[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] migration: add capability to bypass the shared

From: Andrea Arcangeli
Subject: Re: [Qemu-devel] [PATCH] migration: add capability to bypass the shared memory
Date: Mon, 2 Jul 2018 18:15:16 -0400
User-agent: Mutt/1.10.0 (2018-05-17)


On Mon, Jul 02, 2018 at 09:52:08PM +0800, Peng Tao wrote:
> I think we can write some host generated random seeds to guest's
> urandom device, when cloning VMs from the same template before handing
> it to users. Is it enough or do you think there are more to do w/
> re-randomizing?

That may be enough, but it's critically important to get
right. Reusing the same /dev/urandom number just twice on two
different operations, can lead to leak of the entire private key even
if the reused random number itself is not predictable.

You may want to look into the upstream random number generator that
can be configured at build time to printk() a warning if it's being
used at boot before it had its "shutdown" state restored. It would
sound safer if you could re-trigger such warning post vmrestore of a
cloned image if userland uses random number before the random number
has been re-seeded post vmrestore. With a full loaded userland running
immediately post vmrestore, an userland race condition would otherwise
risk to go unnoticed.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]