Received: by 2002:a05:6a10:6d10:0:0:0:0 with SMTP id gq16csp953999pxb;
        Fri, 22 Apr 2022 15:13:13 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxdMiKUwwaLJwj47a9emU5V9NstTpCcZfoa848yUmhaVZlIhbb41x4gp5LVsqq2xERpGAee
X-Received: by 2002:a63:5f43:0:b0:3aa:693f:cc3f with SMTP id t64-20020a635f43000000b003aa693fcc3fmr5710394pgb.380.1650665592880;
        Fri, 22 Apr 2022 15:13:12 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1650665592; cv=none;
        d=google.com; s=arc-20160816;
        b=f+tLPZvVgopU2vtwQkqzWsIEWiRw8dsUOg8p11AhqWTpTDXs0zDAIQtCymT62MCzVs
         CvzY/KVX0OC2FntCbwW6C6MJlW79C8b8fEMPGs+L95mUDGbt2xSOHi4rrtR8dO3W0hju
         WGrokNVdD9mKQ6ofLEt6F2HdM/AQuYZJNHlNlq7WPwK68FpC/JQGE6TH2yg8I2ngU/tW
         /mjOxJwGlAwP7WUavrglnrXRcgEhX2kSyRjiZezldS/eDjB92f/r8edhIiXTK7XhemIV
         8k6kdQ8nkNID7/yOP7jreaooAt0HD9ntXu2VUwlSJa9rANOkpQ6yv2KYRiGNnb/M1ZPd
         HBsA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=OQBJCdM90hvT5S/zAE5vLjVmVTwzQZE/0kHANhU68o4=;
        b=V52gvt98URUcCOrjwFoW6b/0wWXZ4sZA/YOrmWoA2tItqofLkeUg/25VOJul1kF/AN
         K4u5PSMpmcGa2ApMHIC5JG7PIX72d/HG4Gb7TIQt+NsH6oXf44j8TDYD5gWFb+j679bn
         FnwzHxv27BqdYqHePPAPUHS0vfGVhmLD+ZvNC4PLoGJHb4U6DyAn8y4z8OnzMMfwhBiW
         dBVrwz/gZ0Nek2hwFpJwshilOuEJXToMS5D4tsGrijhxxQzgIj1DdeaLXG+hx8/qcjdQ
         5vuttw528QpgMxkrwyJolQM0RkYGwbOS74gt2EB03he6tSXf6TS9DGFlwwxcWMJ8sl1a
         OTlw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20210112 header.b=mlAAnQdt;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18])
        by mx.google.com with ESMTPS id d22-20020a17090a115600b001cd6a0be3e4si11016073pje.48.2022.04.22.15.13.12
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 22 Apr 2022 15:13:12 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20210112 header.b=mlAAnQdt;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by lindbergh.monkeyblade.net (Postfix) with ESMTP id 94B88254CD2;
	Fri, 22 Apr 2022 13:19:06 -0700 (PDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1354692AbiDSQlR (ORCPT <rfc822;alexandru.stratulat91@gmail.com>
        + 99 others); Tue, 19 Apr 2022 12:41:17 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50702 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S238253AbiDSQlP (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 19 Apr 2022 12:41:15 -0400
Received: from mail-lf1-x12e.google.com (mail-lf1-x12e.google.com [IPv6:2a00:1450:4864:20::12e])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8B0AE1409E
        for <linux-kernel@vger.kernel.org>; Tue, 19 Apr 2022 09:38:32 -0700 (PDT)
Received: by mail-lf1-x12e.google.com with SMTP id x17so30383454lfa.10
        for <linux-kernel@vger.kernel.org>; Tue, 19 Apr 2022 09:38:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=OQBJCdM90hvT5S/zAE5vLjVmVTwzQZE/0kHANhU68o4=;
        b=mlAAnQdt5ZbjW5hkIOjAqKQ5iX4QuiTTeQ0I0cdeISpwbgIbmg3RUkkjFw4KpohCbP
         8RGIByLJCRx2KA0kJsWTv1C/o6B7u0CXk+JrwaIWzh48UoWwa9uJakuvcBRHH6bFB/Ls
         tX/58Bs+DDYjM2dLCVv6lqqTOUYnJ9PZUOv6ULGKhZceGWjGcHSGQPxkVpBiBs8F9Qnp
         r07KFTHwyo7HRXZVntsjq1z3BLmxs7I/fJXElyz2uoOWD7csCPeiGFt/JWwuDWWr5NeM
