Received: by 10.192.165.156 with SMTP id m28csp2176194imm; Sat, 14 Apr 2018 16:12:10 -0700 (PDT) X-Google-Smtp-Source: AIpwx49uQDSwFWzlaHG7rsPSBDA1T1JxLmuAqLpj+NRHdyRuCdDkThaTCzcuj07dkJBWS5mgwwsp X-Received: by 10.99.126.69 with SMTP id o5mr8204638pgn.18.1523747530339; Sat, 14 Apr 2018 16:12:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523747530; cv=none; d=google.com; s=arc-20160816; b=uhixoE5yfiBBYwA5X/lR3kkit9s3afsWyWS8V/UXn0nw4gb0q5m5/MgM17/ozJ9mtP 5dPR945xYwPXo3t+5rEo9fB21IGNJuzW0S4AZiVB49AVQupnqA0f7bwDh2DKaKFyqGdc CVVVBMbJmDBkJhmPpaS8q46EakAnvhzwequYU+e2JeTGTBRD1K5LkUASzP06fHjMSLNy gfkrxESgmE4vhiE15et3sfumttc6mZYd62uRYvz5mBrOs45HYRMTe4WCyQ57aKqadgBa tcgdKpajMhtfzFLxLq0cY2QUZE8QmQoGCxmPCGtS+fvwnURcAnQgH6J/dK0bE6hLj2Bg sF4Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:arc-authentication-results; bh=1y3algtFeOsfZ4sVfxQlvQBIuYLWc0xgDR1YpexRNkM=; b=Job2m3zt0o6tSlgvh0KtNMsUA2IvSbThqTbx7G1yrGxyAQO8xOiylGAnBUKub3UGGS SIiuZuTXR57MPJ9sdooMA+na5s/yyuV4LpXm/w9prXRA7WIhPXedyWNSDx03cRoXJXcL 5DDNQzpyTPbYwe+oQXSI1yaFFXwgNYens4FDSVvwZYNwFSd35MJ2ivJ8Pq56otIQR7UF GB7zc1rAyQg8LCRPstufXhxBxAqOnlypSfqd2xcyB/OOYjLjcubRGJFBXaP1uhbuJlj6 1cD/fKVlxcSVZstZCYtV7xEVRyMP7unYDjmi1l71KNwFE/Jxyb3exipJ3zsUcu7dIQz2 4iRw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=QLo9AtIU; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k76si7926041pfb.146.2018.04.14.16.11.44; Sat, 14 Apr 2018 16:12:10 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=QLo9AtIU; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752179AbeDNXJz (ORCPT + 99 others); Sat, 14 Apr 2018 19:09:55 -0400 Received: from mail-wr0-f196.google.com ([209.85.128.196]:38656 "EHLO mail-wr0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751623AbeDNXJx (ORCPT ); Sat, 14 Apr 2018 19:09:53 -0400 Received: by mail-wr0-f196.google.com with SMTP id h3so3882727wrh.5; Sat, 14 Apr 2018 16:09:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=1y3algtFeOsfZ4sVfxQlvQBIuYLWc0xgDR1YpexRNkM=; b=QLo9AtIUY8W+BvGwBHkUCA1r8MI0xtCAWO5Iz279VAg0q+tVcqsChjYx011PeEL9ol 6KXR0i5kidvEDJjYPYr/uKyQTC//gdpa8fhTQOcu1P6UCrraPE4VGwTczdfkvgHHzhLA m6XwvrCyF3sO+HQbmM4fY5UhFKVk9X0+Ch9m10rOuisgCIlqrCJztSzE02iVZEX6mM8R nlw2aWLpfkcATDPPhCopONl+ElUuw6PU7Hdbnqxu+mYm/VXx/daidT/EVphEyLfah0Sy 3BuLZ2i/GSRkVe71VB7Qrn43peqW9HYQt8fjhobfDIL2nJwdXyVpGWop/Ykeso/T+tEi zLuQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=1y3algtFeOsfZ4sVfxQlvQBIuYLWc0xgDR1YpexRNkM=; b=cm+2W2MX5EEJw/JE+RWMpncqkoNumNYEdhJV6mrvmljE1QevKKLVDbNv4AQptgxBQU H/qIR/hPwIlyW0LSThNHwsKlDhV1TGPxC5j/hQjw0WaVKPWM5Dv3hFVv7zXsPnfdo9S0 0LsqVSSnf5GdCZ+mWAfRDknPSFksTsiRutWN5gdb9ZU+IdsT+/izRpHdiRAjS60AHcEN