Re: repeatable boot randomness inside KVM guest

On Tue, Apr 17, 2018 at 04:42:39PM +0100, James Bottomley wrote: > Depends how the parameter is passed. If it can be influenced from the > command line then a large class of "trusted boot" systems actually > don't verify the command line, so you can boot a trusted system and > still inject bogus

Re: repeatable boot randomness inside KVM guest

On Tue, Apr 17, 2018 at 04:42:39PM +0100, James Bottomley wrote: > Depends how the parameter is passed. If it can be influenced from the > command line then a large class of "trusted boot" systems actually > don't verify the command line, so you can boot a trusted system and > still inject bogus

Re: repeatable boot randomness inside KVM guest

On Tue, 2018-04-17 at 11:16 -0400, Theodore Y. Ts'o wrote: > On Tue, Apr 17, 2018 at 12:57:12PM +0100, James Bottomley wrote: > > > > You don't have to compromise the bootloader to influence this, you > > merely have to trick it into providing the random number you > > wanted.  The bigger you

Re: repeatable boot randomness inside KVM guest

On Tue, 2018-04-17 at 11:16 -0400, Theodore Y. Ts'o wrote: > On Tue, Apr 17, 2018 at 12:57:12PM +0100, James Bottomley wrote: > > > > You don't have to compromise the bootloader to influence this, you > > merely have to trick it into providing the random number you > > wanted.  The bigger you

Re: repeatable boot randomness inside KVM guest

On Tue, 2018-04-17 at 07:07 -0700, Matthew Wilcox wrote: > On Tue, Apr 17, 2018 at 12:57:12PM +0100, James Bottomley wrote: > > On Tue, 2018-04-17 at 04:47 -0700, Matthew Wilcox wrote: > > > On Tue, Apr 17, 2018 at 10:13:34AM +0100, James Bottomley wrote: > > > > On Sat, 2018-04-14 at 17:41 -0700,

Re: repeatable boot randomness inside KVM guest

On Tue, 2018-04-17 at 07:07 -0700, Matthew Wilcox wrote: > On Tue, Apr 17, 2018 at 12:57:12PM +0100, James Bottomley wrote: > > On Tue, 2018-04-17 at 04:47 -0700, Matthew Wilcox wrote: > > > On Tue, Apr 17, 2018 at 10:13:34AM +0100, James Bottomley wrote: > > > > On Sat, 2018-04-14 at 17:41 -0700,

Re: repeatable boot randomness inside KVM guest

On Tue, Apr 17, 2018 at 12:57:12PM +0100, James Bottomley wrote: > > You don't have to compromise the bootloader to influence this, you > merely have to trick it into providing the random number you wanted. > The bigger you make the attack surface (the more inputs) the more > likelihood of

Re: repeatable boot randomness inside KVM guest

On Tue, Apr 17, 2018 at 12:57:12PM +0100, James Bottomley wrote: > > You don't have to compromise the bootloader to influence this, you > merely have to trick it into providing the random number you wanted. > The bigger you make the attack surface (the more inputs) the more > likelihood of

Re: repeatable boot randomness inside KVM guest

On Tue, Apr 17, 2018 at 12:57:12PM +0100, James Bottomley wrote: > On Tue, 2018-04-17 at 04:47 -0700, Matthew Wilcox wrote: > > On Tue, Apr 17, 2018 at 10:13:34AM +0100, James Bottomley wrote: > > > On Sat, 2018-04-14 at 17:41 -0700, Matthew Wilcox wrote: > > > > On Sat, Apr 14, 2018 at 06:44:19PM

Re: repeatable boot randomness inside KVM guest

On Tue, Apr 17, 2018 at 12:57:12PM +0100, James Bottomley wrote: > On Tue, 2018-04-17 at 04:47 -0700, Matthew Wilcox wrote: > > On Tue, Apr 17, 2018 at 10:13:34AM +0100, James Bottomley wrote: > > > On Sat, 2018-04-14 at 17:41 -0700, Matthew Wilcox wrote: > > > > On Sat, Apr 14, 2018 at 06:44:19PM

