linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Alexander Graf <graf@amazon.com>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: Lennart Poettering <mzxreary@0pointer.de>,
	<linux-kernel@vger.kernel.org>, <linux-crypto@vger.kernel.org>,
	Dominik Brodowski <linux@dominikbrodowski.net>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Theodore Ts'o <tytso@mit.edu>,
	"Colm MacCarthaigh" <colmmacc@amazon.com>,
	Torben Hansen <htorben@amazon.co.uk>,
	Jann Horn <jannh@google.com>,
	"Michael Kelley (LINUX)" <mikelley@microsoft.com>
Subject: Re: [PATCH 2/2] random: add fork_event sysctl for polling VM forks
Date: Mon, 2 May 2022 20:56:05 +0200	[thread overview]
Message-ID: <cef2694f-d6cc-70e0-1d31-0c9dbd038ce2@amazon.com> (raw)
In-Reply-To: <YnAnCgxmPBrMdKt5@zx2c4.com>


On 02.05.22 20:46, Jason A. Donenfeld wrote:
> On Mon, May 02, 2022 at 08:34:38PM +0200, Alexander Graf wrote:
>> Michael, since we already changed the CID in the spec, can we add a
>> property to the device that indicates the first 4 bytes of the UUID will
>> always be different between parent and child?
>>
>> That should give us the ability to mmap the vmgenid directly to user
>> space and act based on a simple u32 compare for clone notification, no?
> That is not a good idea. We want an _additional_ 4 bytes, so that we can
> keep the first 16 bytes (128 bits) as a kernel space secret.


An additional 4 bytes would be an additional 4kb (or 64kb on ARM) page. 
Do we really rely on these 16 bytes to reseed after clone? If so, we'd 
need to bite the bullet and provide an additional page, yes.


Alex





Amazon Development Center Germany GmbH
Krausenstr. 38
10117 Berlin
Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss
Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B
Sitz: Berlin
Ust-ID: DE 289 237 879



  reply	other threads:[~2022-05-02 18:56 UTC|newest]

Thread overview: 40+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-05-02 14:06 [PATCH 1/2] sysctl: read() must consume poll events, not poll() Jason A. Donenfeld
2022-05-02 14:06 ` [PATCH 2/2] random: add fork_event sysctl for polling VM forks Jason A. Donenfeld
2022-05-02 15:40   ` Lennart Poettering
2022-05-02 16:12     ` Jason A. Donenfeld
2022-05-02 16:51       ` Lennart Poettering
2022-05-02 17:59         ` Alexander Graf
2022-05-02 18:29           ` Jason A. Donenfeld
2022-05-02 18:57             ` Alexander Graf
2022-05-02 20:03               ` Jason A. Donenfeld
2022-05-03  8:29           ` Lennart Poettering
2022-05-03 11:55             ` Jason A. Donenfeld
2022-05-03 12:33               ` Lennart Poettering
2022-05-02 18:04         ` Jason A. Donenfeld
2022-05-02 18:34           ` Alexander Graf
2022-05-02 18:46             ` Jason A. Donenfeld
2022-05-02 18:56               ` Alexander Graf [this message]
2022-05-02 19:27                 ` Jason A. Donenfeld
2022-05-02 19:41                   ` Alexander Graf
2022-05-04 15:45             ` Michael Kelley (LINUX)
2022-05-02 18:44           ` Jason A. Donenfeld
2022-05-03  7:42           ` Lennart Poettering
2022-05-03  9:08             ` Jason A. Donenfeld
2022-05-03  9:32               ` Lennart Poettering
2022-05-03 10:07                 ` Jason A. Donenfeld
2022-05-03 12:42                   ` Lennart Poettering
2022-05-11  0:40   ` Simo Sorce
2022-05-11  1:18     ` Jason A. Donenfeld
2022-05-11 12:59       ` Simo Sorce
2022-05-11 13:19         ` Alexander Graf
2022-05-11 13:19         ` Jason A. Donenfeld
2022-05-11 14:32           ` Simo Sorce
2022-05-11 13:20       ` Alexander Graf
2022-05-02 15:30 ` [PATCH 1/2] sysctl: read() must consume poll events, not poll() Jason A. Donenfeld
2022-05-02 15:43   ` Lennart Poettering
2022-05-03 11:27     ` Jason A. Donenfeld
2022-05-12 17:40       ` Luis Chamberlain
2022-05-12 18:29         ` Eric W. Biederman
2022-05-12 18:32           ` Jason A. Donenfeld
2022-05-12 18:22 ` Lucas De Marchi
2022-05-12 18:27   ` Jason A. Donenfeld

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=cef2694f-d6cc-70e0-1d31-0c9dbd038ce2@amazon.com \
    --to=graf@amazon.com \
    --cc=Jason@zx2c4.com \
    --cc=colmmacc@amazon.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=htorben@amazon.co.uk \
    --cc=jannh@google.com \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux@dominikbrodowski.net \
    --cc=mikelley@microsoft.com \
    --cc=mzxreary@0pointer.de \
    --cc=tytso@mit.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).