On Fri, Sep 19, 2014 at 03:06:55PM -0700, Andy Lutomirski wrote:
> On Fri, Sep 19, 2014 at 3:05 PM, Theodore Ts'o <tytso@xxxxxxx> wrote:
> > On Fri, Sep 19, 2014 at 09:40:42AM -0700, H. Peter Anvin wrote:
> >>
> >> There is a huge disadvantage to the fact that CPUID is a user space
> >> instruction, though.
> >
> > But if the goal is to provide something like getrandom(2) direct from
> > the Host OS, it's not necessarily harmful to allow the Guest ring 3
> > code to be able to fetch randomness in that way. The hypervisor can
> > implement rate limiting to protect against the guest using this too
> > frequently, but this is something that you should be doing for guest
> > ring 0 code anyway, since from the POV of the hypervisor Guest ring 0
> > is not necessarily any more trusted than Guest ring 3.
>
> On the other hand, the guest kernel might not want the guest ring 3 to
> be able to get random numbers.
Um, why?
We're talking about using this to seed the RNG, and not something that
the guest kernel would be using continuously. So what's the problem
with letting the guest ring get random numbers from the host?
- Ted
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