Re: repeatable boot randomness inside KVM guest

On Tue, 2018-04-17 at 04:47 -0700, Matthew Wilcox wrote: > On Tue, Apr 17, 2018 at 10:13:34AM +0100, James Bottomley wrote: > > On Sat, 2018-04-14 at 17:41 -0700, Matthew Wilcox wrote: > > > On Sat, Apr 14, 2018 at 06:44:19PM -0400, Theodore Y. Ts'o wrote: > > > > What needs to happen is freelist

Re: repeatable boot randomness inside KVM guest

On Tue, 2018-04-17 at 04:47 -0700, Matthew Wilcox wrote: > On Tue, Apr 17, 2018 at 10:13:34AM +0100, James Bottomley wrote: > > On Sat, 2018-04-14 at 17:41 -0700, Matthew Wilcox wrote: > > > On Sat, Apr 14, 2018 at 06:44:19PM -0400, Theodore Y. Ts'o wrote: > > > > What needs to happen is freelist

Re: repeatable boot randomness inside KVM guest

On Tue, Apr 17, 2018 at 10:13:34AM +0100, James Bottomley wrote: > On Sat, 2018-04-14 at 17:41 -0700, Matthew Wilcox wrote: > > On Sat, Apr 14, 2018 at 06:44:19PM -0400, Theodore Y. Ts'o wrote: > > > What needs to happen is freelist should get randomized much later > > > in the boot sequence.  

Re: repeatable boot randomness inside KVM guest

On Tue, Apr 17, 2018 at 10:13:34AM +0100, James Bottomley wrote: > On Sat, 2018-04-14 at 17:41 -0700, Matthew Wilcox wrote: > > On Sat, Apr 14, 2018 at 06:44:19PM -0400, Theodore Y. Ts'o wrote: > > > What needs to happen is freelist should get randomized much later > > > in the boot sequence.  

Re: repeatable boot randomness inside KVM guest

On Sat, 2018-04-14 at 17:41 -0700, Matthew Wilcox wrote: > On Sat, Apr 14, 2018 at 06:44:19PM -0400, Theodore Y. Ts'o wrote: > > What needs to happen is freelist should get randomized much later > > in the boot sequence.  Doing it later will require locking; I don't > > know enough about the

Re: repeatable boot randomness inside KVM guest

On Sat, 2018-04-14 at 17:41 -0700, Matthew Wilcox wrote: > On Sat, Apr 14, 2018 at 06:44:19PM -0400, Theodore Y. Ts'o wrote: > > What needs to happen is freelist should get randomized much later > > in the boot sequence.  Doing it later will require locking; I don't > > know enough about the

Re: repeatable boot randomness inside KVM guest

On Mon, Apr 16, 2018 at 04:15:44PM +, Thomas Garnier wrote: > On Mon, Apr 16, 2018 at 8:54 AM Kees Cook wrote: > > > On Sat, Apr 14, 2018 at 3:44 PM, Theodore Y. Ts'o wrote: > > > +linux...@kvack.org > > > k...@vger.kernel.org, secur...@kernel.org moved

Re: repeatable boot randomness inside KVM guest

On Mon, Apr 16, 2018 at 04:15:44PM +, Thomas Garnier wrote: > On Mon, Apr 16, 2018 at 8:54 AM Kees Cook wrote: > > > On Sat, Apr 14, 2018 at 3:44 PM, Theodore Y. Ts'o wrote: > > > +linux...@kvack.org > > > k...@vger.kernel.org, secur...@kernel.org moved to bcc > > > > > > On Sat, Apr 14,

Re: repeatable boot randomness inside KVM guest

On Mon, Apr 16, 2018 at 8:54 AM Kees Cook wrote: > On Sat, Apr 14, 2018 at 3:44 PM, Theodore Y. Ts'o wrote: > > +linux...@kvack.org > > k...@vger.kernel.org, secur...@kernel.org moved to bcc > > > > On Sat, Apr 14, 2018 at 10:59:21PM +0300, Alexey Dobriyan

Re: repeatable boot randomness inside KVM guest

On Mon, Apr 16, 2018 at 8:54 AM Kees Cook wrote: > On Sat, Apr 14, 2018 at 3:44 PM, Theodore Y. Ts'o wrote: > > +linux...@kvack.org > > k...@vger.kernel.org, secur...@kernel.org moved to bcc > > > > On Sat, Apr 14, 2018 at 10:59:21PM +0300, Alexey Dobriyan wrote: > >> SLAB allocators got

