From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 40B0BC433FE for ; Mon, 2 May 2022 16:51:32 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241076AbiEBQy6 (ORCPT ); Mon, 2 May 2022 12:54:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34856 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234379AbiEBQyw (ORCPT ); Mon, 2 May 2022 12:54:52 -0400 Received: from gardel.0pointer.net (gardel.0pointer.net [IPv6:2a01:238:43ed:c300:10c3:bcf3:3266:da74]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 437436245; Mon, 2 May 2022 09:51:22 -0700 (PDT) Received: from gardel-login.0pointer.net (gardel-mail [85.214.157.71]) by gardel.0pointer.net (Postfix) with ESMTP id A92E1E804AA; Mon, 2 May 2022 18:51:19 +0200 (CEST) Received: by gardel-login.0pointer.net (Postfix, from userid 1000) id 50F04160011; Mon, 2 May 2022 18:51:19 +0200 (CEST) Date: Mon, 2 May 2022 18:51:19 +0200 From: Lennart Poettering To: "Jason A. Donenfeld" Cc: linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org, Dominik Brodowski , Greg Kroah-Hartman , Theodore Ts'o , Alexander Graf , Colm MacCarthaigh , Torben Hansen , Jann Horn Subject: Re: [PATCH 2/2] random: add fork_event sysctl for polling VM forks Message-ID: References: <20220502140602.130373-1-Jason@zx2c4.com> <20220502140602.130373-2-Jason@zx2c4.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mo, 02.05.22 18:12, Jason A. Donenfeld (Jason@zx2c4.com) wrote: > > > In order to inform userspace of virtual machine forks, this commit adds > > > a "fork_event" sysctl, which does not return any data, but allows > > > userspace processes to poll() on it for notification of VM forks. > > > > > > It avoids exposing the actual vmgenid from the hypervisor to userspace, > > > in case there is any randomness value in keeping it secret. Rather, > > > userspace is expected to simply use getrandom() if it wants a fresh > > > value. > > > > Wouldn't it make sense to expose a monotonic 64bit counter of detected > > VM forks since boot through read()? It might be interesting to know > > for userspace how many forks it missed the fork events for. Moreover it > > might be interesting to userspace to know if any fork happened so far > > *at* *all*, by checking if the counter is non-zero. > > "Might be interesting" is different from "definitely useful". I'm not > going to add this without a clear use case. This feature is pretty > narrowly scoped in its objectives right now, and I intend to keep it > that way if possible. Sure, whatever. I mean, if you think it's preferable to have 3 API abstractions for the same concept each for it's special usecase, then that's certainly one way to do things. I personally would try to figure out a modicum of generalization for things like this. But maybe that' just me… I can just tell you, that in systemd we'd have a usecase for consuming such a generation counter: we try to provide stable MAC addresses for synthetic network interfaces managed by networkd, so we hash them from /etc/machine-id, but otoh people also want them to change when they clone their VMs. We could very nicely solve this if we had a generation counter easily accessible from userspace, that starts at 0 initially. Because then we can hash as we always did when the counter is zero, but otherwise use something else, possibly hashed from the generation counter. But anyway, I understand you are not interested in generalization/other usecases, so I'll shut up. Lennart -- Lennart Poettering, Berlin