Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp218315iob;
        Mon, 2 May 2022 17:32:49 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxHMg63bqkAdpGQS51oiLhGK5psye04oxgE86MRvzJ9zS4IAs4j44v1tEMD6BjDKbWyjlhW
X-Received: by 2002:a17:903:1d1:b0:15e:9607:d4c9 with SMTP id e17-20020a17090301d100b0015e9607d4c9mr10989503plh.41.1651537969617;
        Mon, 02 May 2022 17:32:49 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1651537969; cv=none;
        d=google.com; s=arc-20160816;
        b=TwjYxMawXPScQQYeiN4KNYcRl5lUp8sVEGkjo4uDY4nv9xrZvqR1LFsxC73JrBU+pD
         UTylMzTVXkFHOEut6bd5km3Vm9fQnZCqeR/SFeLWbpfAmi/k2gKtzKn0SLalCjtfpcZs
         1MKm/t8+/seuVmu5QSY4uz5U/ZEUH+B5pK9GdC6H3DYMwPPQR8qCh5SKz/qdQavXCNQB
         f+ijnNTdOWC+sDL/0JbtU8SiQC/3PMypqQUDSO7xlLYpEr92fbKcHZ0DC4+Hp9ssf4IN
         dPl17gfT+p0AqPzynoVy2clVqQzjH0j4jMtwHN3kcZN3peMJ2hDejtulzP/DsAQzcNx+
         zr6g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:dkim-signature;
        bh=nMU43gluS+1wHrTp7XvGGK0hJNwlZnBeuP8FRPsIIP4=;
        b=GYnQuFihpA1PaXqWUJLn7FqBX7R17j6pWMFcmlp8nvJcRGgs0LDKq2rN+uC6k5+Oup
         nRWJNRlvQbgONycwpyG9kf/wvAf7pBUGK2/hccUls2TUV8Am9JETkJYw4Lu2PedI80hR
         hwwheHH/eyQ0W/D72ILVrZqI5QEFbsqCGJrHIPjbyAnxTaq4YXKE74fV6vIg5p7W5Y9J
         z0Y/VI1DB++XAG0wuZiZ1mE/Rv0FeX4vI1EgqAEqPM7iSENU5uI5zndhVVpWKzrY1+Yd
         vwimmELLgGZUhmxoQ0rQzV6w+x84ikz/F5ubTIsf/I5VSGQJ1dMdWJiX8gwAh2nF/maH
         RH0g==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=VcPWwzFD;
       spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zx2c4.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19])
        by mx.google.com with ESMTPS id s18-20020a656912000000b003816043f09fsi15362196pgq.660.2022.05.02.17.32.49
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 02 May 2022 17:32:49 -0700 (PDT)
Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=VcPWwzFD;
       spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zx2c4.com
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by lindbergh.monkeyblade.net (Postfix) with ESMTP id 687F73D1E2;
	Mon,  2 May 2022 17:26:02 -0700 (PDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1387132AbiEBTau (ORCPT <rfc822;android.linux@gmail.com>
        + 99 others); Mon, 2 May 2022 15:30:50 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53554 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1387129AbiEBTao (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 2 May 2022 15:30:44 -0400
Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C74B01146;
        Mon,  2 May 2022 12:27:14 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by dfw.source.kernel.org (Postfix) with ESMTPS id 6250A614D9;
        Mon,  2 May 2022 19:27:14 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id A48A7C385A4;
        Mon,  2 May 2022 19:27:12 +0000 (UTC)
Authentication-Results: smtp.kernel.org;
        dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="VcPWwzFD"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105;
        t=1651519631;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         in-reply-to:in-reply-to:references:references;
        bh=nMU43gluS+1wHrTp7XvGGK0hJNwlZnBeuP8FRPsIIP4=;
        b=VcPWwzFDQbe1738CAVI33DzgPQ8h7IfjWIeZGQCrQOYW8xrGQ+9v2bGlUC5mRNkQkmYG0m
        +NdkfXexHtFu+ldCTJXGQ9pFFKruiSBahp1qGXGNrOBvagOUir0UJU+cCvJcRhnkiHZnZB
        rHfdB0Ib4Fx6vsIdI4EdXq8b0N9w8W0=
Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id cad2ecb8 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO);
        Mon, 2 May 2022 19:27:10 +0000 (UTC)
Date:   Mon, 2 May 2022 21:27:05 +0200
From:   "Jason A. Donenfeld" <Jason@zx2c4.com>
To:     Alexander Graf <graf@amazon.com>
Cc:     Lennart Poettering <mzxreary@0pointer.de>,
        linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org,
        Dominik Brodowski <linux@dominikbrodowski.net>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Theodore Ts'o <tytso@mit.edu>,
        Colm MacCarthaigh <colmmacc@amazon.com>,
        Torben Hansen <htorben@amazon.co.uk>,
        Jann Horn <jannh@google.com>,
        "Michael Kelley (LINUX)" <mikelley@microsoft.com>
Subject: Re: [PATCH 2/2] random: add fork_event sysctl for polling VM forks
Message-ID: <YnAwiZv8n6Rzc5+O@zx2c4.com>
References: <20220502140602.130373-1-Jason@zx2c4.com>
 <20220502140602.130373-2-Jason@zx2c4.com>
 <Ym/7UlgQ5VjjC76P@gardel-login>
 <YnAC00VtU8MGb7vO@zx2c4.com>
 <YnAMBzhcJhGR5XOK@gardel-login>
 <YnAc4hwPyByF4kZ5@zx2c4.com>
 <480469e6-0eb0-8d76-0b8d-111579e73701@amazon.com>
 <YnAnCgxmPBrMdKt5@zx2c4.com>
 <cef2694f-d6cc-70e0-1d31-0c9dbd038ce2@amazon.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <cef2694f-d6cc-70e0-1d31-0c9dbd038ce2@amazon.com>
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE
	autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
	lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, May 02, 2022 at 08:56:05PM +0200, Alexander Graf wrote:
> 
> On 02.05.22 20:46, Jason A. Donenfeld wrote:
> > On Mon, May 02, 2022 at 08:34:38PM +0200, Alexander Graf wrote:
> >> Michael, since we already changed the CID in the spec, can we add a
> >> property to the device that indicates the first 4 bytes of the UUID will
> >> always be different between parent and child?
> >>
> >> That should give us the ability to mmap the vmgenid directly to user
> >> space and act based on a simple u32 compare for clone notification, no?
> > That is not a good idea. We want an _additional_ 4 bytes, so that we can
> > keep the first 16 bytes (128 bits) as a kernel space secret.
> 
> 
> An additional 4 bytes would be an additional 4kb (or 64kb on ARM) page. 
> Do we really rely on these 16 bytes to reseed after clone? If so, we'd 
> need to bite the bullet and provide an additional page, yes.
 
Ugh, you're right; memory mapping is pages. The other option would be
relying on RDRAND (both existing and being trusted by the user etc), but
generally people aren't too jazzed about that. We pretty much have to
assume that the existing pool is compromised, since people share cloned
VMs casually. The 128-bit vmgenid is a nice input to have.