Re: repeatable boot randomness inside KVM guest

On Sat, Apr 14, 2018 at 3:44 PM, Theodore Y. Ts'o wrote: > +linux...@kvack.org > k...@vger.kernel.org, secur...@kernel.org moved to bcc > > On Sat, Apr 14, 2018 at 10:59:21PM +0300, Alexey Dobriyan wrote: >> SLAB allocators got CONFIG_SLAB_FREELIST_RANDOM option which randomizes >>

Re: repeatable boot randomness inside KVM guest

On Sat, Apr 14, 2018 at 3:44 PM, Theodore Y. Ts'o wrote: > +linux...@kvack.org > k...@vger.kernel.org, secur...@kernel.org moved to bcc > > On Sat, Apr 14, 2018 at 10:59:21PM +0300, Alexey Dobriyan wrote: >> SLAB allocators got CONFIG_SLAB_FREELIST_RANDOM option which randomizes >> allocation

Re: repeatable boot randomness inside KVM guest

On Sat, Apr 14, 2018 at 06:44:19PM -0400, Theodore Y. Ts'o wrote: > What needs to happen is freelist should get randomized much later in > the boot sequence. Doing it later will require locking; I don't know > enough about the slab/slub code to know whether the slab_mutex would > be sufficient,

Re: repeatable boot randomness inside KVM guest

On Sat, Apr 14, 2018 at 06:44:19PM -0400, Theodore Y. Ts'o wrote: > What needs to happen is freelist should get randomized much later in > the boot sequence. Doing it later will require locking; I don't know > enough about the slab/slub code to know whether the slab_mutex would > be sufficient,

Re: repeatable boot randomness inside KVM guest

On Sat, Apr 14, 2018 at 03:41:42PM -0700, Andy Lutomirski wrote: > On Sat, Apr 14, 2018 at 12:59 PM, Alexey Dobriyan wrote: > > SLAB allocators got CONFIG_SLAB_FREELIST_RANDOM option which randomizes > > allocation pattern inside a slab: > > > > > > #ifdef

Re: repeatable boot randomness inside KVM guest

On Sat, Apr 14, 2018 at 03:41:42PM -0700, Andy Lutomirski wrote: > On Sat, Apr 14, 2018 at 12:59 PM, Alexey Dobriyan wrote: > > SLAB allocators got CONFIG_SLAB_FREELIST_RANDOM option which randomizes > > allocation pattern inside a slab: > > > > > > #ifdef CONFIG_SLAB_FREELIST_RANDOM > >

Re: repeatable boot randomness inside KVM guest

+linux...@kvack.org k...@vger.kernel.org, secur...@kernel.org moved to bcc On Sat, Apr 14, 2018 at 10:59:21PM +0300, Alexey Dobriyan wrote: > SLAB allocators got CONFIG_SLAB_FREELIST_RANDOM option which randomizes > allocation pattern inside a slab: > > int cache_random_seq_create(struct

Re: repeatable boot randomness inside KVM guest

+linux...@kvack.org k...@vger.kernel.org, secur...@kernel.org moved to bcc On Sat, Apr 14, 2018 at 10:59:21PM +0300, Alexey Dobriyan wrote: > SLAB allocators got CONFIG_SLAB_FREELIST_RANDOM option which randomizes > allocation pattern inside a slab: > > int cache_random_seq_create(struct

Re: repeatable boot randomness inside KVM guest

On Sat, Apr 14, 2018 at 12:59 PM, Alexey Dobriyan wrote: > SLAB allocators got CONFIG_SLAB_FREELIST_RANDOM option which randomizes > allocation pattern inside a slab: > > > #ifdef CONFIG_SLAB_FREELIST_RANDOM > /* Pre-initialize the random sequence cache */ >

Re: repeatable boot randomness inside KVM guest

On Sat, Apr 14, 2018 at 12:59 PM, Alexey Dobriyan wrote: > SLAB allocators got CONFIG_SLAB_FREELIST_RANDOM option which randomizes > allocation pattern inside a slab: > > > #ifdef CONFIG_SLAB_FREELIST_RANDOM > /* Pre-initialize the random sequence cache */ > static int