Re: Standardizing an MSR or other hypercall to get an RNG seed?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Sep 19, 2014 at 3:06 PM, Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote:
> On Fri, Sep 19, 2014 at 3:05 PM, Theodore Ts'o <tytso@xxxxxxx> wrote:
>> On Fri, Sep 19, 2014 at 09:40:42AM -0700, H. Peter Anvin wrote:
>>>
>>> There is a huge disadvantage to the fact that CPUID is a user space
>>> instruction, though.
>>
>> But if the goal is to provide something like getrandom(2) direct from
>> the Host OS, it's not necessarily harmful to allow the Guest ring 3
>> code to be able to fetch randomness in that way.  The hypervisor can
>> implement rate limiting to protect against the guest using this too
>> frequently, but this is something that you should be doing for guest
>> ring 0 code anyway, since from the POV of the hypervisor Guest ring 0
>> is not necessarily any more trusted than Guest ring 3.
>
> On the other hand, the guest kernel might not want the guest ring 3 to
> be able to get random numbers.
>

But the RDSEED instruction, for example, is available in user-level.
And I'm not sure that the kernel can do something with that.

-- 
Jun
Intel Open Source Technology Center
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]
  Powered by Linux