Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp1625237pxu;
        Fri, 27 Nov 2020 11:15:44 -0800 (PST)
X-Google-Smtp-Source: ABdhPJz9skdw31Rsg7Me+t52ZvUqne5+pPPtJaHQW4q23Sj1AEsFwH6Xd+7RTvMJyv6iLiJzuUQr
X-Received: by 2002:a05:6402:176e:: with SMTP id da14mr9599113edb.245.1606504544520;
        Fri, 27 Nov 2020 11:15:44 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1606504544; cv=none;
        d=google.com; s=arc-20160816;
        b=wssq2pvbLEd82VQw3V5K743jBsUpsoGZMhtKVyBozxjkdAPpq8Dj0RR+DbfsMv4Z7H
         Eqmk0nuKO/7BJCAV+1SzCoVuZDDUxjR6YAQK9Ca51c1pBbYLKQNbQQQg1r2uLo9Ql92W
         IHrlVniE8xAaL6sx74qYQvINJu13nmkO7iTPkCFrmdREv3JJFM6FFK82AWffG6F8z0AR
         yQpGEMT0mhx6gXiy6fNEZEeGLw9R+iJTxFaJE5nkBdTgVEcMnE01JHUBIHZ1/UAptbQu
         7xNuE/40kYb1Vfzhsz2thgUn0x0r6DrYj8GPjKUHt+dSt1C491S+V6nx5iVl0wdEMnM4
         OSiA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=e5KHpDtt5i2rR9LdUm+DCPfd8QCddCnGgU8lKoXRsc0=;
        b=oZNqjaRC3yMyRzHseunwZBU4lZkvKE+Lj2pJ+mTLgfepyQ81CRlNSnrV7zNikom2EV
         Z6LssJ3N1Cz/dBjYeLUH5SYOp8ijmQBFoi/bjhmyevF5LMDQ132lWhS5almLdLi9d+UQ
         P8bgNNtN2owQOyr+G9bGX2pIXVcR1pVcqxpE2AQfCiwy8lArCbJlOICyOH2sZR1MOTqq
         Bmaso7PzPsx4CvrF7aGnWTNgNDQun17dAgEbgz//aCMRJ0lVkVGyhxcTyCyK+hnK3lot
         SfzAJmBU/OxUJ7H00hgjx0G3vNi8ZQr6XRD3nP4lckgQoDyY/q9mLNghlFbBdRnupDlE
         MwRg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=k13XGK60;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id sb17si5771548ejb.293.2020.11.27.11.15.18;
        Fri, 27 Nov 2020 11:15:44 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=k13XGK60;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1732380AbgK0SXW (ORCPT <rfc822;rruigrok1@gmail.com> + 99 others);
        Fri, 27 Nov 2020 13:23:22 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41662 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1732241AbgK0SXW (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 27 Nov 2020 13:23:22 -0500
Received: from mail-lj1-x242.google.com (mail-lj1-x242.google.com [IPv6:2a00:1450:4864:20::242])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E28B0C0613D1
        for <linux-kernel@vger.kernel.org>; Fri, 27 Nov 2020 10:23:21 -0800 (PST)
Received: by mail-lj1-x242.google.com with SMTP id s9so6838887ljo.11
        for <linux-kernel@vger.kernel.org>; Fri, 27 Nov 2020 10:23:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=e5KHpDtt5i2rR9LdUm+DCPfd8QCddCnGgU8lKoXRsc0=;
        b=k13XGK60aqGF8P+LZ5njqN9LkrUfUD2db3KBZtvlM/8c/m+Ar7Iaj3L9tzWBo8M07X
         SLsANqBnyZqRR6Y4soOGO3BasvLtrGteYICfbknYu6+sh6RI2ecZi3k8piaxa2oAkZ9r
         3r0E9YxnkK40upO2J0VCON60VP9A2pQg8FXc5xnBv6kNKFodimMOFDHidiR6CzUsbEFR
         loPKKh70S/Se5tUMMtUFbZCKu5Z+hj/H3WQX43nUvJytv6dzolyzWwSFRv5P6nDBJLoK
         qXUUk5BYiEe7ku9T/ezKgm1a+BRdDMxdD7inERGIrtnl3U0qHDisct5Mn5LnHgoH6V+P
         18tg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=e5KHpDtt5i2rR9LdUm+DCPfd8QCddCnGgU8lKoXRsc0=;
        b=hMvGIjV4LG/88tvaNoUrE9I3tNgcaTwa9xtcmZ8lhEewv1/kx2ggzqI3+Gweqrvvfa
         yF3+X1Vq0BkWDlKvPJiiEHWy5jGgTZp5cLPaapKZme+0yC54C88P8xzIKHuPElnSFEdJ
         VsnO4rUrtZOd7S8UAYZbDKHuZQKpFSOjBfM9UMw0ghrHjdwP4piYDaQArUxR8DIUaTMn
         NJ/ilHgNzqf2A+wMTv5CttTT7+ve2LPjuJnztMEZRa91TogQBH3c2GmIaZVp7YI3brHz
         lIYY91fVD0/EXDvpHdC7KYCzPLQP9T1chhzc1KyHvSlMBZzqn5hRgJptj9rLkAOTABSK
         fh6A==
X-Gm-Message-State: AOAM532ss04CTK/E8RKDD3Z+oGIOhCj3RDiaXB5Q9zx2QvYBWbHHezGN
        5PlOSvJMbikkIPmQTRcZcFJYKopssQ+l3rTvcMyQXA==
X-Received: by 2002:a2e:9216:: with SMTP id k22mr3959253ljg.138.1606501400078;
 Fri, 27 Nov 2020 10:23:20 -0800 (PST)
