On Wed, Mar 02, 2022 at 12:10:37AM +0100, Jason A. Donenfeld wrote:
> Drivers such as WireGuard need to learn when VMs fork in order to clear
> sessions. This commit provides a simple notifier_block for that, with a
> register and unregister function. When no VM fork detection is compiled
> in, this turns into a no-op, similar to how the power notifier works.
>
> Cc: Dominik Brodowski <linux@xxxxxxxxxxxxxxxxxxxx>
> Cc: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
> Cc: Theodore Ts'o <tytso@xxxxxxx>
> Signed-off-by: Jason A. Donenfeld <Jason@xxxxxxxxx>
> ---
> drivers/char/random.c | 15 +++++++++++++++
> include/linux/random.h | 5 +++++
> 2 files changed, 20 insertions(+)
>
> diff --git a/drivers/char/random.c b/drivers/char/random.c
> index 6bd1bbab7392..483fd2dc2057 100644
> --- a/drivers/char/random.c
> +++ b/drivers/char/random.c
> @@ -1141,6 +1141,8 @@ void add_bootloader_randomness(const void *buf, size_t size)
> EXPORT_SYMBOL_GPL(add_bootloader_randomness);
>
> #if IS_ENABLED(CONFIG_VMGENID)
> +static BLOCKING_NOTIFIER_HEAD(vmfork_notifier);
> +
> /*
> * Handle a new unique VM ID, which is unique, not secret, so we
> * don't credit it, but we do immediately force a reseed after so
> @@ -1152,11 +1154,24 @@ void add_vmfork_randomness(const void *unique_vm_id, size_t size)
> if (crng_ready()) {
> crng_reseed(true);
> pr_notice("crng reseeded due to virtual machine fork\n");
> + blocking_notifier_call_chain(&vmfork_notifier, 0, NULL);
> }
> }
> #if IS_MODULE(CONFIG_VMGENID)
> EXPORT_SYMBOL_GPL(add_vmfork_randomness);
> #endif
> +
> +int register_random_vmfork_notifier(struct notifier_block *nb)
> +{
> + return blocking_notifier_chain_register(&vmfork_notifier, nb);
> +}
> +EXPORT_SYMBOL_GPL(register_random_vmfork_notifier);
> +
> +int unregister_random_vmfork_notifier(struct notifier_block *nb)
> +{
> + return blocking_notifier_chain_unregister(&vmfork_notifier, nb);
> +}
> +EXPORT_SYMBOL_GPL(unregister_random_vmfork_notifier);
> #endif
>
> struct fast_pool {
> diff --git a/include/linux/random.h b/include/linux/random.h
> index e84b6fa27435..7fccbc7e5a75 100644
> --- a/include/linux/random.h
> +++ b/include/linux/random.h
> @@ -31,6 +31,11 @@ extern void add_hwgenerator_randomness(const void *buffer, size_t count,
> size_t entropy);
> #if IS_ENABLED(CONFIG_VMGENID)
> extern void add_vmfork_randomness(const void *unique_vm_id, size_t size);
> +extern int register_random_vmfork_notifier(struct notifier_block *nb);
> +extern int unregister_random_vmfork_notifier(struct notifier_block *nb);
> +#else
> +static inline int register_random_vmfork_notifier(struct notifier_block *nb) { return 0; }
> +static inline int unregister_random_vmfork_notifier(struct notifier_block *nb) { return 0; }
> #endif
>
> extern void get_random_bytes(void *buf, size_t nbytes);
> --
> 2.35.1
>
It seems crazy that the "we just were spawned as a new vm" notifier is
based in the random driver, but sure, put it here for now! :)
Reviewed-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
