Received: by 2002:a05:6a10:6744:0:0:0:0 with SMTP id w4csp1846296pxu; Sat, 17 Oct 2020 03:11:38 -0700 (PDT) X-Google-Smtp-Source: ABdhPJypY6lV1362YTDWpTrEPAbtSZsccXEJn3Z+mVpU4isUB6t2UQN4Nfn6cziz1vIb4dsQ0J4z X-Received: by 2002:a05:6402:2076:: with SMTP id bd22mr8877819edb.197.1602929498545; Sat, 17 Oct 2020 03:11:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1602929498; cv=none; d=google.com; s=arc-20160816; b=Q4hvl5eMuVtIw59t+mAfg6h4rD5Kg1sDNKQ2cy1xWvC+ebyPo52usIqIxbuvC3+92k uKGvaQh7MpDU558ozpRCF/w0hIjqhptMsiyBoRNZQx3PrlHtOQ8hxOndoRpWrOvODb4W nDn99Q8B17x1FssOo0I49WF5TCK/sV6oNe0cJpTGTPm8D9ewrpyGebGYB34vOX4LLA+H xuyCWXMyBorH/uzjma18lWDpB3lx3Txa7949Q+f0eSMv/UuaVEq+34R+0qeX3tsFjJJn LAY+P0TxijmhfBg/xS2wzTl6/TWyCp9tYRk/YofDm869ln2rqns5sPODbVfHiIxMunea /MMw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=pf+eJyjj0mHFcmYDePyWoICVnPXgthEL8TyCJI7gKMQ=; b=yssu59j7OOg7JvMb6LPE7fBLtwMNMjWRqR/F6PyIQZHyQow0huXcVZD5Jj8iXZFMeH GCnxfuSKGZx7/Dql5ukijZGBg0YJvrktrz1Ct40LYGiy1Sf2dP3pSgDVjWJfoQUeK52j 9GO/rgp6QnuBPW2DfQI9WmBLSG9s47c33YiSK61b+7am+nQriX3qcToMUxoUQk3LNYDN sfl5zD248c2lH8R0bgr0gDzlQQZWyS1gWx6oqTRqC2Oyg8dXMZuw3h+wn65+sb91LTB8 oRHEEe7bEBRvhFR9S7iy/cZjC4AcIRl5YR7ECDqs8fN+WNjEDi2tjrR5dJt2klhTZ1Me p9OA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f16si3604991edt.266.2020.10.17.03.11.14; Sat, 17 Oct 2020 03:11:38 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2437428AbgJQHSC (ORCPT + 99 others); Sat, 17 Oct 2020 03:18:02 -0400 Received: from wtarreau.pck.nerim.net ([62.212.114.60]:43868 "EHLO 1wt.eu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2411783AbgJQHSC (ORCPT ); Sat, 17 Oct 2020 03:18:02 -0400 Received: (from willy@localhost) by pcw.home.local (8.15.2/8.15.2/Submit) id 09H7HL0w014146; Sat, 17 Oct 2020 09:17:21 +0200 Date: Sat, 17 Oct 2020 09:17:21 +0200 From: Willy Tarreau To: Jann Horn Cc: Colm MacCarthaigh , "Catangiu, Adrian Costin" , Andy Lutomirski , Jason Donenfeld , "Theodore Y. Ts'o" , Eric Biggers , "open list:DOCUMENTATION" , kernel list , "open list:VIRTIO GPU DRIVER" , "Graf (AWS), Alexander" , "Woodhouse, David" , bonzini@gnu.org, "Singh, Balbir" , "Weiss, Radu" , oridgar@gmail.com, ghammer@redhat.com, Jonathan Corbet , Greg Kroah-Hartman , "Michael S. Tsirkin" , Qemu Developers , KVM list , Michal Hocko , "Rafael J. Wysocki" , Pavel Machek , Linux API Subject: Re: [PATCH] drivers/virt: vmgenid: add vm generation id driver Message-ID: <20201017071721.GA14143@1wt.eu> References: <788878CE-2578-4991-A5A6-669DCABAC2F2@amazon.com> <20201017033606.GA14014@1wt.eu> <6CC3DB03-27BA-4F5E-8ADA-BE605D83A85C@amazon.com> <20201017053712.GA14105@1wt.eu> <20201017064442.GA14117@1wt.eu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.6.1 (2016-04-27) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Oct 17, 2020 at 08:55:34AM +0200, Jann Horn wrote: > My suggestion is to use a counter *in the UAPI*, not in the hypervisor > protocol. (And as long as that counter can only miss increments in a > cryptographically negligible fraction of cases, everything's fine.) OK I got it now and I agree. > > If what is sought is pure > > randomness (in the sense that it's unpredictable, which I don't think > > is needed here), then randoms are better. > > And this is what *the hypervisor protocol* gives us (which could be > very useful for reseeding the kernel RNG). As an external source, yes very likely, as long as it's not trivially observable by everyone under the same hypervisor :-) > > Now the initial needs in the forwarded message are not entirely clear > > to me but I wanted to rule out the apparent mismatch between the expressed > > needs for uniqueness and the proposed solutions solely based on randomness. > > Sure, from a theoretical standpoint, it would be a little bit nicer if > the hypervisor protocol included a generation number along with the > 128-bit random value. But AFAIU it doesn't, so if we want this to just > work under Microsoft's existing hypervisor, we'll have to make do with > checking whether the random value changed. :P OK got it, thanks for the explanation! Willy