| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 14 Apr 2018 15:41:42 -0700
From: Andy Lutomirski <luto@...capital.net>
To: Alexey Dobriyan <adobriyan@...il.com>
Cc: LKML <linux-kernel@...r.kernel.org>, "Ted Ts'o" <tytso@....edu>,
kvm list <kvm@...r.kernel.org>, security@...nel.org
Subject: Re: repeatable boot randomness inside KVM guest
On Sat, Apr 14, 2018 at 12:59 PM, Alexey Dobriyan <adobriyan@...il.com> wrote:
> SLAB allocators got CONFIG_SLAB_FREELIST_RANDOM option which randomizes
> allocation pattern inside a slab:
>
>
> #ifdef CONFIG_SLAB_FREELIST_RANDOM
> /* Pre-initialize the random sequence cache */
> static int init_cache_random_seq(struct kmem_cache *s)
> {
> ...
>
> Then I printed actual random sequences for each kmem cache.
> Turned out they were all the same for most of the caches and
> they didn't vary across guest reboots.
>
> int cache_random_seq_create(struct kmem_cache *cachep, unsigned int count, gfp_t gfp)
> {
> ...
> /* Get best entropy at this stage of boot */
> prandom_seed_state(&state, get_random_long());
>
> Then I searched internet and turned out KVM can pass randomness via
> virtio-rng or something. So I linked /dev/urandom.
>
> And it didn't help!
>
> The only way to get randomness for SLAB is to enable RDRAND inside guest.
>
> Is it KVM bug?
>
> For the record I'm using qemu 2.11.1-r2 and whatever F27 ships now.
virtio-rng doesn't really do that. I have an ancient patch set to do
exactly what you want, and I should dust it off.
Powered by blists - more mailing lists