Received: by 10.192.165.156 with SMTP id m28csp2162589imm;
        Sat, 14 Apr 2018 15:45:45 -0700 (PDT)
X-Google-Smtp-Source: AIpwx49ylJ2m5FNJL8fnt6DdAO/Qf0dSzKK3SjVJDeomwRSuOpC2oqWed0GB2fxr508O+UHye2Mq
X-Received: by 10.101.100.212 with SMTP id t20mr8448290pgv.112.1523745945709;
        Sat, 14 Apr 2018 15:45:45 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1523745945; cv=none;
        d=google.com; s=arc-20160816;
        b=mtqE6XC6qSxx0pUasBMICFAMCdAtFIcpSkuifU8qh8TqECCj11VFgjWNMsOlE8BOUP
         TiXZxZuR4cm2UPkecD19Qur+8fSdAKCRC1zKY49ysNDjxh6YW2/QGGG5RSATFiNg14PF
         UKNNJEZLzvVUnWSRl7TRs1jFmQFOBGQqPyDqBc21Lx4cLECrniYpkfX4p6LRycLBzM1b
         9tkv8TC/LHdtvNnH80MmjTyzyGMR1ldPmFLRkYsR27Zpjgku6ClECcCpNs49LgR39K7E
         1aB2X9c6AB/kPjnjPTcYWDQff1NJWu5uierxrxijRGTxulBbwdxbDCgeIzB7/lNOcQHD
         ttaQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:mail-followup-to
         :message-id:subject:cc:to:from:date:dkim-signature
         :arc-authentication-results;
        bh=qjvGNaFmdKTa0uBfNdxKGtaEARuQAWDpEwyl9rzoneY=;
        b=LRuioHrGa3PFuIxM+6X9B68TVTxHf0wCeuAAc9UPc683KEDuMFx4olF9z/+ZcnCDiV
         M9DNGgo7Ag3F387OKSIm9Qk5MCSynKZoCN3v80JROZA04TbwkvA+9kF23QnFQIV4Y6EZ
         440vP2xIZ6hCv/qmJ7DDOogi4Z6ZDBVD/P5WtHP63Q2rDcLRjAmzfv2/MbQkgsx6OSqK
         Ew68IauAip2DW7fJzPInY61uLCrtLJBkt8F3g2VTR2nQ0tPc+p/5daP/t0JLcf1YUJCa
         2f7BrYc43lUuGVbzXIKGaLZNpNenz3xqgCn83SHHSo0r4h8XUbmV7hYDI4lG6fCQeQKg
         f8jg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@thunk.org header.s=ef5046eb header.b=Hhoa+zGE;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id w61-v6si4536219plb.155.2018.04.14.15.45.31;
        Sat, 14 Apr 2018 15:45:45 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@thunk.org header.s=ef5046eb header.b=Hhoa+zGE;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752190AbeDNWoY (ORCPT <rfc822;mahoosoft4you@gmail.com>
        + 99 others); Sat, 14 Apr 2018 18:44:24 -0400
Received: from imap.thunk.org ([74.207.234.97]:42176 "EHLO imap.thunk.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1752055AbeDNWoX (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 14 Apr 2018 18:44:23 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=thunk.org;
         s=ef5046eb; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:
        Subject:Cc:To:From:Date:Sender:Reply-To:Content-Transfer-Encoding:Content-ID:
        Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
        :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
        List-Post:List-Owner:List-Archive;
        bh=qjvGNaFmdKTa0uBfNdxKGtaEARuQAWDpEwyl9rzoneY=; b=Hhoa+zGEjL2FJhinICBD988a03
        VOZofYfkyfi/9k14I8K1J+Jq+SEP/rVyhvK6Z1F/Mij6iu6ygszUGwXhFTmVKpzqtwlY2aKmI9bpb
        nHH7Jb7tJpohzb1tn/r7h/IATH2YdykheGa6OMszZyCwXpZzTWb5vPxKXa5KP+9AODsU=;
Received: from root (helo=callcc.thunk.org)
        by imap.thunk.org with local-esmtp (Exim 4.89)
        (envelope-from <tytso@thunk.org>)
        id 1f7Tu8-0005dz-Bq; Sat, 14 Apr 2018 22:44:20 +0000
Received: by callcc.thunk.org (Postfix, from userid 15806)
        id 41B857A42D1; Sat, 14 Apr 2018 18:44:19 -0400 (EDT)
Date:   Sat, 14 Apr 2018 18:44:19 -0400
From:   "Theodore Y. Ts'o" <tytso@mit.edu>
To:     Alexey Dobriyan <adobriyan@gmail.com>
Cc:     linux-kernel@vger.kernel.org, linux-mm@kvack.org
Subject: Re: repeatable boot randomness inside KVM guest
Message-ID: <20180414224419.GA21830@thunk.org>
Mail-Followup-To: "Theodore Y. Ts'o" <tytso@mit.edu>,
        Alexey Dobriyan <adobriyan@gmail.com>, linux-kernel@vger.kernel.org,
        linux-mm@kvack.org
References: <20180414195921.GA10437@avx2>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20180414195921.GA10437@avx2>
User-Agent: Mutt/1.9.4 (2018-02-28)
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Mail-From: tytso@thunk.org
X-SA-Exim-Scanned: No (on imap.thunk.org); SAEximRunCond expanded to false
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

+linux-mm@kvack.org
kvm@vger.kernel.org, security@kernel.org moved to bcc

On Sat, Apr 14, 2018 at 10:59:21PM +0300, Alexey Dobriyan wrote:
> SLAB allocators got CONFIG_SLAB_FREELIST_RANDOM option which randomizes
> allocation pattern inside a slab:
> 
> 	int cache_random_seq_create(struct kmem_cache *cachep, unsigned int count, gfp_t gfp)
> 	{
> 		...
> 		/* Get best entropy at this stage of boot */
> 	        prandom_seed_state(&state, get_random_long());
>
> Then I printed actual random sequences for each kmem cache.
> Turned out they were all the same for most of the caches and
> they didn't vary across guest reboots.

The problem is at the super-early state of the boot path, kernel code
can't allocate memory.  This is something most device drivers kinda
assume they can do.  :-)

So it means we haven't yet initialized the virtio-rng driver, and it's
before interrupts have been enabled, so we can't harvest any entropy
from interrupt timing.  So that's why trying to use virtio-rng didn't
help.

> The only way to get randomness for SLAB is to enable RDRAND inside guest.
> 
> Is it KVM bug?

No, it's not a KVM bug.  The fundamental issue is in how the
CONFIG_SLAB_FREELIST_RANDOM is currently implemented.

What needs to happen is freelist should get randomized much later in
the boot sequence.  Doing it later will require locking; I don't know
enough about the slab/slub code to know whether the slab_mutex would
be sufficient, or some other lock might need to be added.

The other thing I would note that is that using prandom_u32_state() doesn't
really provide much security.  In fact, if the the goal is to protect
against a malicious attacker trying to guess what addresses will be
returned by the slab allocator, I suspect it's much like the security
patdowns done at airports.  It might protect against a really stupid
attacker, but it's mostly security theater.

The freelist randomization is only being done once; so it's not like
performance is really an issue.  It would be much better to just use
get_random_u32() and be done with it.  I'd drop using prandom_*
functions in slab.c and slubct and slab_common.c, and just use a
really random number generator, if the goal is real security as
opposed to security for show....

(Not that there's necessarily any thing wrong with security theater;
the US spends over 3 billion dollars a year on security theater.  As
politicians know, symbolism can be important.  :-)

Cheers,

					- Ted