Received: by 2002:a05:6a10:6744:0:0:0:0 with SMTP id w4csp1742066pxu; Fri, 16 Oct 2020 22:56:08 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwPh+uH/asR5fxswe+b17mCEsBJM5qn5tf4UuGw6Hup1zGAN3huXtnW5DjYzAr1n2O7A1XJ X-Received: by 2002:a17:906:ce27:: with SMTP id sd7mr6932501ejb.264.1602914168084; Fri, 16 Oct 2020 22:56:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1602914168; cv=none; d=google.com; s=arc-20160816; b=kSOFdv/nr1j8mDOKuEULQjJTeQO0kTS1PfJgGET00kM+Lkrs1zC8sm1ySA/j6zGLPR HbM2FUT2FMEwtP2YNR+LjIq56zejudoknawnMxQHq5gK6yDFtzi23F92asl6caypjYD/ LFjWw54aLc1rEHiSyfrUJUfhnkixJfPgSAfy9vXqcMsn7eTp1/oeXkldvKLeHKsdmBli /EP2/qWCv3zvYYOZGNwZVmoEd8fVtPRxRxbVVd0NTF/ySiKzzIAsY9JiGojfrbieDTLS 9WtHEcHSLfyCo9Zk1OC8RHz7GO2QZ8VExtr0bGvxA97PhKATrjY2I4plwBKBLFxjDa7p tGsA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=M3YB82PP3WUpBHFEbh3oPhQQSux8Pw6AFe+SN7DiJGw=; b=WueeEfkAezoA+FpQPqjlJev5ScvvPaeGjudoL1xVgOjFV/+ugdQjmS6e6oAHiXEOda lpMFNaM856QXBMVp412lqkun2qhuYMsro5iHVeHPGDxm16oUWdgQN+Pjh911IZgmHUMh wtHWTMUUSE1M0dobhf88mnNx1c8pT9it9cKWOEGHvnln1TPjqleV8b3OiFfng5yn3nGk QJ/cyOfwFRoqgFC86CUmJzRinwnnjCedV5BPljYzj/40gAMWPwu8eTj8Vdx13RfDCGbs NpJycvghOMX4j7tgN9xPtRWmzb9ZKZU01bSUfPJPSk5KC2DzCFoDCW0rX8RrKU+vE6oC basg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=amsP3PlI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id q10si3989409edn.244.2020.10.16.22.55.45; Fri, 16 Oct 2020 22:56:08 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=amsP3PlI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2436761AbgJQFxT (ORCPT + 99 others); Sat, 17 Oct 2020 01:53:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55966 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2436680AbgJQFxR (ORCPT ); Sat, 17 Oct 2020 01:53:17 -0400 Received: from mail-lj1-x242.google.com (mail-lj1-x242.google.com [IPv6:2a00:1450:4864:20::242]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CE25DC0613E6 for ; Fri, 16 Oct 2020 22:53:16 -0700 (PDT) Received: by mail-lj1-x242.google.com with SMTP id d24so5027641ljg.10 for ; Fri, 16 Oct 2020 22:53:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=M3YB82PP3WUpBHFEbh3oPhQQSux8Pw6AFe+SN7DiJGw=; b=amsP3PlI3ZycdlVxgLx5tS3RcZ/aE2JugXN/de8WjJzEbbWQfg5yay9mu9yMNOTQEG zDGufeyQG0D8nAwfy0A+eh+5b93z85bXUL2cX8T/4mhVh2wiIWZNqlk28ZRb4QzNB/dh AIBnGWL+ksEigCgQdVu62IDy26gLVIDUnczpRvNend8MTTwuaCQtont43SmFPbW4CRcT cmRIzAt2jsd2hPhc8PRzFfChw9wh+qGJaBiAl8a3e2bI5TkwKjB9tCNO3N3jC/SV0wIn USEp5Yt0/QCw/q0JJrWcSGJN2B9ryqMiiGMVPf4OXy69UAR96sfkVVyhw3En3TdcYtr6 S+7g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=M3YB82PP3WUpBHFEbh3oPhQQSux8Pw6AFe+SN7DiJGw=; b=qEJH6PgobViuQ0WgLx0sSWxNGBlUMmzXw6JfZ3cx+t1NNOxLDUKufDAjxNzhFQTaas YXdnfKtGToUmCTwh5ODRe+fy/8u6zKVCTwzqfpai7ltrd4QCJmIWm42wKB32mPd21TYa MWtwTb1m+7YLJ98RVGlkwASuIFtFHoLRNfqLSvw1IOJT3GmaODWH0HPvAm/tvxdqpbGm jTDwyXeRTRXRd4+Bc6PUZtLFkSxLL8SoKz+/UHdbsUrhv2TUjMCItlncsEnM/SnemD8X wtXwzzbTJiQPZA8KDLpAmAE+zqmEOzVWdZVypXxVLvasV6OUgar7Fjsplh0m5GV/yIIy A7YA== X-Gm-Message-State: AOAM532/XwRKGMoNrilq2KLw9kA8AhMcXNrf18JbBEq32t8zM/7YqEsy Mow/iC+rS6LYHOI+umbuHWU0rh5lDrBXGSXqoBu+hA== X-Received: by 2002:a2e:504b:: with SMTP id v11mr2673538ljd.138.1602913994976; Fri, 16 Oct 2020 22:53:14 -0700 (PDT) MIME-Version: 1.0 References: <788878CE-2578-4991-A5A6-669DCABAC2F2@amazon.com> <20201017033606.GA14014@1wt.eu> <6CC3DB03-27BA-4F5E-8ADA-BE605D83A85C@amazon.com> <20201017053712.GA14105@1wt.eu> In-Reply-To: <20201017053712.GA14105@1wt.eu> From: Jann Horn Date: Sat, 17 Oct 2020 07:52:48 +0200 Message-ID: Subject: Re: [PATCH] drivers/virt: vmgenid: add vm generation id driver To: Willy Tarreau Cc: Colm MacCarthaigh , "Catangiu, Adrian Costin" , Andy Lutomirski , Jason Donenfeld , "Theodore Y. Ts'o" , Eric Biggers , "open list:DOCUMENTATION" , kernel list , "open list:VIRTIO GPU DRIVER" , "Graf (AWS), Alexander" , "Woodhouse, David" , bonzini@gnu.org, "Singh, Balbir" , "Weiss, Radu" , oridgar@gmail.com, ghammer@redhat.com, Jonathan Corbet , Greg Kroah-Hartman , "Michael S. Tsirkin" , Qemu Developers , KVM list , Michal Hocko , "Rafael J. Wysocki" , Pavel Machek , Linux API Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Oct 17, 2020 at 7:37 AM Willy Tarreau wrote: > On Sat, Oct 17, 2020 at 07:01:31AM +0200, Jann Horn wrote: > > Microsoft's documentation > > (http://go.microsoft.com/fwlink/?LinkId=260709) says that the VM > > Generation ID that we get after a fork "is a 128-bit, > > cryptographically random integer value". If multiple people use the > > same image, it guarantees that each use of the image gets its own, > > fresh ID: > > No. It cannot be more unique than the source that feeds that cryptographic > transformation. All it guarantees is that the entropy source is protected > from being guessed based on the output. Applying cryptography on a simple > counter provides apparently random numbers that will be unique for a long > period for the same source, but as soon as you duplicate that code between > users and they start from the same counter they'll get the same IDs. > > This is why I think that using a counter is better if you really need something > unique. Randoms only reduce predictability which helps avoiding collisions. Microsoft's spec tells us that they're giving us cryptographically random numbers. Where they're getting those from is not our problem. (And if even the hypervisor is not able to collect enough entropy to securely generate random numbers, worrying about RNG reseeding in the guest would be kinda pointless, we'd be fairly screwed anyway.) Also note that we don't actually need to *always* reinitialize RNG state on forks for functional correctness; it is fine if that fails with a probability of 2^-128, because functionally everything will be fine, and an attacker who is that lucky could also just guess an AES key (which has the same probability of being successful). (And also 2^-128 is such a tiny number that it doesn't matter anyway.) > And I'm saying this as someone who had on his external gateway the same SSH > host key as 89 other hosts on the net, each of them using randoms to provide > a universally unique one... If your SSH host key was shared with 89 other hosts, it evidently wasn't generated from cryptographically random numbers. :P Either because the key generator was not properly hooked up to the system's entropy pool (if you're talking about the Debian fiasco), or because the system simply did not have enough entropy available. (Or because the key generator is broken, but I don't think that ever happened with OpenSSH?)