From: "Michael S. Tsirkin" <mst@redhat.com>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: LKML <linux-kernel@vger.kernel.org>,
Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
Netdev <netdev@vger.kernel.org>, Alexander Graf <graf@amazon.com>,
Jann Horn <jannh@google.com>,
Greg KH <gregkh@linuxfoundation.org>,
Dominik Brodowski <linux@dominikbrodowski.net>,
Theodore Ts'o <tytso@mit.edu>, Jakub Kicinski <kuba@kernel.org>
Subject: Re: [PATCH 3/3] wireguard: device: clear keys on VM fork
Date: Wed, 2 Mar 2022 08:06:16 -0500 [thread overview]
Message-ID: <20220302075957-mutt-send-email-mst@kernel.org> (raw)
In-Reply-To: <CAHmME9r6zXw6cByqpbhEBKkvpejrLqGMn55E-uOCQ0V1mQi1LQ@mail.gmail.com>
On Wed, Mar 02, 2022 at 12:44:45PM +0100, Jason A. Donenfeld wrote:
> Hi Michael,
>
> On Wed, Mar 2, 2022 at 9:36 AM Michael S. Tsirkin <mst@redhat.com> wrote:
> > Catastrophic cryptographic failure sounds bad :(
> > So in another thread we discussed that there's a race with this
> > approach, and we don't know how big it is. Question is how expensive
> > it would be to fix it properly checking for fork after every use of
> > key+nonce and before transmitting it. I did a quick microbenchmark
> > and it did not seem too bad - care posting some numbers?
>
> I followed up in that thread, which is a larger one, so it might be
> easiest to keep discussion there. My response to you here is the same
> as it was over there. :)
>
> https://lore.kernel.org/lkml/CAHmME9pf-bjnZuweoLqoFEmPy1OK7ogEgGEAva1T8uVTufhCuw@mail.gmail.com/
>
> Jason
Okay. The reason to respond here was since this is the user of the
interface. Maybe unite the patchsets?
Thanks,
--
MST
next prev parent reply other threads:[~2022-03-02 13:06 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-01 23:10 [PATCH 0/3] random: wire up in-kernel virtual machine fork notifications Jason A. Donenfeld
2022-03-01 23:10 ` [PATCH 1/3] random: replace custom notifier chain with standard one Jason A. Donenfeld
2022-03-02 5:33 ` Dominik Brodowski
2022-03-02 11:42 ` Jason A. Donenfeld
2022-03-02 14:53 ` Dominik Brodowski
2022-03-01 23:10 ` [PATCH 2/3] random: provide notifier for VM fork Jason A. Donenfeld
2022-03-02 8:53 ` Greg KH
2022-03-02 11:41 ` Jason A. Donenfeld
2022-03-01 23:10 ` [PATCH 3/3] wireguard: device: clear keys on " Jason A. Donenfeld
2022-03-01 23:25 ` Jakub Kicinski
2022-03-02 8:36 ` Michael S. Tsirkin
2022-03-02 11:44 ` Jason A. Donenfeld
2022-03-02 13:06 ` Michael S. Tsirkin [this message]
2022-03-13 1:07 ` [PATCH v2] " Jason A. Donenfeld
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220302075957-mutt-send-email-mst@kernel.org \
--to=mst@redhat.com \
--cc=Jason@zx2c4.com \
--cc=graf@amazon.com \
--cc=gregkh@linuxfoundation.org \
--cc=jannh@google.com \
--cc=kuba@kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@dominikbrodowski.net \
--cc=netdev@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.