From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A7952C3E8C5 for ; Fri, 27 Nov 2020 20:30:26 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 4A6CA21D7F for ; Fri, 27 Nov 2020 20:30:26 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="LIRHhHFI" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732333AbgK0UaM (ORCPT ); Fri, 27 Nov 2020 15:30:12 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:32768 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731500AbgK0U2m (ORCPT ); Fri, 27 Nov 2020 15:28:42 -0500 Received: from mail-lf1-x144.google.com (mail-lf1-x144.google.com [IPv6:2a00:1450:4864:20::144]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 59EB5C0613D2 for ; Fri, 27 Nov 2020 12:20:48 -0800 (PST) Received: by mail-lf1-x144.google.com with SMTP id z21so8601869lfe.12 for ; Fri, 27 Nov 2020 12:20:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=wq5aPWBOYfgE0ikLgKOb/75PgZgI1EkZa0hkLcr2E6E=; b=LIRHhHFIkM/Wpdo44zJO/nUYNrS+gJ0aecPyjsSYd8yPt5l7XJsEgxH6VluvZ0l2c8 SxkO84qW52Zqb3ZiSgF1lDgqzBV+MlcdgFO3ZowglCYgd+BRmFg17FEnlLafGdblK5s/ B3QPELYXQKnl2eFyB+OjIbaxgEFtKKGHdr8XwYWm3WPMSSRAPPhdzcrwFHF+Z9+4GLDh qeBz/MGtUfU/PYmoBosJRa8XkQ4ACohZRg7L17a0lN10TaXaWR+qqvoYi1QWNBpX7P4C L+CeuduU0Y40aOHEfYkSzUJUpJHJtMDynlFnqLlaOH1tlUe6LxUwKpbUA3YkNI+Mk5wH CfbQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=wq5aPWBOYfgE0ikLgKOb/75PgZgI1EkZa0hkLcr2E6E=; b=FPL4WD2tv5LWltzEHnYYrC1JrrkYnhg+h9n4A7KmXNpy55UxGeACHQBalyWjlxfUAP m0eH34iB4Q8i/HmxcmW2fNsXxwtj6lN7PBEc0aCa8t0cn7phKL701uMF0hVW6HRjhdLA u27JxM2CocGODCuPwKm2Q1gC39SM7IZlOfE+Gf3aDxuGcHzuCMrgLwa8EuCfbGPjZRFt vfCm6/m42nhs06Nsy5Gw1umRiulNnCf0hB1j6AMJ9FqLC+/VKb9fNbZJusLiRLLowglk CFZalsQZQYkTGDiJADQ9VEz2uvYRyV8sM53DRHQi2nT/d4b7oVo+KWRBklu37aCgIjHu E2RQ== X-Gm-Message-State: AOAM5308AB0npgNHVLGttAlUbxELhUGCPnnPeeLRuLabne165qUitutl xNcO3WDS1j0AnT3WFsvxBLoY2Uie9oaFX3l1p5USkg== X-Google-Smtp-Source: ABdhPJyiw7lwgD7IoK6mA6mBXxN3hEsO6avakTr/7wyhqC2uMw7qd0GXA+MXPFHMDZckGCqsV53ONzvSTrdB21Gj/Ek= X-Received: by 2002:a19:8c13:: with SMTP id o19mr4194624lfd.573.1606508446532; Fri, 27 Nov 2020 12:20:46 -0800 (PST) MIME-Version: 1.0 References: <3E05451B-A9CD-4719-99D0-72750A304044@amazon.com> In-Reply-To: From: Jann Horn Date: Fri, 27 Nov 2020 21:20:19 +0100 Message-ID: Subject: Re: [PATCH v2] drivers/virt: vmgenid: add vm generation id driver To: "Catangiu, Adrian Costin" Cc: "Graf (AWS), Alexander" , Christian Borntraeger , "Jason A. Donenfeld" , Willy Tarreau , "MacCarthaigh, Colm" , Andy Lutomirski , "Theodore Y. Ts'o" , Eric Biggers , "open list:DOCUMENTATION" , kernel list , "Woodhouse, David" , "bonzini@gnu.org" , "Singh, Balbir" , "Weiss, Radu" , "oridgar@gmail.com" , "ghammer@redhat.com" , Jonathan Corbet , Greg Kroah-Hartman , "Michael S. Tsirkin" , Qemu Developers , KVM list , Michal Hocko , "Rafael J. Wysocki" , Pavel Machek , Linux API , "mpe@ellerman.id.au" , linux-s390 , "areber@redhat.com" , Pavel Emelyanov , Andrey Vagin , Mike Rapoport , Dmitry Safonov <0x7f454c46@gmail.com>, Pavel Tikhomirov , "gil@azul.com" , "asmehra@redhat.com" , "dgunigun@redhat.com" , "vijaysun@ca.ibm.com" Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Nov 27, 2020 at 8:04 PM Catangiu, Adrian Costin wrote: > On 27/11/2020 20:22, Jann Horn wrote: > > On Fri, Nov 20, 2020 at 11:29 PM Jann Horn wrote: > >> On Mon, Nov 16, 2020 at 4:35 PM Catangiu, Adrian Costin > >> wrote: > >>> This patch is a driver that exposes a monotonic incremental Virtual > >>> Machine Generation u32 counter via a char-dev FS interface that > >>> provides sync and async VmGen counter updates notifications. It also > >>> provides VmGen counter retrieval and confirmation