[resend in the hope that amazon will accept my mail this time instead of replying "550 Too many invalid recipients" again] On Fri, Nov 20, 2020 at 11:29 PM Jann Horn <jannh@xxxxxxxxxx> wrote: > On Mon, Nov 16, 2020 at 4:35 PM Catangiu, Adrian Costin > <acatan@xxxxxxxxxx> wrote: > > This patch is a driver that exposes a monotonic incremental Virtual > > Machine Generation u32 counter via a char-dev FS interface that > > provides sync and async VmGen counter updates notifications. It also > > provides VmGen counter retrieval and confirmation mechanisms. > > > > The hw provided UUID is not exposed to userspace, it is internally > > used by the driver to keep accounting for the exposed VmGen counter. > > The counter starts from zero when the driver is initialized and > > monotonically increments every time the hw UUID changes (the VM > > generation changes). > > > > On each hw UUID change, the new hypervisor-provided UUID is also fed > > to the kernel RNG. > > As for v1: > > Is there a reasonable usecase for the "confirmation" mechanism? It > doesn't seem very useful to me. > > How do you envision integrating this with libraries that have to work > in restrictive seccomp sandboxes? If this was in the vDSO, that would > be much easier.
