From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andy Lutomirski Subject: Re: Standardizing an MSR or other hypercall to get an RNG seed? Date: Fri, 19 Sep 2014 15:06:55 -0700 Message-ID: References: <1969371640.51211843.1411066715223.JavaMail.zimbra@redhat.com> <0180a8dfcad746a895755c4374853c16@BY2PR03MB585.namprd03.prod.outlook.com> <541B5553.7020203@zytor.com> <541C5C8A.6030304@zytor.com> <20140919220537.GR26995@thunk.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Cc: Mathew John , kvm list , Gleb Natapov , Niels Ferguson , Linux Virtualization , David Hepkin , "H. Peter Anvin" , Jake Oshins , Paolo Bonzini , John Starks To: "Theodore Ts'o" Return-path: In-Reply-To: <20140919220537.GR26995@thunk.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: virtualization-bounces@lists.linux-foundation.org Errors-To: virtualization-bounces@lists.linux-foundation.org List-Id: kvm.vger.kernel.org On Fri, Sep 19, 2014 at 3:05 PM, Theodore Ts'o wrote: > On Fri, Sep 19, 2014 at 09:40:42AM -0700, H. Peter Anvin wrote: >> >> There is a huge disadvantage to the fact that CPUID is a user space >> instruction, though. > > But if the goal is to provide something like getrandom(2) direct from > the Host OS, it's not necessarily harmful to allow the Guest ring 3 > code to be able to fetch randomness in that way. The hypervisor can > implement rate limiting to protect against the guest using this too > frequently, but this is something that you should be doing for guest > ring 0 code anyway, since from the POV of the hypervisor Guest ring 0 > is not necessarily any more trusted than Guest ring 3. On the other hand, the guest kernel might not want the guest ring 3 to be able to get random numbers. --Andy