mechanisms. > >>> > >>> The hw provided UUID is not exposed to userspace, it is internally > >>> used by the driver to keep accounting for the exposed VmGen counter. > >>> The counter starts from zero when the driver is initialized and > >>> monotonically increments every time the hw UUID changes (the VM > >>> generation changes). > >>> > >>> On each hw UUID change, the new hypervisor-provided UUID is also fed > >>> to the kernel RNG. > >> As for v1: > >> > >> Is there a reasonable usecase for the "confirmation" mechanism? It > >> doesn't seem very useful to me. > > I think it adds value in complex scenarios with multiple users of the > mechanism, potentially at varying layers of the stack, different > processes and/or runtime libraries. > > The driver offers a natural place to handle minimal orchestration > support and offer visibility in system-wide status. > > A high-level service that trusts all system components to properly use > the confirmation mechanism can actually block and wait patiently for the > system to adjust to the new world. Even if it doesn't trust all > components it can still do a best-effort, timeout block. What concrete action would that high-level service be able to take after waiting for such an event? My model of the vmgenid mechanism is that RNGs and cryptographic libraries that use it need to be fundamentally written such that it is guaranteed that a VM fork can not cause the same random number / counter / ... to be reused for two different cryptographic operations in a way visible to an attacker. This means that e.g. TLS libraries need to, between accepting unencrypted input and sending out encrypted data, check whether the vmgenid changed since the connection was set up, and if a vmgenid change occurred, kill the connection. Can you give a concrete example of a usecase where the vmgenid mechanism is used securely and the confirmation mechanism is necessary as part of that? > >> How do you envision integrating this with libraries that have to work > >> in restrictive seccomp sandboxes? If this was in the vDSO, that would > >> be much easier. > > Since this mechanism targets all of userspace stack, the usecase greatly > vary. I doubt we can have a single silver bullet interface. > > For example, the mmap interface targets user space RNGs, where as fast > and as race free as possible is key. But there also higher level > applications that don't manage their own memory or don't have access to > low-level primitives so they can't use the mmap or even vDSO interfaces. > That's what the rest of the logic is there for, the read+poll interface > and all of the orchestration logic. Are you saying that, because people might not want to write proper bindings for this interface while also being unwilling to take the performance hit of calling read() in every place where they would have to do so to be fully correct, you want to build a "best-effort" mechanism that is deliberately designed to allow some cryptographic state reuse in a limited time window? > Like you correctly point out, there are also scenarios like tight > seccomp jails where even the FS interfaces is inaccessible. For cases > like this and others, I believe we will have to work incrementally to > build up the interface diversity to cater to all the user scenarios > diversity. It would be much nicer if we could have one simple interface that lets everyone correctly do what they need to, though... From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id AD6DFC3E8C5 for ; Fri, 27 Nov 2020 20:21:40 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id E0C3B206F7 for ; Fri, 27 Nov 2020 20:21:39 