csE+6H7YIFFFA1t/3RAe4iI7dcPTbp10F4yjsYkbHUAAGeP+BMb+tE6fEG87yO0GNgiO b3IIUsJOTXroeogwADqojpMzzlEwEGvzfJg6q3uIcMyERYHuEhpbbVucCTq1S4YUUaVm /lTA== X-Gm-Message-State: ALQs6tBLUU8Z0q2YS/SgURnDHxyONfmyAVOjz7GBszvu+UKgwfKK1t05 jI+bl2s+ZyoQ8C5sz94DZW4B X-Received: by 10.223.189.144 with SMTP id l16mr7320995wrh.15.1523747392018; Sat, 14 Apr 2018 16:09:52 -0700 (PDT) Received: from avx2 (nat4-minsk-pool-46-53-177-92.telecom.by. [46.53.177.92]) by smtp.gmail.com with ESMTPSA id m79sm2986645wma.0.2018.04.14.16.09.50 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 14 Apr 2018 16:09:51 -0700 (PDT) Date: Sun, 15 Apr 2018 02:09:49 +0300 From: Alexey Dobriyan To: Andy Lutomirski Cc: LKML , Ted Ts'o , kvm list , security@kernel.org Subject: Re: repeatable boot randomness inside KVM guest Message-ID: <20180414230949.GA16241@avx2> References: <20180414195921.GA10437@avx2> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.7.2 (2016-11-26) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Apr 14, 2018 at 03:41:42PM -0700, Andy Lutomirski wrote: > On Sat, Apr 14, 2018 at 12:59 PM, Alexey Dobriyan wrote: > > SLAB allocators got CONFIG_SLAB_FREELIST_RANDOM option which randomizes > > allocation pattern inside a slab: > > > > > > #ifdef CONFIG_SLAB_FREELIST_RANDOM > > /* Pre-initialize the random sequence cache */ > > static int init_cache_random_seq(struct kmem_cache *s) > > { > > ... > > > > Then I printed actual random sequences for each kmem cache. > > Turned out they were all the same for most of the caches and > > they didn't vary across guest reboots. > > > > int cache_random_seq_create(struct kmem_cache *cachep, unsigned int count, gfp_t gfp) > > { > > ... > > /* Get best entropy at this stage of boot */ > > prandom_seed_state(&state, get_random_long()); > > > > Then I searched internet and turned out KVM can pass randomness via > > virtio-rng or something. So I linked /dev/urandom. > > > > And it didn't help! > > > > The only way to get randomness for SLAB is to enable RDRAND inside guest. > > > > Is it KVM bug? > > > > For the record I'm using qemu 2.11.1-r2 and whatever F27 ships now. > > virtio-rng doesn't really do that. I have an ancient patch set to do > exactly what you want, and I should dust it off. Please, do. Here is a list of caches which aren't exactly randomly randomized with my setup. Many important ones are there :-( XXX name 'dma-kmalloc-96', r b1e6718e2e7147d4 XXX name 'dma-kmalloc-192', r a7664a0d69968019 XXX name 'dma-kmalloc-8', r 662c2e986443235c XXX name 'dma-kmalloc-16', r 770a9b620ae4cd62 XXX name 