| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <7530d60c-7419-fa86-57c1-9f52dc479598@huawei.com> Date: Fri, 6 Sep 2024 11:42:24 +0800 From: Tangnianyao <tangnianyao@...wei.com> To: Marc Zyngier <maz@...nel.org> CC: Ard Biesheuvel <ardb@...nel.org>, Will Deacon <will@...nel.org>, <oliver.upton@...ux.dev>, <linux-arm-kernel@...ts.infradead.org>, <linux-kernel@...r.kernel.org>, <kvmarm@...ts.linux.dev>, "guoyang (C)" <guoyang2@...wei.com> Subject: Re: Question on get random long worse in VM than on host On 9/5/2024 16:17, Marc Zyngier wrote: > [...] >> Process is different between host and guest in arch/arm64, arch_get_random_seed_longs. >> (1) In host , smccc_trng_available is false, it get randomness from RNDRRS. >> >> (2) In guest, smccc_trng_available is true, because kvm emulate it. Guest use smccc trng >> and hvc, and trap to host kvm. Then in host call stack: >> kvm_smccc_call_handler >> kvm_trng_call >> kvm_trng_do_rnd >> get_random_long >> ... >> arch_get_random_seed_longs >> >> host get randomness as (1) and return random u64 to guest. >> So the randomness guest finally get is from RNDRRS too. >> Can we let guest get randomness directly from RNDRRS, not using hvc first? >> The process for guest like (1): >> 1) kvm not emulated smccc trng for guest >> 2) guest check smccc trng, and get smccc_trng_available=false >> 3) guest get randomness from RNDRRS > I think I gave you the answer to this in my first reply [1]. > > M. > > [1] https://lore.kernel.org/all/86zfotuoio.wl-maz@kernel.org/ > Thank you Marc, I've missed this email. Userspace should control whether expose TRNG to guest. Thanks. Nianyao
Powered by blists - more mailing lists