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="LIRHhHFI" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org E0C3B206F7 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:41522 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kikFO-00078H-8U for qemu-devel@archiver.kernel.org; Fri, 27 Nov 2020 15:21:38 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:36504) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kikEd-0006fZ-IL for qemu-devel@nongnu.org; Fri, 27 Nov 2020 15:20:51 -0500 Received: from mail-lf1-x142.google.com ([2a00:1450:4864:20::142]:37972) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1kikEb-0002L7-1f for qemu-devel@nongnu.org; Fri, 27 Nov 2020 15:20:51 -0500 Received: by mail-lf1-x142.google.com with SMTP id s27so8631773lfp.5 for ; Fri, 27 Nov 2020 12:20:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=wq5aPWBOYfgE0ikLgKOb/75PgZgI1EkZa0hkLcr2E6E=; b=LIRHhHFIkM/Wpdo44zJO/nUYNrS+gJ0aecPyjsSYd8yPt5l7XJsEgxH6VluvZ0l2c8 SxkO84qW52Zqb3ZiSgF1lDgqzBV+MlcdgFO3ZowglCYgd+BRmFg17FEnlLafGdblK5s/ B3QPELYXQKnl2eFyB+OjIbaxgEFtKKGHdr8XwYWm3WPMSSRAPPhdzcrwFHF+Z9+4GLDh qeBz/MGtUfU/PYmoBosJRa8XkQ4ACohZRg7L17a0lN10TaXaWR+qqvoYi1QWNBpX7P4C L+CeuduU0Y40aOHEfYkSzUJUpJHJtMDynlFnqLlaOH1tlUe6LxUwKpbUA3YkNI+Mk5wH CfbQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=wq5aPWBOYfgE0ikLgKOb/75PgZgI1EkZa0hkLcr2E6E=; b=fdX7Igp4v/7z6CoHn9bbxmLnWM/LRdqp5no+JaUewAjThxdeVvd5VHooXPPfslVtaB lG5+Gp+p16Q9fJxpk8oX1i5sdeI5iGsRj9GsCfM4mmoGxnX4KGzbswDC70eMfMmecwhT H0UkO+uhQcMPfpT5qdiqMbB2h9RssYE+t3yER2Ead1RMKsTokFtDXBcwYXUjWAOFsX2r bC84IvN4CNUZuff2XlkWgSgrnhGLfHSvlYOqOSAq37pLr/ACTWST+lKfSovTClXOM/qG ScbYmL71EFdsRyK4PxtNp3+9e8LTOAZ4gA4BRs3Eig/KfqwX8XSrUxtLzMFbkQcxC1tH Vz2A== X-Gm-Message-State: AOAM53334LCBLKUZ5QnICE6Kse8bXdxo+CfCqEqOvii94iUuGrRQIK5l MpReRYPAvTWI8kKVbN3R1rSyWjM5KVV9/h2RDt1WVg== X-Google-Smtp-Source: ABdhPJyiw7lwgD7IoK6mA6mBXxN3hEsO6avakTr/7wyhqC2uMw7qd0GXA+MXPFHMDZckGCqsV53ONzvSTrdB21Gj/Ek= X-Received: by 2002:a19:8c13:: with SMTP id o19mr4194624lfd.573.1606508446532; Fri, 27 Nov 2020 12:20:46 -0800 (PST) MIME-Version: 1.0 References: <3E05451B-A9CD-4719-99D0-72750A304044@amazon.com> In-Reply-To: From: Jann Horn Date: Fri, 27 Nov 2020 21:20:19 +0100 Message-ID: Subject: Re: [PATCH v2] drivers/virt: vmgenid: add vm generation id driver To: "Catangiu, Adrian Costin" Cc: "Graf (AWS), Alexander" , Christian Borntraeger , "Jason A. Donenfeld" , Willy Tarreau , "MacCarthaigh, Colm" , Andy Lutomirski , "Theodore Y. Ts'o" , Eric Biggers , "open list:DOCUMENTATION" , kernel list , "Woodhouse, David" , "bonzini@gnu.org" , "Singh, Balbir" , "Weiss, Radu" , "oridgar@gmail.com" , "ghammer@redhat.com" , Jonathan Corbet , Greg Kroah-Hartman , "Michael S. Tsirkin" , Qemu Developers , KVM list , Michal Hocko , "Rafael J. Wysocki" , Pavel Machek , Linux API , "mpe@ellerman.id.au" , linux-s390 , "areber@redhat.com" , Pavel Emelyanov , Andrey Vagin , Mike Rapoport , Dmitry Safonov <0x7f454c46@gmail.com>, Pavel Tikhomirov , "gil@azul.com" , "asmehra@redhat.com" , "dgunigun@redhat.com" , "vijaysun@ca.ibm.com" Content-Type: text/plain; charset="UTF-8" Received-SPF: pass client-ip=2a00:1450:4864:20::142; envelope-from=jannh@google.com; helo=mail-lf1-x142.google.com X-Spam_score_int: -175 X-Spam_score: -17.6 X-Spam_bar: ----------------- X-Spam_report: (-17.6 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" On Fri, Nov 27, 2020 at 8:04 PM Catangiu, Adrian Costin wrote: > On 27/11/2020 20:22, Jann Horn wrote: > > On Fri, Nov 20, 2020 at 11:29 PM Jann Horn wrote: > >> On Mon, Nov 16, 2020 at 4:35 PM Catangiu, Adrian Costin > >> wrote: > >>> This patch is a driver that exposes a monotonic incremental