All of lore.kernel.org
 help / color / mirror / Atom feed
From: Babis Chalios <bchalios@amazon.es>
To: "Michael S. Tsirkin" <mst@redhat.com>
Cc: <virtio-comment@lists.oasis-open.org>,
	<virtio-dev@lists.oasis-open.org>,
	"Cali, Marco" <xmarcalx@amazon.co.uk>, "Graf (AWS),
	Alexander" <graf@amazon.de>,
	"Jason A. Donenfeld" <Jason@zx2c4.com>, <aams@amazon.de>
Subject: Re: [virtio-dev] [PATCH RFC 3/3] rng: leak detection support
Date: Mon, 18 Sep 2023 18:30:42 +0200	[thread overview]
Message-ID: <4ab1b10e-4524-4b6c-a3df-863360fd225d@amazon.es> (raw)
In-Reply-To: <20230918100355-mutt-send-email-mst@kernel.org>

>>>> Yes, that's what the driver does now in the RFC patch. However, this just
>>>> decreases
>>>> the race window, it doesn't eliminate it. If a third leak event happens it
>>>> might not
>>>> find any buffers to use:
>>>>
>>>> 1. available buffers to queue 1-X
>>>> 2. available buffers to queue X
>>>>
>>>>
>>>> 3. poll queue X
>>>> 4. used buffers in queue X       <- leak event 1 will use buffers in X
>>>> 5. avail buffers in queue X
>>>> 6. poll queue 1-X                <- leak event 2 will use buffers in 1-X
>>>> 7. used buffers in queue 1-X
>>>> 8. avail buffers in queue 1-X
>>>>                                    <- leak event 3 (it needs buffers in X, race with step 5)
>>>> 9. goto 3
>>> I don't get it. we added buffers in step 5.
>> What if the leak event 3 arrives before step 5 had time to actually add the
>> buffers in X and make
>> them visible to the device?
>
> Then it will see a single event in 1-X instead of two events.  A leak is
> a leak though, I don't see does it matter how many triggered.
>

So the scenario I have in mind is the following:

(Epoch here is terminology that I used in the Linux RFC).

         Driver 
                                                              Device

1.     add buffers to 1-X
2.     add buffers to X
3.     poll queue X
4.     vcpu 0: cache getrandom() entropy
         and cache epoch value
5.           First snapshot: use buffers in X
6.     vcpu 1: sees used buffers
7.                      Second snapshot: use buffers in 1-X
8.     vcpu 0: getrandom() observes new
         epoch value & caches it
9.            Third snapshot: no buffers in either queue vcpu 1 (from 
step 6 has not yet finished adding new buffers).
10.   vcpu 1 adds new buffer in X
11.   vcpu 0: getrandom() will not see new
         epoch and gets stale entropy.


In this succession of events, when the third snapshot will happen, it 
won't find any buffers in either queue,
so it won't increase the RNG epoch value. So, any entropy gathered after 
step 8 will be the same across all
snapshots. Am I missing something?

Cheers,
Babis



---------------------------------------------------------------------
To unsubscribe, e-mail: virtio-dev-unsubscribe@lists.oasis-open.org
For additional commands, e-mail: virtio-dev-help@lists.oasis-open.org


  reply	other threads:[~2023-09-18 16:30 UTC|newest]

