Am Montag, 2. Mai 2016, 05:00:47 schrieb Jeffrey Walton: Hi Jeffrey, > On Mon, May 2, 2016 at 2:26 AM, Theodore Ts'o <tytso@xxxxxxx> wrote: > > From: Stephan Mueller <smueller@xxxxxxxxxx> > > > > The Hyper-V Linux Integration Services use the VMBus implementation for > > communication with the Hypervisor. VMBus registers its own interrupt > > handler that completely bypasses the common Linux interrupt handling. > > This implies that the interrupt entropy collector is not triggered. > > ... > > Stephan correctly identified the problem of virtualized environments > in his paper, but there does not appear to be any real defenses in > place for VM rollback attacks. The issue the patch addresses is only that on Hyper-V with para-virt drivers, the /dev/random implementation does not receive interrupts. The issue of rollback (if you refer to activating an earlier saved image of the guest) is a real issue the guest cannot do anything about it that is effective (i.e. the guest can do without the help of the VMM). Note, rollback is just a special case of a much broader issue of the duplication of the RNG state by the VMM (be it snapshots, move of a guest to another VMM, suspend/resume, ...). However, the patch to enable interrupts does not seem to be related to that issue as interrupts are not re-issued in case of rollbacks, are they? Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
