[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] migration: add capability to bypass the shared
|
From: |
Peng Tao |
|
Subject: |
Re: [Qemu-devel] [PATCH] migration: add capability to bypass the shared memory |
|
Date: |
Tue, 3 Jul 2018 12:09:33 +0800 |
On Tue, Jul 3, 2018 at 6:15 AM, Andrea Arcangeli <address@hidden> wrote:
> Hello,
>
> On Mon, Jul 02, 2018 at 09:52:08PM +0800, Peng Tao wrote:
>> I think we can write some host generated random seeds to guest's
>> urandom device, when cloning VMs from the same template before handing
>> it to users. Is it enough or do you think there are more to do w/
>> re-randomizing?
>
> That may be enough, but it's critically important to get
> right. Reusing the same /dev/urandom number just twice on two
> different operations, can lead to leak of the entire private key even
> if the reused random number itself is not predictable.
>
> You may want to look into the upstream random number generator that
> can be configured at build time to printk() a warning if it's being
> used at boot before it had its "shutdown" state restored. It would
> sound safer if you could re-trigger such warning post vmrestore of a
> cloned image if userland uses random number before the random number
> has been re-seeded post vmrestore. With a full loaded userland running
> immediately post vmrestore, an userland race condition would otherwise
> risk to go unnoticed.
>
Good point! Thanks a lot!
Cheers,
Tao
Re: [Qemu-devel] [PATCH] migration: add capability to bypass the shared memory, Andrea Arcangeli, 2018/07/02