From: Andy Lutomirski <luto@amacapital.net>
To: kvm@vger.kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
Theodore Ts'o <tytso@mit.edu>,
linux-kernel@vger.kernel.org, Kees Cook <keescook@chromium.org>,
x86@kernel.org
Cc: Daniel Borkmann <dborkman@redhat.com>,
Srivatsa Vaddagiri <vatsa@linux.vnet.ibm.com>,
Raghavendra K T <raghavendra.kt@linux.vnet.ibm.com>,
Gleb Natapov <gleb@kernel.org>,
Paolo Bonzini <pbonzini@redhat.com>,
bsd@redhat.com, Andrew Honig <ahonig@google.com>,
Andy Lutomirski <luto@amacapital.net>
Subject: [PATCH v5 0/5] random,x86,kvm: Rework arch RNG seeds and get some from kvm
Date: Wed, 23 Jul 2014 21:57:26 -0700 [thread overview]
Message-ID: <cover.1406177531.git.luto@amacapital.net> (raw)
This introduces and uses a very simple synchronous mechanism to get
/dev/urandom-style bits appropriate for initial KVM PV guest RNG
seeding.
It also re-works the way that architectural random data is fed into
random.c's pools. I added a new arch hook called arch_get_rng_seed.
The default implementation is more or less the same as the current
code, except that random_get_entropy is now called unconditionally.
x86 gets a custom arch_get_rng_seed. It will use KVM_GET_RNG_SEED
if available, and, if it does anything, it will log the number of
bits collected from each available architectural source. If more
paravirt seed sources show up, it will be a natural place to add
them.
I sent the corresponding kvm-unit-tests and qemu changes separately.
Changes from v4:
- Got rid of the RDRAND behavior change. If this series is accepted,
I may resend it separately, but I think it's an unrelated issue.
- Fix up the changelog entries -- I misunderstood how the old code
worked.
- Avoid lots of failed attempts to use KVM_GET_RNG_SEED if it's not
available.
Changes from v3:
- Other than KASLR, the guest pieces are completely rewritten.
Patches 2-4 have essentially nothing in common with v2.
Changes from v2:
- Bisection fix (patch 2 had a misplaced brace). The final states is
identical to that of v2.
- Improve the 0/5 description a little bit.
Changes from v1:
- Split patches 2 and 3
- Log all arch sources in init_std_data
- Fix the 32-bit kaslr build
Andy Lutomirski (5):
x86,kvm: Add MSR_KVM_GET_RNG_SEED and a matching feature bit
random: Add and use arch_get_rng_seed
x86,random: Add an x86 implementation of arch_get_rng_seed
x86,random,kvm: Use KVM_GET_RNG_SEED in arch_get_rng_seed
x86,kaslr: Use MSR_KVM_GET_RNG_SEED for KASLR if available
Documentation/virtual/kvm/cpuid.txt | 3 ++
arch/x86/Kconfig | 4 ++
arch/x86/boot/compressed/aslr.c | 27 +++++++++++++
arch/x86/include/asm/archrandom.h | 6 +++
arch/x86/include/asm/kvm_guest.h | 9 +++++
arch/x86/include/asm/processor.h | 21 ++++++++--
arch/x86/include/uapi/asm/kvm_para.h | 2 +
arch/x86/kernel/Makefile | 2 +
arch/x86/kernel/archrandom.c | 74 ++++++++++++++++++++++++++++++++++++
arch/x86/kernel/kvm.c | 10 +++++
arch/x86/kvm/cpuid.c | 3 +-
arch/x86/kvm/x86.c | 4 ++
drivers/char/random.c | 14 +++++--
include/linux/random.h | 40 +++++++++++++++++++
14 files changed, 212 insertions(+), 7 deletions(-)
create mode 100644 arch/x86/kernel/archrandom.c
--
1.9.3
next reply other threads:[~2014-07-24 4:57 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-24 4:57 Andy Lutomirski [this message]
2014-07-24 4:57 ` [PATCH v5 1/5] x86,kvm: Add MSR_KVM_GET_RNG_SEED and a matching feature bit Andy Lutomirski
2014-07-31 11:56 ` Paolo Bonzini
2014-07-24 4:57 ` [PATCH v5 2/5] random: Add and use arch_get_rng_seed Andy Lutomirski
2014-07-29 23:46 ` Andy Lutomirski
2014-08-04 22:25 ` Theodore Ts'o
2014-07-24 4:57 ` [PATCH v5 3/5] x86,random: Add an x86 implementation of arch_get_rng_seed Andy Lutomirski
2014-07-24 4:57 ` [PATCH v5 4/5] x86,random,kvm: Use KVM_GET_RNG_SEED in arch_get_rng_seed Andy Lutomirski
2014-07-31 11:56 ` Paolo Bonzini
2014-07-24 4:57 ` [PATCH v5 5/5] x86,kaslr: Use MSR_KVM_GET_RNG_SEED for KASLR if available Andy Lutomirski
2014-07-31 11:56 ` Paolo Bonzini
2014-08-12 19:11 ` [PATCH v5 0/5] random,x86,kvm: Rework arch RNG seeds and get some from kvm Andy Lutomirski
2014-08-12 19:17 ` Theodore Ts'o
2014-08-12 19:22 ` Andy Lutomirski
2014-08-13 7:48 ` H. Peter Anvin
2014-08-13 8:37 ` Andy Lutomirski
2014-08-13 14:32 ` Theodore Ts'o
2014-08-13 16:13 ` Andy Lutomirski
2014-08-13 17:45 ` H. Peter Anvin
2014-08-13 18:22 ` Theodore Ts'o
2014-08-13 18:33 ` Andy Lutomirski
2014-08-13 18:44 ` H. Peter Anvin
2014-08-14 2:41 ` H. Peter Anvin
2014-08-14 5:14 ` Andy Lutomirski
2014-08-17 8:44 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1406177531.git.luto@amacapital.net \
--to=luto@amacapital.net \
--cc=ahonig@google.com \
--cc=bsd@redhat.com \
--cc=dborkman@redhat.com \
--cc=gleb@kernel.org \
--cc=hpa@zytor.com \
--cc=keescook@chromium.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=raghavendra.kt@linux.vnet.ibm.com \
--cc=tytso@mit.edu \
--cc=vatsa@linux.vnet.ibm.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).