Virtual > >>> Machine Generation u32 counter via a char-dev FS interface that > >>> provides sync and async VmGen counter updates notifications. It also > >>> provides VmGen counter retrieval and confirmation mechanisms. > >>> > >>> The hw provided UUID is not exposed to userspace, it is internally > >>> used by the driver to keep accounting for the exposed VmGen counter. > >>> The counter starts from zero when the driver is initialized and > >>> monotonically increments every time the hw UUID changes (the VM > >>> generation changes). > >>> > >>> On each hw UUID change, the new hypervisor-provided UUID is also fed > >>> to the kernel RNG. > >> As for v1: > >> > >> Is there a reasonable usecase for the "confirmation" mechanism? It > >> doesn't seem very useful to me. > > I think it adds value in complex scenarios with multiple users of the > mechanism, potentially at varying layers of the stack, different > processes and/or runtime libraries. > > The driver offers a natural place to handle minimal orchestration > support and offer visibility in system-wide status. > > A high-level service that trusts all system components to properly use > the confirmation mechanism can actually block and wait patiently for the > system to adjust to the new world. Even if it doesn't trust all > components it can still do a best-effort, timeout block. What concrete action would that high-level service be able to take after waiting for such an event? My model of the vmgenid mechanism is that RNGs and cryptographic libraries that use it need to be fundamentally written such that it is guaranteed that a VM fork can not cause the same random number / counter / ... to be reused for two different cryptographic operations in a way visible to an attacker. This means that e.g. TLS libraries need to, between accepting unencrypted input and sending out encrypted data, check whether the vmgenid changed since the connection was set up, and if a vmgenid change occurred, kill the connection. Can you give a concrete example of a usecase where the vmgenid mechanism is used securely and the confirmation mechanism is necessary as part of that? > >> How do you envision integrating this with libraries that have to work > >> in restrictive seccomp sandboxes? If this was in the vDSO, that would > >> be much easier. > > Since this mechanism targets all of userspace stack, the usecase greatly > vary. I doubt we can have a single silver bullet interface. > > For example, the mmap interface targets user space RNGs, where as fast > and as race free as possible is key. But there also higher level > applications that don't manage their own memory or don't have access to > low-level primitives so they can't use the mmap or even vDSO interfaces. > That's what the rest of the logic is there for, the read+poll interface > and all of the orchestration logic. Are you saying that, because people might not want to write proper bindings for this interface while also being unwilling to take the performance hit of calling read() in every place where they would have to do so to be fully correct, you want to build a "best-effort" mechanism that is deliberately designed to allow some cryptographic state reuse in a limited time window? > Like you correctly point out, there are also scenarios like tight > seccomp jails where even the FS interfaces is inaccessible. For cases > like this and others, I believe we will have to work incrementally to > build up the interface diversity to cater to all the user scenarios > diversity. It would be much nicer if we could have one simple interface that lets everyone correctly do what they need to, though...