On Fri, 25 Feb 2022 at 12:44, Jason A. Donenfeld <[email protected]> wrote:
>
> On Fri, Feb 25, 2022 at 12:26 PM Ard Biesheuvel <[email protected]> wrote:
> >
> > On Thu, 24 Feb 2022 at 14:39, Jason A. Donenfeld <[email protected]> wrote:
> > >
> > > When a VM forks, we must immediately mix in additional information to
> > > the stream of random output so that two forks or a rollback don't
> > > produce the same stream of random numbers, which could have catastrophic
> > > cryptographic consequences. This commit adds a simple API, add_vmfork_
> > > randomness(), for that, by force reseeding the crng.
> > >
> > > This has the added benefit of also draining the entropy pool and setting
> > > its timer back, so that any old entropy that was there prior -- which
> > > could have already been used by a different fork, or generally gone
> > > stale -- does not contribute to the accounting of the next 256 bits.
> > >
> > > Cc: Dominik Brodowski <[email protected]>
> > > Cc: Theodore Ts'o <[email protected]>
> > > Cc: Jann Horn <[email protected]>
> > > Cc: Eric Biggers <[email protected]>
> > > Signed-off-by: Jason A. Donenfeld <[email protected]>
> >
> > Acked-by: Ard Biesheuvel <[email protected]>
>
> Okay if I treat this as a Reviewed-by instead?
Sure no problem.
Reviewed-by: Ard Biesheuvel <[email protected]>