On Fri, 25 Feb 2022 at 12:44, Jason A. Donenfeld <Jason@xxxxxxxxx> wrote: > > On Fri, Feb 25, 2022 at 12:26 PM Ard Biesheuvel <ardb@xxxxxxxxxx> wrote: > > > > On Thu, 24 Feb 2022 at 14:39, Jason A. Donenfeld <Jason@xxxxxxxxx> wrote: > > > > > > When a VM forks, we must immediately mix in additional information to > > > the stream of random output so that two forks or a rollback don't > > > produce the same stream of random numbers, which could have catastrophic > > > cryptographic consequences. This commit adds a simple API, add_vmfork_ > > > randomness(), for that, by force reseeding the crng. > > > > > > This has the added benefit of also draining the entropy pool and setting > > > its timer back, so that any old entropy that was there prior -- which > > > could have already been used by a different fork, or generally gone > > > stale -- does not contribute to the accounting of the next 256 bits. > > > > > > Cc: Dominik Brodowski <linux@xxxxxxxxxxxxxxxxxxxx> > > > Cc: Theodore Ts'o <tytso@xxxxxxx> > > > Cc: Jann Horn <jannh@xxxxxxxxxx> > > > Cc: Eric Biggers <ebiggers@xxxxxxxxxx> > > > Signed-off-by: Jason A. Donenfeld <Jason@xxxxxxxxx> > > > > Acked-by: Ard Biesheuvel <ardb@xxxxxxxxxx> > > Okay if I treat this as a Reviewed-by instead? Sure no problem. Reviewed-by: Ard Biesheuvel <ardb@xxxxxxxxxx>
