On Sun 12-07-20 09:22:28, Pavel Machek wrote: > On Tue 2020-07-07 12:00:41, Colm MacCarthaigh wrote: > > > > > > On 7 Jul 2020, at 9:37, Pavel Machek wrote: > > > Please go through the thread and try to understand it. > > > > > > You'd need syscalls per get_randomness(), not per migration. > > > > I think one check per get_randomness() is sufficient, though putting it at > > the end of the critical section rather than the beginning helps. > > Yeah, well, one syscall is still enough to make it useless. I am sorry but I really do not follow. Why would you want to call a syscall on each get_randomness invocation? Why is it not enough to simply have a flag that tells that an external event has happened and reinitialize if the flag is set? Yes this wouldn't be really sync operation but does that matter? Is using a few random numbers from the old pool just because the notifier hasn't processed and flag the situation a major security concern? Btw. let me just clarify that I am not by any means pushing a solution like that. All I am saying is that MADV_WIPEONSUSPEND is inherently subtle interface that we likely want to avoid. -- Michal Hocko SUSE Labs