MIME-Version: 1.0
References: <3E05451B-A9CD-4719-99D0-72750A304044@amazon.com> <CAG48ez2VAu6oARGVZ+muDK9_6_38KVUTJf7utz5Nn=AsmN17nA@mail.gmail.com>
In-Reply-To: <CAG48ez2VAu6oARGVZ+muDK9_6_38KVUTJf7utz5Nn=AsmN17nA@mail.gmail.com>
From:   Jann Horn <jannh@google.com>
Date:   Fri, 27 Nov 2020 19:22:53 +0100
Message-ID: <CAG48ez13ZAAOVmA89PRKRqr9UezV2_bj8Q6_6sSPzcqfzbsuQQ@mail.gmail.com>
Subject: Re: [PATCH v2] drivers/virt: vmgenid: add vm generation id driver
To:     "Catangiu, Adrian Costin" <acatan@amazon.com>
Cc:     "Graf (AWS), Alexander" <graf@amazon.de>,
        Christian Borntraeger <borntraeger@de.ibm.com>,
        "Jason A. Donenfeld" <Jason@zx2c4.com>, Willy Tarreau <w@1wt.eu>,
        "MacCarthaigh, Colm" <colmmacc@amazon.com>,
        Andy Lutomirski <luto@kernel.org>,
        "Theodore Y. Ts'o" <tytso@mit.edu>,
        Eric Biggers <ebiggers@kernel.org>,
        "open list:DOCUMENTATION" <linux-doc@vger.kernel.org>,
        kernel list <linux-kernel@vger.kernel.org>,
        "Woodhouse, David" <dwmw@amazon.co.uk>,
        "bonzini@gnu.org" <bonzini@gnu.org>,
        "Singh, Balbir" <sblbir@amazon.com>,
        "Weiss, Radu" <raduweis@amazon.com>,
        "oridgar@gmail.com" <oridgar@gmail.com>,
        "ghammer@redhat.com" <ghammer@redhat.com>,
        Jonathan Corbet <corbet@lwn.net>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        "Michael S. Tsirkin" <mst@redhat.com>,
        Qemu Developers <qemu-devel@nongnu.org>,
        KVM list <kvm@vger.kernel.org>,
        Michal Hocko <mhocko@kernel.org>,
        "Rafael J. Wysocki" <rafael@kernel.org>,
        Pavel Machek <pavel@ucw.cz>,
        Linux API <linux-api@vger.kernel.org>,
        "mpe@ellerman.id.au" <mpe@ellerman.id.au>,
        linux-s390 <linux-s390@vger.kernel.org>,
        "areber@redhat.com" <areber@redhat.com>,
        Pavel Emelyanov <ovzxemul@gmail.com>,
        Andrey Vagin <avagin@gmail.com>,
        Mike Rapoport <rppt@kernel.org>,
        Dmitry Safonov <0x7f454c46@gmail.com>,
        Pavel Tikhomirov <ptikhomirov@virtuozzo.com>,
        "gil@azul.com" <gil@azul.com>,
        "asmehra@redhat.com" <asmehra@redhat.com>,
        "dgunigun@redhat.com" <dgunigun@redhat.com>,
        "vijaysun@ca.ibm.com" <vijaysun@ca.ibm.com>
Content-Type: text/plain; charset="UTF-8"
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

[resend in the hope that amazon will accept my mail this time instead
of replying "550 Too many invalid recipients" again]

On Fri, Nov 20, 2020 at 11:29 PM Jann Horn <jannh@google.com> wrote:
> On Mon, Nov 16, 2020 at 4:35 PM Catangiu, Adrian Costin
> <acatan@amazon.com> wrote:
> > This patch is a driver that exposes a monotonic incremental Virtual
> > Machine Generation u32 counter via a char-dev FS interface that
> > provides sync and async VmGen counter updates notifications. It also
> > provides VmGen counter retrieval and confirmation mechanisms.
> >
> > The hw provided UUID is not exposed to userspace, it is internally
> > used by the driver to keep accounting for the exposed VmGen counter.
> > The counter starts from zero when the driver is initialized and
> > monotonically increments every time the hw UUID changes (the VM
> > generation changes).
> >
> > On each hw UUID change, the new hypervisor-provided UUID is also fed
> > to the kernel RNG.
>
> As for v1:
>
> Is there a reasonable usecase for the "confirmation" mechanism? It
> doesn't seem very useful to me.
>
> How do you envision integrating this with libraries that have to work
> in restrictive seccomp sandboxes? If this was in the vDSO, that would
> be much easier.