Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp141214iob; Mon, 2 May 2022 15:19:50 -0700 (PDT) X-Google-Smtp-Source: ABdhPJydKoHmbWOp3Wx0+arnFW2rDXm4yDqUkxBRkY/PloU4rlCjqaO9noLhPXnIylweb6J/y527 X-Received: by 2002:a17:90b:4c07:b0:1d9:e292:26c6 with SMTP id na7-20020a17090b4c0700b001d9e29226c6mr1430034pjb.190.1651529990229; Mon, 02 May 2022 15:19:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1651529990; cv=none; d=google.com; s=arc-20160816; b=ykSoMrXfmT8oiL98UJvkdlde1/kxseO9A5QP66RjnstRjM1R80Vb9NuGqbb5cO/Qdp w4t4oztq3nsviGpEyNB3WWkl1E0LS0yBUVd0YX4B8+WqtJ65vnJ62BEVP4ZyUopFYeH7 at8EU2aAkZFSFf+UbU+/RerXKL3+GDB6t+DJvN/232JlfcJ5BoIRH8HKz3+kJh/POMBT or7iNxOxUhP4wSG93b9UwqQn1wsYeeNKbxLpC2WNc+2B5ji/+sMnkJFn7NDFPsJCnjcF g44iNbKZ26v9JdyCNUWarD+Tdn8KEpz8WRjTeuU3a5d8Flj112wy9jVKXS6aSeCOrHuo BYtA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=4rajVs6zedkEq05JfzZc+zEDeul3YWLVOlgXs89/dH0=; b=rDeQs43ng7Ak2ZZdvGMVHo2TJ0gXxtTBR2foXSj+tSMsnK4WmWx6iow43BZ0lnErfj KmAFnNudNhZuC1IEigAjOfTglqNMPuSdxhabOHvDmZaJ//4eeQ/wojpZ2PcwZF3w2Eo3 OvmRvzJnqC/ziF65eMg01tJtG4p/gJDLr3ht47yqoZl/5a4OcvxD2yLrLHJK8DNoCFa0 GK11n1Mvdi5IHibmSChpKhxk0FtvHMiherl7Hbc4PUt4PLpSRu877gfgm/gdO4itU6yg KGK6x46jqY+7rWHByuGObbWOQvsnjO9uxU9ImGk0NMyzpyroTt+VFQRkhMq9O3MmVDRg Qetg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w126-20020a636284000000b003ab846c8a0csi14675932pgb.26.2022.05.02.15.19.20; Mon, 02 May 2022 15:19:49 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240158AbiEBQy4 (ORCPT + 99 others); Mon, 2 May 2022 12:54:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34856 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234379AbiEBQyw (ORCPT ); Mon, 2 May 2022 12:54:52 -0400 Received: from gardel.0pointer.net (gardel.0pointer.net [IPv6:2a01:238:43ed:c300:10c3:bcf3:3266:da74]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 437436245; Mon, 2 May 2022 09:51:22 -0700 (PDT) Received: from gardel-login.0pointer.net (gardel-mail [85.214.157.71]) by gardel.0pointer.net (Postfix) with ESMTP id A92E1E804AA; Mon, 2 May 2022 18:51:19 +0200 (CEST) Received: by gardel-login.0pointer.net (Postfix, from userid 1000) id 50F04160011; Mon, 2 May 2022 18:51:19 +0200 (CEST) Date: Mon, 2 May 2022 18:51:19 +0200 From: Lennart Poettering To: "Jason A. Donenfeld" Cc: linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org, Dominik Brodowski , Greg Kroah-Hartman , Theodore Ts'o , Alexander Graf , Colm MacCarthaigh , Torben Hansen , Jann Horn Subject: Re: [PATCH 2/2] random: add fork_event sysctl for polling VM forks Message-ID: References: <20220502140602.130373-1-Jason@zx2c4.com> <20220502140602.130373-2-Jason@zx2c4.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_PASS, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Mo, 02.05.22 18:12, Jason A. Donenfeld (Jason@zx2c4.com) wrote: > > > In order to inform userspace of virtual machine forks, this commit adds > > > a "fork_event" sysctl, which does not return any data, but allows > > > userspace processes to poll() on it for notification of VM forks. > > > > > > It avoids exposing the actual vmgenid from the hypervisor to userspace, > > > in case there is any randomness value in keeping it secret. Rather, > > > userspace is expected to simply use getrandom() if it wants a fresh > > > value. > > > > Wouldn't it make sense to expose a monotonic 64bit counter of detected > > VM forks since boot through read()? It might be interesting to know > > for userspace how many forks it missed the fork events for. Moreover it > > might be interesting to userspace to know if any fork happened so far > > *at* *all*, by checking if the counter is non-zero. > > "Might be interesting" is different from "definitely useful". I'm not > going to add this without a clear use case. This feature is pretty > narrowly scoped in its objectives right now, and I intend to keep it > that way if possible. Sure, whatever. I mean, if you think it's preferable to have 3 API abstractions for the same concept each for it's special usecase, then that's certainly one way to do things. I personally would try to figure out a modicum of generalization for things like this. But maybe that' just me… I can just tell you, that in systemd we'd have a usecase for consuming such a generation counter: we try to provide stable MAC addresses for synthetic network interfaces managed by networkd, so we hash them from /etc/machine-id, but otoh people also want them to change when they clone their VMs. We could very nicely solve this if we had a generation counter easily accessible from userspace, that starts at 0 initially. Because then we can hash as we always did when the counter is zero, but otherwise use something else, possibly hashed from the generation counter. But anyway, I understand you are not interested in generalization/other usecases, so I'll shut up. Lennart -- Lennart Poettering, Berlin