| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 2 Mar 2022 17:32:07 +0100
From: "Jason A. Donenfeld" <Jason@...c4.com>
To: "Michael S. Tsirkin" <mst@...hat.com>
Cc: Laszlo Ersek <lersek@...hat.com>,
LKML <linux-kernel@...r.kernel.org>,
KVM list <kvm@...r.kernel.org>,
QEMU Developers <qemu-devel@...gnu.org>,
linux-hyperv@...r.kernel.org,
Linux Crypto Mailing List <linux-crypto@...r.kernel.org>,
Alexander Graf <graf@...zon.com>,
"Michael Kelley (LINUX)" <mikelley@...rosoft.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
adrian@...ity.io,
Daniel P. Berrangé <berrange@...hat.com>,
Dominik Brodowski <linux@...inikbrodowski.net>,
Jann Horn <jannh@...gle.com>,
"Rafael J. Wysocki" <rafael@...nel.org>,
"Brown, Len" <len.brown@...el.com>, Pavel Machek <pavel@....cz>,
Linux PM <linux-pm@...r.kernel.org>,
Colm MacCarthaigh <colmmacc@...zon.com>,
Theodore Ts'o <tytso@....edu>, Arnd Bergmann <arnd@...db.de>
Subject: Re: propagating vmgenid outward and upward
Hi Michael,
On Wed, Mar 02, 2022 at 11:22:46AM -0500, Michael S. Tsirkin wrote:
> > Because that 16 byte read of vmgenid is not atomic. Let's say you read
> > the first 8 bytes, and then the VM is forked.
>
> But at this point when VM was forked plaintext key and nonce are all in
> buffer, and you previously indicated a fork at this point is harmless.
> You wrote "If it changes _after_ that point of check ... it doesn't
> matter:"
Ahhh, fair point. I think you're right.
Alright, so all we're talking about here is an ordinary 16-byte read,
and 16 bytes of storage per keypair, and a 16-byte comparison.
Still seems much worse than just having a single word...
Jason
Powered by blists - more mailing lists