'dma-kmalloc-32', r 2e200073d5fa9f46 XXX name 'dma-kmalloc-64', r d8538fda83c74168 XXX name 'dma-kmalloc-128', r 9e4b956d09dd7d44 XXX name 'dma-kmalloc-256', r 8b14bcb58f9e18f5 XXX name 'dma-kmalloc-512', r 2bbace4b7120624a XXX name 'dma-kmalloc-1024', r 7cdf44406db52f5b XXX name 'dma-kmalloc-2048', r 18fe0ebf6bcfdf43 XXX name 'dma-kmalloc-4096', r 9f1a5eee118facf7 XXX name 'dma-kmalloc-8192', r f514d72a1cc441a2 XXX name 'kmalloc-8192', r 14843df817b556cc XXX name 'kmalloc-4096', r 52ed85fa9c691bbe XXX name 'kmalloc-2048', r fa81aa9222ff65a7 XXX name 'kmalloc-1024', r ae355c02d31f21d3 XXX name 'kmalloc-512', r 5fe0d22aaf2ef8d9 XXX name 'kmalloc-256', r 336d07a06917b95 XXX name 'kmalloc-192', r 6b6cd5399dd06d95 XXX name 'kmalloc-128', r 893b9e85369964ab XXX name 'kmalloc-96', r 179e185395d2612 XXX name 'kmalloc-64', r 29cf688b37eccea7 XXX name 'kmalloc-32', r fb7b4e7dca6de00a XXX name 'kmalloc-16', r a2a441fdc499d0c7 XXX name 'kmalloc-8', r e5454c7095ddd2be XXX name 'kmem_cache_node', r 500dc6126a47b229 XXX name 'kmem_cache', r 816c8c7bcde08372 XXX name 'task_group', r c09c4d1c1436ce97 XXX name 'radix_tree_node', r 4dd9540b830a4ea8 XXX name 'pool_workqueue', r 88b1e9d9a1f0b570 XXX name 'Acpi-Namespace', r 3e34d55f8f1cb140 XXX name 'Acpi-State', r b94e04635e77b48a XXX name 'Acpi-Parse', r d5374863b90f2a4c XXX name 'Acpi-ParseExt', r eefb2fff892f64a9 XXX name 'Acpi-Operand', r ce51949bcc80af13 XXX name 'pid', r cd6d8ee9e5209156 XXX name 'anon_vma', r c3a9273a68127ac7 XXX name 'anon_vma_chain', r a7cec15033c31a9b XXX name 'cred_jar', r fe4cc38c6d99cf63 XXX name 'task_struct', r eecb8895c6b7dbdb XXX name 'sighand_cache', r e5243c5eb2ce3a63 XXX name 'signal_cache', r 88b2e108d8ef81c7 XXX name 'files_cache', r ee29814e58dc909c XXX name 'fs_cache', r bc700a5f8fc28ff8 XXX name 'mm_struct', r f5230f99c7447359 XXX name 'vm_area_struct', r e30f3f8e648a9f88 XXX name 'nsproxy', r ae7c08b524a0f4d4 XXX name 'uts_namespace', r 6b1266178968ed99 XXX name 'buffer_head', r b24c10679dc55a11 XXX name 'names_cache', r 2e023b54e3ca5b8f XXX name 'dentry', r 83cc18634fbd74e8 XXX name 'inode_cache', r ff9a0ff3b4665cf5 XXX name 'filp', r 4fdad214b7ca7fc1 XXX name 'mnt_cache', r 8e726d32470b23e0 XXX name 'kernfs_node_cache', r 929c5f56778d365d XXX name 'bdev_cache', r 8a5520036bd0a464 XXX name 'sigqueue', r 2cf75c4d16191efb XXX name 'seq_file', r ec3ba1fe514524d5 XXX name 'proc_inode_cache', r b0c76cbbda5bb41f XXX name 'pde_opener', r 5f82f8e7100a517c XXX name 'proc_dir_entry', r ebabc4e93b52d7b8 XXX name 'shmem_inode_cache', r 2b25a3eb9aa32973 XXX name 'net_namespace', r 95793a7eae08a33f