On Fri, Sep 19, 2014 at 09:40:42AM -0700, H. Peter Anvin wrote:
There is a huge disadvantage to the fact that CPUID is a user space
instruction, though.
But if the goal is to provide something like getrandom(2) direct from
the Host OS, it's not necessarily harmful to allow the Guest ring 3
On Fri, Sep 19, 2014 at 03:06:55PM -0700, Andy Lutomirski wrote:
On Fri, Sep 19, 2014 at 3:05 PM, Theodore Ts'o ty...@mit.edu wrote:
On Fri, Sep 19, 2014 at 09:40:42AM -0700, H. Peter Anvin wrote:
There is a huge disadvantage to the fact that CPUID is a user space
instruction, though
On Fri, Sep 19, 2014 at 04:29:53PM -0700, H. Peter Anvin wrote:
Actually, a much bigger reason is because it lets rogue guest *user
space*, even will a well-behaved guest OS, do something potentially
harmful to the host.
Right, but if the host kernel is dependent on the guest OS for
On Wed, Aug 13, 2014 at 12:48:41AM -0700, H. Peter Anvin wrote:
The proposed arch_get_rng_seed() is not really what it claims to be; it
most definitely does not produce seed-grade randomness, instead it seems
to be an arch function for best-effort initialization of the entropy
pools -- which
On Wed, Aug 13, 2014 at 10:45:25AM -0700, H. Peter Anvin wrote:
On 08/13/2014 09:13 AM, Andy Lutomirski wrote:
Sounds good to me.
FWIW, I'd like to see a second use added in random.c: I think that we
should do this, or even all of init_std_data, on resume from suspend
and especially
On Tue, Aug 12, 2014 at 12:11:29PM -0700, Andy Lutomirski wrote:
What's the status of this series? I assume that it's too late for at
least patches 2-5 to make it into 3.17.
Which tree were you hoping this patch series to go through? I was
assuming it would go through the x86 tree since the
...@amacapital.net
Acked-by: Theodore Ts'o ty...@mit.edu
- Ted
--
To unsubscribe from this list: send the line unsubscribe kvm in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
On Thu, Jul 17, 2014 at 11:22:17AM -0700, Andy Lutomirski wrote:
Currently, init_std_data contains its own logic for using arch
random sources. This logic is a bit strange: it reads one long of
arch random data per byte of internal state.
This isn't true. Check out the init_std_data() a bit
On Wed, Jul 16, 2014 at 09:55:15PM -0700, H. Peter Anvin wrote:
On 07/16/2014 05:03 PM, Andy Lutomirski wrote:
I meant that prandom isn't using rdrand for early seeding.
We should probably fix that.
It wouldn't hurt to explicitly use arch_get_random_long() in prandom,
but it does use
On Thu, Jul 17, 2014 at 10:12:27AM -0700, Andy Lutomirski wrote:
Unless I'm reading the code wrong, the prandom_reseed_late call can
happen after userspace is running.
But there is also the prandom_reseed() call, which happens early.
10 matches
Mail list logo