lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <b3b9dd9b-c42c-f057-f546-3e390b50479f@amazon.com>
Date:   Fri, 25 Feb 2022 16:15:59 +0100
From:   Alexander Graf <graf@...zon.com>
To:     "Jason A. Donenfeld" <Jason@...c4.com>
CC:     <kvm@...r.kernel.org>, <linux-crypto@...r.kernel.org>,
        <linux-hyperv@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
        <adrian@...ity.io>, <ardb@...nel.org>, <ben@...portsystems.com>,
        <berrange@...hat.com>, <colmmacc@...zon.com>,
        <decui@...rosoft.com>, <dwmw@...zon.co.uk>, <ebiggers@...nel.org>,
        <ehabkost@...hat.com>, <gregkh@...uxfoundation.org>,
        <haiyangz@...rosoft.com>, <imammedo@...hat.com>,
        <jannh@...gle.com>, <kys@...rosoft.com>, <lersek@...hat.com>,
        <linux@...inikbrodowski.net>, <mst@...hat.com>,
        <qemu-devel@...gnu.org>, <raduweis@...zon.com>,
        <sthemmin@...rosoft.com>, <tytso@....edu>, <wei.liu@...nel.org>
Subject: Re: [PATCH v4] virt: vmgenid: introduce driver for reinitializing RNG
 on VM fork


On 25.02.22 15:54, Jason A. Donenfeld wrote:
> Hi Alex,
>
> Missed this remark before:
>
> On Fri, Feb 25, 2022 at 02:57:38PM +0100, Alexander Graf wrote:
>> Please expose the vmgenid via /sysfs so that user space even remotely
>> has a chance to check if it's been cloned.
> No. Did you read the 0/2 cover letter? I'll quote it for you here:
>
>> As a side note, this series intentionally does _not_ focus on
>> notification of these events to userspace or to other kernel consumers.
>> Since these VM fork detection events first need to hit the RNG, we can
>> later talk about what sorts of notifications or mmap'd counters the RNG
>> should be making accessible to elsewhere. But that's a different sort of
>> project and ties into a lot of more complicated concerns beyond this
>> more basic patchset. So hopefully we can keep the discussion rather
>> focused here to this ACPI business.
> What about that was unclear to you?
>
> Anyway, it's a different thing that will have to be designed and
> considered carefully, and that design doesn't have a whole lot to do
> with this little driver here, except insofar as it could build on top of
> it in one way or another. Yes, it's an important thing to do. No, I'm
> not going to do it in this patch here. If you want to have a discussion
> about that, start a different thread.


I'm not talking about a notification interface - we've gone through 
great length on that one in the previous submission. What I'm more 
interested in is *any* way for user space to read the current VM Gen ID. 
The same way I'm interested to see other device attributes of my system 
through sysfs.


Alex





Amazon Development Center Germany GmbH
Krausenstr. 38
10117 Berlin
Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss
Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B
Sitz: Berlin
Ust-ID: DE 289 237 879

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