Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp471230iob; Tue, 3 May 2022 02:39:10 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwSA9bDoebD0tiHQ0eFShXNCHIUkM04K6h/zpHgHyl5nhyKzflnKPTjC0hvShvjHCt5SkGJ X-Received: by 2002:a05:6512:3e13:b0:471:f6a9:85d3 with SMTP id i19-20020a0565123e1300b00471f6a985d3mr10883371lfv.120.1651570750549; Tue, 03 May 2022 02:39:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1651570750; cv=none; d=google.com; s=arc-20160816; b=cV9+JFzfJ6oi+s3S1Hv45/H4sWn2f7h28H6ZND7Xf+ukdu8N5zq6hAy17L0E71F5Xo Sl/RetvnYXd0QoFsci0hcH5iLrUB88q1rUh27DxFz31tf3LP4MA4knH1GnN3YakrEcm9 07co5baQz3jDYqSfqqD6o1ih8QigYcmZbfTHax4+jpT0fV17ZlX7uwVbj2/p53PYmvrl fUYqon3rhYjFUgx4BxsN4Fkr3cTYQAkXrl5FcXqzcIFnGD5ky4hbHVzey6P7X5ZcG+S4 iaUklQGV0rXPTg2tW94ekcD+0sVF6/pKhTTmvb2nAazJ84JOCILunmRdQY1CgqKrF7iS OTxg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=H00Yt/GqaanNFdNIsLYKM9SrTMvFvOnkLziYfwxX8Ls=; b=U5OjKGn7RDn/62T+Rnq+M6aDhaDMpAs8u8vK7hCMvGPDu2197vnKlEFNuXCKYExBSE t+puCn4WfMhK6DcZKRqXJZdlP72oqSdUAJkZGvoXe9ImOx4MIaOamHYPSFqVxXcGw86P Lg1aB5dcOpLg7I4Mz6kBc/sm/m1U1VRej/z/6zaIaBKpjgafDzrOE6D48+3E1b6YDPLm MZ6062ZVZw0T950ZiQ6ZsMFcbv1t9yhUbOPR6eYtMvVoLNRomD3yBi864UduSC0+d+Wh tsS+VSAzknwTHo/4NqvfoXjKPyZmt5tXS4+e97MX1MRdD37sOHxjkQzmO7m1rIifKT0N 833g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id i11-20020a056512224b00b004719d1d3f9asi7330048lfu.41.2022.05.03.02.38.25; Tue, 03 May 2022 02:39:10 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233130AbiECJgC (ORCPT + 99 others); Tue, 3 May 2022 05:36:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41386 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232146AbiECJgC (ORCPT ); Tue, 3 May 2022 05:36:02 -0400 Received: from gardel.0pointer.net (gardel.0pointer.net [85.214.157.71]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7E7BC289B7; Tue, 3 May 2022 02:32:29 -0700 (PDT) Received: from gardel-login.0pointer.net (gardel-mail [IPv6:2a01:238:43ed:c300:10c3:bcf3:3266:da74]) by gardel.0pointer.net (Postfix) with ESMTP id 434ACE804AA; Tue, 3 May 2022 11:32:27 +0200 (CEST) Received: by gardel-login.0pointer.net (Postfix, from userid 1000) id B99BF160011; Tue, 3 May 2022 11:32:26 +0200 (CEST) Date: Tue, 3 May 2022 11:32:26 +0200 From: Lennart Poettering To: "Jason A. Donenfeld" Cc: linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org, Dominik Brodowski , Greg Kroah-Hartman , Theodore Ts'o , Alexander Graf , Colm MacCarthaigh , Torben Hansen , Jann Horn Subject: Re: [PATCH 2/2] random: add fork_event sysctl for polling VM forks Message-ID: References: <20220502140602.130373-1-Jason@zx2c4.com> <20220502140602.130373-2-Jason@zx2c4.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_PASS, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Di, 03.05.22 11:08, Jason A. Donenfeld (Jason@zx2c4.com) wrote: > Hey Lennart, > > On Tue, May 03, 2022 at 09:42:40AM +0200, Lennart Poettering wrote: > > For this MAC address usecase it's entirely sufficient to be able to > > distinguish if the system was closed at all, i.e. if the counter is > > zero or is non-zero. Because that would already be great for a policy > > of "hash it in a stable way from /etc/machine-id, if counter == 0" + > > "use random MAC once counter > 0". > > Hm, are you sure that's actually what you want? It turns out this > vmgenid notification from the hypervisor might not be sufficiently > granular for this use case: > > - vmgenid changes when you fork a new snapshot, so now you have two VMs > - vmgenid also changes when you rewind to 2 minutes ago > > The first is what I assume you care about for this networkd business. > The second is probably not what any networkd user expects. So first of all, it appears to me that rewinding a VM is something people would do for debugging things, i.e. not how things are done on deployment. > >From the perspective of randomness, both of these events imply the same > thing. The situation is BAD; reseed immediately. From the perspective of > MAC addresses, though, these events would imply different behavior, > right? So it seems like vmgenid might need an additional field for this > use case. Relatedly, VMware has that prompt where you select about your > VM whether, "I moved it" or "I copied it." Presumably something like > that would play a part in what is decided as part of this hypothetical > second field. networkd doesn't change MAC addresses in the middle of everything, but only when a network interface is downed and upped again. This for example happens when a link beat goes away and comes back. In the rewind-2min case i'd assume the link beat would probably be restored to what it was 2min ago (and thus stay online), but in the clone case it would probably drop momentarily and be restored than, to tell software to reacquire dhcp and so on. or in other words: if the hypervisor wants the system to reconfigure/reacquire its network there are explicit ways already, and they work afaics. what's missing tehre is simply a reasonable way to ensure that we won't end up sticking to the same fixed MAC address when we set things up in order to acquire a new DHCP lease. So I am not too concerned. Lennart -- Lennart Poettering, Berlin