On Fri, Sep 19, 2014 at 3:06 PM, Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote: > On Fri, Sep 19, 2014 at 3:05 PM, Theodore Ts'o <tytso@xxxxxxx> wrote: >> On Fri, Sep 19, 2014 at 09:40:42AM -0700, H. Peter Anvin wrote: >>> >>> There is a huge disadvantage to the fact that CPUID is a user space >>> instruction, though. >> >> But if the goal is to provide something like getrandom(2) direct from >> the Host OS, it's not necessarily harmful to allow the Guest ring 3 >> code to be able to fetch randomness in that way. The hypervisor can >> implement rate limiting to protect against the guest using this too >> frequently, but this is something that you should be doing for guest >> ring 0 code anyway, since from the POV of the hypervisor Guest ring 0 >> is not necessarily any more trusted than Guest ring 3. > > On the other hand, the guest kernel might not want the guest ring 3 to > be able to get random numbers. > But the RDSEED instruction, for example, is available in user-level. And I'm not sure that the kernel can do something with that. -- Jun Intel Open Source Technology Center -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html