[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] RFC: virtio-rng and /dev/urandom
From: |
H. Peter Anvin |
Subject: |
Re: [Qemu-devel] RFC: virtio-rng and /dev/urandom |
Date: |
Mon, 18 Apr 2016 14:45:29 -0700 |
User-agent: |
K-9 Mail for Android |
On April 18, 2016 4:26:24 AM PDT, "Daniel P. Berrange" <address@hidden> wrote:
>On Mon, Apr 18, 2016 at 01:07:40PM +0200, Hubert Kario wrote:
>> On Monday 18 April 2016 02:46:19 H. Peter Anvin wrote:
>> > Another thing that really needs to be addressed, but is a separate
>> > issue: invalidating and reseeding the entropy pool after a snapshot
>> > event.
>>
>> definitely agreed
>>
>> though just reseeding would be sufficient - the goal is to make the
>> output unpredictable and unique between multiple machines starting
>from
>> the same snapshot, feeding enough random data to make the entropy
>pool
>> unique again is sufficient to achieve that
>
>If you're spawning multiple machines from the same base snapshot,
>the seeding of RNG is just one of many many things that need
>dealing with. eg new /etc/machine-id, new ssh host keys, changing
>MAC address of NICs with corresponding guest config file changes,
>many other application specific identifiers / keys intended to
>be unique per machine. As such, libvirt explicitly tries to
>prevent you spawning multiple machines from the same snapshot.
>
>That all said, Microsoft HyperV has defined a concept of a
>"Virtual Machine Generation ID" and specified various hypervisor
>operations which should result in this value changing[1]. For example
>restoring from a snapshot should always change the genid, as would
>restoring from backup, or cloned from another image, or failed over
>during disaster recovery.
>
>This vm genid is exposed to the guest via ACPI and there's an
>notification whenever it changes.
>
>There are patches for QEMU[2] to support this feature in a manner that
>is compatible with the hyperv spec, but they are sadly still not
>merged :-(
>
>So it would be possible for the Linux kernel to re-initialize its
>RNG after snapshot by hooking into the vm-genid ACPI notification.
>
>
>Regards,
>Daniel
>
>[1]
>https://lists.nongnu.org/archive/html/qemu-devel/2014-10/msg00489.html
>[2] https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg05599.html
There are multiple machines, and there are snapshots restored.
--
Sent from my Android device with K-9 Mail. Please excuse brevity and formatting.
Re: [Qemu-devel] [libvirt] RFC: virtio-rng and /dev/urandom, Yaniv Kaul, 2016/04/19
Re: [Qemu-devel] RFC: virtio-rng and /dev/urandom, H. Peter Anvin, 2016/04/15
Re: [Qemu-devel] RFC: virtio-rng and /dev/urandom, Cole Robinson, 2016/04/20