On Wed, Oct 29, 2014 at 9:29 AM, Jake Oshins <[email protected]> wrote: > >>I have no objection to specifying that these reads may be quite slow. >>Guests should only use them at boot and if they have some reason to >>distrust their RNG pool. > >>The latter can legitimately happen after various types of suspend or >>after migration (detected by VM Generation ID, for example). > > Just as a point of clarification, the VM Generation ID changes (at least in > the Hyper-V implementation) only when the VM may have observed a different > future, as when a VM backup is restored, a checkpoint is applied, etc. It > does not change during migration, when the VM is suspended or when it is > rebooted. I've heard anecdotes from application vendors saying that there is > some other hypervisor that actually does change the ID at these moments and > they wanted us to us to fix that, until I explained that I only control > Hyper-V. >
Fair enough. If the VM may indeed have observed a different future, then I would argue that reseeding the RNG is very important -- more so than after a normal migration. If the VM trusts that its other history hasn't been compromised, then merely mixing in a unique value would get most of the benefit. --Andy > -- Jake Oshins > -- Andy Lutomirski AMA Capital Management, LLC _______________________________________________ Virtualization mailing list [email protected] https://lists.linuxfoundation.org/mailman/listinfo/virtualization
