Received: by 10.192.165.156 with SMTP id m28csp1258881imm; Mon, 16 Apr 2018 17:34:00 -0700 (PDT) X-Google-Smtp-Source: AIpwx48/wVOCJr/fQji/ckrYeaMTEZlHXDC8GjROm6vj9vgnfMmVyHS05UDvwphxx5Lq0TbzDhF2 X-Received: by 10.101.101.10 with SMTP id x10mr14958673pgv.0.1523925240322; Mon, 16 Apr 2018 17:34:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523925240; cv=none; d=google.com; s=arc-20160816; b=d0/j8BaICoGd//px4skPHCWIn7n8SAAzh3RRwr61MnAcEu5QmG3UAVRNsOBH68g+kU RUX2ux3GKAJV92eBXUJmR7RMXFJWAw9t1jT3ygmmwIwA67K1juDmxHACneOxPOa50msP AK7POc0QA3BvrYMa0z1OjdIQeaJuwW4sL+psVB9SwqT5EgOvLy1xs5jibAgPEgql/uTF 88r2bow7QFNJfOaB3OWJ6icGgKJ09NfGDZgL6QaIuQMlwWmEnQQMIV7C1B2EUH3IWaeF CTP8jpu25zqT5qfXpAy8kr7KFOTjtQg7Ait19Ep8kQb5VFiEgGZyRT2bSGu8Irhg8fuw 43IA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:arc-authentication-results; bh=pnkfsiOcPsYUXNcZo8Z51su8S4B18JDoMEE/ccBlrZ0=; b=SxkYOJmHz6WCW8Lw3tOm03TFsTzdyHx6o27lBwg35mOCTK8Bv0ccKsdcbe7LCk5xpD LGbLurk+OENN6AK1YpM/J8CezjO3TczJhVzGsJ6WZTkXjZ3ZZBUAirWy8H13YxCsvtSW feUKKFJytoQ1oTYFRzGaSHq+MoYSlxoKFR3kyHgvU6PZkRFVkO0Tf2a4w3W6sILwTd2b jaNBl1NA93eaMqezIVP1aWvfE4ZNYRXNoUXSXwFNTFMN8Fx/doRVwjoVAGkwbbgS5bgw r7EiTKPL2wYxKiWbFdhXZww1ufC9OUP3LY/EZ5EeEHwxI96wA2WJuIOEjaIJAmyyNeWe phgw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=QcHHoOxV; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a5-v6si12416933plp.196.2018.04.16.17.33.32; Mon, 16 Apr 2018 17:34:00 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=QcHHoOxV; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751940AbeDQAbP (ORCPT + 99 others); Mon, 16 Apr 2018 20:31:15 -0400 Received: from mail-wr0-f182.google.com ([209.85.128.182]:33856 "EHLO mail-wr0-f182.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751218AbeDQAbN (ORCPT ); Mon, 16 Apr 2018 20:31:13 -0400 Received: by mail-wr0-f182.google.com with SMTP id d19so30685722wre.1 for ; Mon, 16 Apr 2018 17:31:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=pnkfsiOcPsYUXNcZo8Z51su8S4B18JDoMEE/ccBlrZ0=; b=QcHHoOxVl7DB655YleHJB7ZQI2ZSNqSB3+mfwyCmNBOgiPayB7UQZ7ZobCl0/wkGkN TNTkMSYptJ19Jffh0dZ9L7mcZ8ASosj3AxOA4G44zJ8NVzPsBqifAL8C2SVS6OyHuDet RTsKy08qNDsLwwSmFcx0d+CWRUQznBeNNzOXuU5VaPjn4shkBEyaJRrOgDlG1XB+Gf+O ytZ+r0Wl4avyaC5KGAZ212OALXcJRXlwhH3GKwfk7MlEgg6SDUGVvn5nwMId09uwSJkI bFpfZXGZj22s1xSFyLdxTUX7EcIRVFpaENGdUZ3+svwMKG5rIRTAQUGPCc8rG/pN+2+u DE4Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=pnkfsiOcPsYUXNcZo8Z51su8S4B18JDoMEE/ccBlrZ0=; b=przGuiiy1++qBJlhVeNoeQv2rDWLN28RQTNqqtj4UFIjD3AcUjrqEgeayVdcEtzjuv 7sTYy5wNFLOftgff18Egt8i5FykyTN+VnCDCftBVZDgalgCvQ3uzB7BMPHKIjFGadJAb 7eFcoCd1E/rcWLeM6HP1lf3xjK51L2mz/TdJ84ikVglwQXm3Yto8S6t5MNbO3DLkH44y vgpezDkUNM8zg8aUPWecobeyIIA7ag18QaOXSfTrMkyEi8Bw45DR+dO6W0lydSf2z9k2 zK4HmyMs7L0ARmvNbjSjyFMvWRfaIA+kz0m1A5C4HU+/51jDLiT72RVGIkZWs0H5ViPG 8uAQ== X-Gm-Message-State: ALQs6tCHdP8+S1FwUQyZfM9ATHdH1XNdU91vnwno54rdxwec5bdLFadu BxJEWhIx7aCGkVg+6/QDEA== X-Received: by 10.223.187.13 with SMTP id r13mr6506143wrg.12.1523925072511; Mon, 16 Apr 2018 