lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20130307082301.GA4135@amit.redhat.com>
Date:	Thu, 7 Mar 2013 13:53:01 +0530
From:	Amit Shah <amit.shah@...hat.com>
To:	Rusty Russell <rusty@...tcorp.com.au>
Cc:	Virtualization List <virtualization@...ts.linux-foundation.org>,
	linux-kernel@...r.kernel.org, hpa@...or.com,
	Anthony Liguori <anthony@...emonkey.ws>
Subject: Re: [PATCH 1/1] virtio: rng: disallow multiple device registrations,
 fixes crashes

(CC'ing lkml and hpa for thoughts on multiple active hwrng devices)

On (Thu) 07 Mar 2013 [12:06:31], Rusty Russell wrote:
> Amit Shah <amit.shah@...hat.com> writes:
> > The code currently only supports one virtio-rng device at a time.
> > Invoking guests with multiple devices causes the guest to blow up.
> >
> > Check if we've already registered and initialised the driver.  Also
> > cleanup in case of registration errors or hot-unplug so that a new
> > device can be used.
> >
> > Reported-by: Peter Krempa <pkrempa@...hat.com>
> > Reported-by: <yunzheng@...hat.com>
> > Signed-off-by: Amit Shah <amit.shah@...hat.com>
> > ---
> >
> > Also valid for stable?
> 
> Yes.  We could fix virtio-rng to allow multiple rngs, but of course it
> will fail anyway since hwrng wants unique names.  And changing the name
> to be virtio-%u will probably break things, for no real upside.

The hwrng interface also sources its input from one active device at a
time, and that's selectable via a sysfs interface.

If we extend the hwrng interface to source from multiple devices at
the same time, and taking in whatever it gets from whichever device
has data to give, wlil having multiple virtio devices make sense.

But, several active hwrng devices has its own set of problems: on need
for entropy, which device do you ask from?  Just asking all devices
for precious entropy, when only one could give out all of it is not
productive (or secure?).

> Applied, and Cc:stable added.

Thanks!

		Amit
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