Thread overview: 53+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-11-21 16:30 [virtio-comment] [PATCH RFC 0/3] virtio-rng based entropy leak reporting Michael S. Tsirkin
2022-11-21 16:30 ` [virtio-comment] [PATCH RFC 1/3] rng: move to a file of its own Michael S. Tsirkin
2022-11-21 16:30 ` [virtio-comment] [PATCH RFC 2/3] rng: be specific about the virtqueue Michael S. Tsirkin
2022-11-21 16:30 ` [virtio-dev] [PATCH RFC 3/3] rng: leak detection support Michael S. Tsirkin
2022-11-25 12:41   ` [virtio-dev] " Babis Chalios
2022-12-12 10:10     ` Babis Chalios
2023-01-11 13:57   ` Babis Chalios
2023-08-31 10:16   ` [virtio-dev] " Babis Chalios
2023-09-12 21:05     ` Michael S. Tsirkin
2023-09-12 21:05       ` [virtio-comment] " Michael S. Tsirkin
2023-09-13  9:32       ` Babis Chalios
2023-09-13  9:37         ` Michael S. Tsirkin
2023-09-13  9:37           ` [virtio-comment] " Michael S. Tsirkin
2023-09-13 11:19           ` Babis Chalios
2023-09-18 11:14             ` Babis Chalios
2023-09-18 12:41             ` Michael S. Tsirkin
2023-09-18 12:41               ` [virtio-comment] " Michael S. Tsirkin
2023-09-18 13:00               ` Babis Chalios
2023-09-18 13:58                 ` Michael S. Tsirkin
2023-09-18 13:58                   ` [virtio-comment] " Michael S. Tsirkin
2023-09-18 14:02                   ` Babis Chalios
2023-09-18 14:05                     ` Michael S. Tsirkin
2023-09-18 14:05                       ` [virtio-comment] " Michael S. Tsirkin
2023-09-18 16:30                       ` Babis Chalios [this message]
2023-09-19  7:32                         ` Babis Chalios
2023-09-19 10:01                           ` Michael S. Tsirkin
2023-09-19 10:01                             ` [virtio-comment] " Michael S. Tsirkin
2023-09-19 10:11                             ` Babis Chalios
2023-09-22 12:30                               ` Babis Chalios
2023-09-22 15:06                               ` Michael S. Tsirkin
2023-09-22 15:06                                 ` [virtio-comment] " Michael S. Tsirkin
2023-09-22 15:40                                 ` Babis Chalios
2023-09-22 16:01                                   ` Michael S. Tsirkin
2023-09-22 16:01                                     ` [virtio-comment] " Michael S. Tsirkin
2023-09-27 10:43                                     ` Babis Chalios
2023-09-27 21:47                                       ` Michael S. Tsirkin
2023-09-27 21:47                                         ` [virtio-comment] " Michael S. Tsirkin
2023-09-28 18:16                                         ` Babis Chalios
2023-10-13  7:49                                           ` Babis Chalios
2023-10-13 13:38                                             ` Michael S. Tsirkin
2023-10-13 13:38                                               ` [virtio-comment] " Michael S. Tsirkin
2023-11-02 11:20                                           ` Michael S. Tsirkin
2023-11-02 11:20                                             ` [virtio-comment] " Michael S. Tsirkin
2023-11-02 11:38                                             ` Babis Chalios
2023-11-02 11:51                                               ` Michael S. Tsirkin
2023-11-02 11:51                                                 ` [virtio-comment] " Michael S. Tsirkin
2023-11-02 13:42                                                 ` Babis Chalios
2023-11-02 11:25                                   ` Michael S. Tsirkin
2023-11-02 11:25                                     ` [virtio-comment] " Michael S. Tsirkin
2023-11-02 11:51                                     ` Babis Chalios
2023-01-12  7:02 ` [virtio-dev] Re: [PATCH RFC 0/3] virtio-rng based entropy leak reporting Michael S. Tsirkin
2023-01-16 11:39   ` Babis Chalios
     [not found]     ` <CAHmME9ry2fss2gsbPs2zVJkY=8Cdeae0XFD9FzCVnW67Xy3thA@mail.gmail.com>
2023-01-16 18:11       ` [virtio-comment] " Michael S. Tsirkin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4ab1b10e-4524-4b6c-a3df-863360fd225d@amazon.es \
    --to=bchalios@amazon.es \
    --cc=Jason@zx2c4.com \
    --cc=aams@amazon.de \
    --cc=graf@amazon.de \
    --cc=mst@redhat.com \
    --cc=virtio-comment@lists.oasis-open.org \
    --cc=virtio-dev@lists.oasis-open.org \
    --cc=xmarcalx@amazon.co.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.