From mboxrd@z Thu Jan 1 00:00:00 1970 From: Pavel Machek Subject: Re: [RFC]: mm,power: introduce MADV_WIPEONSUSPEND Date: Sat, 4 Jul 2020 13:48:20 +0200 Message-ID: <20200704114820.GA16083@amd> References: <20200703224411.GC25072@amd> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="h31gzZEtNLTqOjlF" Return-path: Content-Disposition: inline In-Reply-To: Sender: linux-api-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org To: Jann Horn Cc: "Catangiu, Adrian Costin" , "linux-mm-Bw31MaZKKs3YtjvyW6yDsg@public.gmane.org" , "linux-pm-u79uwXL29TY76Z2rM5mHXA@public.gmane.org" , "virtualization-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org" , "linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org" , "akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org" , "rjw-LthD3rsA81gm4RdzfppkhA@public.gmane.org" , "len.brown-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org" , "mhocko-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org" , "fweimer-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org" , "keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org" , "luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org" , "wad-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org" , "mingo-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org" , "bonzini-mXXj517/zsQ@public.gmane.org" , "Graf (AWS), Alexander" List-Id: virtualization@lists.linuxfoundation.org --h31gzZEtNLTqOjlF Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi! > > > Cryptographic libraries carry pseudo random number generators to > > > quickly provide randomness when needed. If such a random pool gets > > > cloned, secrets may get revealed, as the same random number may get > > > used multiple times. For fork, this was fixed using the WIPEONFORK > > > madvise flag [1]. > > > > > Unfortunately, the same problem surfaces when a virtual machine gets > > > cloned. The existing flag does not help there. This patch introduces a > > > new flag to automatically clear memory contents on VM suspend/resume, > > > which will allow random number generators to reseed when virtual > > > machines get cloned. > > > > Umm. If this is real problem, should kernel provide such rng in the > > vsdo page using vsyscalls? Kernel can have special interface to its > > vsyscalls, but we may not want to offer this functionality to rest of > > userland... >=20 > And then the kernel would just need to maintain a sequence > number in the vDSO data page that gets bumped on suspen Yes, something like that would work. Plus, we'd be free to change the mechanism in future. Best regards, Pavel --=20 (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blo= g.html --h31gzZEtNLTqOjlF Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAl8AbIQACgkQMOfwapXb+vKmPACeIrmKuoNf1JXiUYxPw51Y90fr M6oAnjRxd9sUbS8IWUhsIH7VWkQJzbQT =mrV7 -----END PGP SIGNATURE----- --h31gzZEtNLTqOjlF--