lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <a8cc875a-8e93-46b9-a6a7-094072c9a1b5@urlichs.de>
Date: Fri, 5 Jul 2024 09:01:31 +0200
From: Matthias Urlichs <matthias@...ichs.de>
To: Willy Tarreau <w@....eu>, Linus Torvalds <torvalds@...ux-foundation.org>
Cc: "Jason A. Donenfeld" <Jason@...c4.com>, jolsa@...nel.org,
 mhiramat@...nel.org, cgzones@...glemail.com, brauner@...nel.org,
 linux-kernel@...r.kernel.org, arnd@...db.de
Subject: Re: deconflicting new syscall numbers for 6.11

On 04.07.24 20:44, Willy Tarreau wrote:
> BUT I've got complains in the past from
> some users generating UUIDs for each forwarded request that they were
> seeing duplicates in their logs due to the lack of thread safety on
> random(), which made me work on an alternative. Thus I can easily
> imagine that equivalent applications that just want to assign a unique
> ID to an event that ends up in a log, and when such applications suffer
> a VM migration could face a similar problem that is not easy to address
> in userland.

I'd like to second that.

I sometimes need to duplicate a running VM, mostly in order to debug 
stuff. Now both VMs run the same code with the same pseudo-RNG, 
generating the same message IDs when they log something. I've seen 
rejects on logs from the real VM because the dupe got there first.

Owch.

A userspace RNG with a zapped VM_DROPPABLE page that re-initializes 
itself from the kernel RNG would solve this problem (and others).

Thus a reasonable implementation seems to be

* implement VM_DROPPABLE (which I'd like to use for userspace caching 
anyway)

* teach VM cloners, task migrators and whatnot not to copy pages marked thus

* add a RNG generation counter to the VDSO

* teach libc's getrandom() to use these

Yes this doesn't use the exact same implementation of random.c that's in 
the kernel, but frankly I don't care about that.

-- 
-- regards
-- 
-- Matthias Urlichs


Content of type "text/html" skipped

Download attachment "OpenPGP_signature.asc" of type "application/pgp-signature" (841 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