lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sat, 17 Oct 2020 09:17:21 +0200
From:   Willy Tarreau <>
To:     Jann Horn <>
Cc:     Colm MacCarthaigh <>,
        "Catangiu, Adrian Costin" <>,
        Andy Lutomirski <>,
        Jason Donenfeld <>,
        "Theodore Y. Ts'o" <>,
        Eric Biggers <>,
        "open list:DOCUMENTATION" <>,
        kernel list <>,
        "open list:VIRTIO GPU DRIVER" 
        "Graf (AWS), Alexander" <>,
        "Woodhouse, David" <>,,
        "Singh, Balbir" <>,
        "Weiss, Radu" <>,,, Jonathan Corbet <>,
        Greg Kroah-Hartman <>,
        "Michael S. Tsirkin" <>,
        Qemu Developers <>,
        KVM list <>,
        Michal Hocko <>,
        "Rafael J. Wysocki" <>,
        Pavel Machek <>,
        Linux API <>
Subject: Re: [PATCH] drivers/virt: vmgenid: add vm generation id driver

On Sat, Oct 17, 2020 at 08:55:34AM +0200, Jann Horn wrote:
> My suggestion is to use a counter *in the UAPI*, not in the hypervisor
> protocol. (And as long as that counter can only miss increments in a
> cryptographically negligible fraction of cases, everything's fine.)

OK I got it now and I agree.

> > If what is sought is pure
> > randomness (in the sense that it's unpredictable, which I don't think
> > is needed here), then randoms are better.
> And this is what *the hypervisor protocol* gives us (which could be
> very useful for reseeding the kernel RNG).

As an external source, yes very likely, as long as it's not trivially
observable by everyone under the same hypervisor :-)

> > Now the initial needs in the forwarded message are not entirely clear
> > to me but I wanted to rule out the apparent mismatch between the expressed
> > needs for uniqueness and the proposed solutions solely based on randomness.
> Sure, from a theoretical standpoint, it would be a little bit nicer if
> the hypervisor protocol included a generation number along with the
> 128-bit random value. But AFAIU it doesn't, so if we want this to just
> work under Microsoft's existing hypervisor, we'll have to make do with
> checking whether the random value changed. :P

OK got it, thanks for the explanation!


Powered by blists - more mailing lists