17:31:12 -0700 (PDT) Received: from avx2 (nat4-minsk-pool-46-53-177-92.telecom.by. [46.53.177.92]) by smtp.gmail.com with ESMTPSA id y101sm10327413wmh.10.2018.04.16.17.31.11 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 16 Apr 2018 17:31:11 -0700 (PDT) Date: Tue, 17 Apr 2018 03:31:09 +0300 From: Alexey Dobriyan To: Thomas Garnier Cc: Kees Cook , tytso@mit.edu, LKML , Linux-MM Subject: Re: repeatable boot randomness inside KVM guest Message-ID: <20180417003109.GA10597@avx2> References: <20180414195921.GA10437@avx2> <20180414224419.GA21830@thunk.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.9.4 (2018-02-28) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Apr 16, 2018 at 04:15:44PM +0000, Thomas Garnier wrote: > On Mon, Apr 16, 2018 at 8:54 AM Kees Cook wrote: > > > On Sat, Apr 14, 2018 at 3:44 PM, Theodore Y. Ts'o wrote: > > > +linux-mm@kvack.org > > > kvm@vger.kernel.org, security@kernel.org moved to bcc > > > > > > On Sat, Apr 14, 2018 at 10:59:21PM +0300, Alexey Dobriyan wrote: > > >> SLAB allocators got CONFIG_SLAB_FREELIST_RANDOM option which randomizes > > >> allocation pattern inside a slab: > > >> > > >> int cache_random_seq_create(struct kmem_cache *cachep, unsigned > int count, gfp_t gfp) > > >> { > > >> ... > > >> /* Get best entropy at this stage of boot */ > > >> prandom_seed_state(&state, get_random_long()); > > >> > > >> Then I printed actual random sequences for each kmem cache. > > >> Turned out they were all the same for most of the caches and > > >> they didn't vary across guest reboots. > > > > > > The problem is at the super-early state of the boot path, kernel code > > > can't allocate memory. This is something most device drivers kinda > > > assume they can do. :-) > > > > > > So it means we haven't yet initialized the virtio-rng driver, and it's > > > before interrupts have been enabled, so we can't harvest any entropy > > > from interrupt timing. So that's why trying to use virtio-rng didn't > > > help. > > > > > >> The only way to get randomness for SLAB is to enable RDRAND inside > guest. > > >> > > >> Is it KVM bug? > > > > > > No, it's not a KVM bug. The fundamental issue is in how the > > > CONFIG_SLAB_FREELIST_RANDOM is currently implemented. > > Entropy at early boot in VM has always been a problem for this feature or > others. Did you look at the impact on other boot security features fetching > random values? Does your VM had RDRAND support (we use get_random_long() > which will fetch from RDRAND to provide as much entropy as possible at this > point)? The problem is that "qemu-system-x86_64" by default doesn't use RDRAND nor does it use entropy from the host to bootstrap. You need "-cpu host" or equivalent. Given that DMI strings are acting as a seed and fixed creation order of core kernel caches those SLAB randomization sequences may be globally the same (I didn't check) or draw from a small set. And of course there will be users which don't use RDRAND because it is NSA backdoor.