         urr+wNHsjgoNLx2FkaKlnQvDSUqXKDNBLrjpyvlsa+kZ0ya916mz3qV427umdREsO18+
         xuPA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=OQBJCdM90hvT5S/zAE5vLjVmVTwzQZE/0kHANhU68o4=;
        b=OkUE5oka/IUnzmFq6I/BzkOm799SfiktAXxrUiJ1gF1qr1Jqxlb6ojCtPc+pPUZ9Zp
         tX/lxFEdBb96MJVx8JW2l198D6oj4REw8pbdNgyw+QcS81n0j33VxI0PLwGwHsPPknZL
         jJbLZd2OyV8oMaj5FnjhOjHa6/yDHPqm9RbRCLEkiZwY0mMNEeVH2/o3Ctve9khPshQ6
         CGOaIVG/lyk2wnnkvK2k0BKkfS+bH0ObYs7PVoVN0zD5bmNZCz6SN0ACtIBHzQrOS7E4
         A2Qjy9S5KPS1m1dbV3rb1KMjEjupeV29fPI/ebNXM5bGfEB79n6TXwSWDszP1xDRopr8
         Blvg==
X-Gm-Message-State: AOAM533SaSqeiCtDG65cRG8sOCyamuXztfD0z3WsYzEc3Ld8U/+VLtwJ
        LyWjPaRClAWCGa9wKRwtIFht/Dvgok7B43wBjLps6Q==
X-Received: by 2002:a05:6512:3d8e:b0:471:b4d4:32f with SMTP id
 k14-20020a0565123d8e00b00471b4d4032fmr491452lfv.288.1650386310460; Tue, 19
 Apr 2022 09:38:30 -0700 (PDT)
MIME-Version: 1.0
References: <20220419160407.1740458-1-Jason@zx2c4.com>
In-Reply-To: <20220419160407.1740458-1-Jason@zx2c4.com>
From:   Jann Horn <jannh@google.com>
Date:   Tue, 19 Apr 2022 18:37:54 +0200
Message-ID: <CAG48ez3amS6=omb8XVDEz9H2bk3MxTEK_XPjD=ZO-cXcDqz-cg@mail.gmail.com>
Subject: Re: [PATCH] random: add fork_event sysctl for polling VM forks
To:     "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc:     linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org,
        Alexander Graf <graf@amazon.com>,
        Dominik Brodowski <linux@dominikbrodowski.net>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        "Theodore Ts'o" <tytso@mit.edu>,
        Colm MacCarthaigh <colmmacc@amazon.com>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-9.5 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,USER_IN_DEF_DKIM_WL
	autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
	lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Apr 19, 2022 at 6:04 PM Jason A. Donenfeld <Jason@zx2c4.com> wrote:
> In order to inform userspace of virtual machine forks, this commit adds
> a "fork_event" sysctl, which does not return any data, but allows
> userspace processes to poll() on it for notification of VM forks.
>
> It avoids exposing the actual vmgenid from the hypervisor to userspace,
> in case there is any randomness value in keeping it secret. Rather,
> userspace is expected to simply use getrandom() if it wants a fresh
> value.
>
> For example, the following snippet can be used to print a message every
> time a VM forks, after the RNG has been reseeded:
>
>   struct pollfd fd = { .fd = open("/proc/sys/kernel/random/fork_event", O_RDONLY)  };
>   assert(fd.fd >= 0);
>   for (;;) {
>     assert(poll(&fd, 1, -1) > 0);
>     puts("vm fork detected");
>   }

This is a bit of a weird API, because normally .poll is supposed to be
level-triggered rather than edge-triggered... and AFAIK things like
epoll also kinda assume that ->poll() doesn't modify state (but that
only _really_ matters in weird cases). But at the same time, it looks
like the existing proc_sys_poll() already goes against that? So I
don't know what the right thing to do there is...