[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH RFC v1 1/2] random: add mechanism for VM forks to reinitializ
|
From: |
Eric Biggers |
|
Subject: |
Re: [PATCH RFC v1 1/2] random: add mechanism for VM forks to reinitialize crng |
|
Date: |
Wed, 23 Feb 2022 17:27:41 -0800 |
On Thu, Feb 24, 2022 at 01:54:54AM +0100, Jason A. Donenfeld wrote:
> On 2/24/22, Eric Biggers <ebiggers@kernel.org> wrote:
> > I think we should be removing cases where the base_crng key is changed
> > directly
> > besides extraction from the input_pool, not adding new ones. Why not
> > implement
> > this as add_device_randomness() followed by crng_reseed(force=true), where
> > the
> > 'force' argument forces a reseed to occur even if the entropy_count is too
> > low?
>
> Because that induces a "premature next" condition which can let that
> entropy, potentially newly acquired by a storm of IRQs at power-on, be
> bruteforced by unprivileged userspace. I actually had it exactly the
> way you describe at first, but decided that this here is the lesser of
> evils and doesn't really complicate things the way an intentional
> premature next would. The only thing we care about here is branching
> the crng stream, and so this does explicitly that, without having to
> interfere with how we collect entropy. Of course we *also* add it as
> non-credited "device randomness" so that it's part of the next
> reseeding, whenever that might occur.
Can you make sure to properly explain this in the code?
- Eric
[PATCH RFC v1 2/2] drivers/virt: add vmgenid driver for reinitializing RNG, Jason A. Donenfeld, 2022/02/23
Re: [PATCH RFC v1 0/2] VM fork detection for RNG, Jason A. Donenfeld, 2022/02/23