtHxD/3nmw3i0L41mAaYSZ0krUzlP9W2DNL0jLtppPJGrTG7RytqZ1DX0LGKSMiy2ZmbqgMXMvB8C4l0LDF1AumdCNwVsaI5bKS0UBrgj3cQwjMdw==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;

Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Oleksii Kurochko <oleksii.kurochko@xxxxxxxxx>

Delivery-date: Mon, 03 Nov 2025 14:11:03 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 28/10/2025 3:32 pm, Jan Beulich wrote: > Both patches also want 'x86/CPU: extend is_forced_cpu_cap()'s "reach"' in > place. > > 1: disable RDSEED on Fam17 model 47 stepping 0 > 2: disable RDSEED on most of Zen5 We have two existing cases for RDRAND issues in Xen: 1) IvyBridge SRBDS speculative vulnerability. Here, the RNG is good, but use of the RDRAND instruction can allow another entity on the system to observe the random number. RDRAND is off by default, but can be opted in to. 2) AMD Fam15/16h Laptop. Here, the RNG is fine, except after S3 on one single OEM. Use of RDRAND can be activated on the command line, but there's no ability for individual VMs to opt in. Being a laptop, migration isn't a major concern. For this seres about RDSEED, we've got: 1) Cyan Skillfish, the PlayStation 5 CPU but also in one crypto-mining rig. Here, RDSEED is deterministically broken and not getting a fix. The chances of Xen running on these systems is almost 0. We should turn off RDSEED and be done with it; it's not interesting in the slightest to be able to turn back on. 2) Zen5. Here, RDSEED gives a higher-than-expected rate of 0's for only the 32bit and 16bit forms; the 64bit form is unaffected. There is microcode to fix it, on server at least. Firmware fixes for client are rather further away. 64bit OSes are likely fine (using the 64bit instruction form). Some Linux devs think that Linux would be safe even using the 32bit form, if it really only has a 10% zeroes rate. There is certainly a risk that software uses the 32b/16b forms, and not mix it properly with other entropy, but the common case these days (64b) works just fine. This means that blanket-disabling does more harm than good. This case does really want to be off by default (given no microcode), but able to be opted in to. At least one major class of OSes (Linux) are safe despite the issue. ~Andrew

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.