| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 25 Feb 2022 16:34:11 +0100
From: "Jason A. Donenfeld" <Jason@...c4.com>
To: Ard Biesheuvel <ardb@...nel.org>, adrian@...ity.io
Cc: Alexander Graf <graf@...zon.com>, KVM list <kvm@...r.kernel.org>,
Linux Crypto Mailing List <linux-crypto@...r.kernel.org>,
linux-hyperv@...r.kernel.org,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
adrian@...ity.io, ben@...portsystems.com,
Daniel P. Berrangé <berrange@...hat.com>,
Colm MacCarthaigh <colmmacc@...zon.com>,
Dexuan Cui <decui@...rosoft.com>,
"Woodhouse, David" <dwmw@...zon.co.uk>,
Eric Biggers <ebiggers@...nel.org>,
Eduardo Habkost <ehabkost@...hat.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Haiyang Zhang <haiyangz@...rosoft.com>,
Igor Mammedov <imammedo@...hat.com>,
Jann Horn <jannh@...gle.com>,
KY Srinivasan <kys@...rosoft.com>,
Laszlo Ersek <lersek@...hat.com>,
Dominik Brodowski <linux@...inikbrodowski.net>,
"Michael S. Tsirkin" <mst@...hat.com>,
QEMU Developers <qemu-devel@...gnu.org>,
"Weiss, Radu" <raduweis@...zon.com>,
Stephen Hemminger <sthemmin@...rosoft.com>,
"Theodore Y. Ts'o" <tytso@....edu>, Wei Liu <wei.liu@...nel.org>
Subject: Re: [PATCH v4] virt: vmgenid: introduce driver for reinitializing
RNG on VM fork
On Fri, Feb 25, 2022 at 04:16:27PM +0100, Ard Biesheuvel wrote:
> > > I just booted up a Windows VM, and it looks like Hyper-V uses
> > > "Hyper_V_Gen_Counter_V1", which is also quite long, so we can't really
> > > HID match on that either.
> >
> >
> > Yes, due to the same problem. I'd really prefer we sort out the ACPI
> > matching before this goes mainline. Matching on _HID is explicitly
> > discouraged in the VMGenID spec.
> >
>
> OK, this really sucks. Quoting the ACPI spec:
>
> """
> A _HID object evaluates to either a numeric 32-bit compressed EISA
> type ID or a string. If a string, the format must be an alphanumeric
> PNP or ACPI ID with no asterisk or other leading characters.
> A valid PNP ID must be of the form "AAA####" where A is an uppercase
> letter and # is a hex digit.
> A valid ACPI ID must be of the form "NNNN####" where N is an uppercase
> letter or a digit ('0'-'9') and # is a hex digit. This specification
> reserves the string "ACPI" for use only with devices defined herein.
> It further reserves all strings representing 4 HEX digits for
> exclusive use with PCI-assigned Vendor IDs.
> """
>
> So now we have to implement Microsoft's fork of ACPI to be able to use
> this device, even if we expose it from QEMU instead of Hyper-V? I
> strongly object to that.
>
> Instead, we can match on _HID exposed by QEMU, and cordially invite
> Microsoft to align their spec with the ACPI spec.
I don't know about that... Seems a bit extreme. Hopefully Alex will be
able to sort something out with the ACPI people, and this driver will
work inside of Hyper-V.
Here's what we currently have:
static const struct acpi_device_id vmgenid_ids[] = {
{ "VMGENID", 0 }, <------------------------------------ ???
{ "QEMUVGID", 0 }, <------------------------------------ QEMU
{ },
};
Adrian added "VMGENID" in last year's v4, so I copied that for this new
driver here. But does anybody know which hypervisor it is for? Some
internal Amazon thing? Firecracker? VMware? In case Alex does not
succeed with the ACPI changes, it'd be nice to know which HIDs for
which hypervisors we do and do not support.
Jason
Powered by blists - more mailing lists