[v2] rerandomize RNG seeds on reboot and handle record&replay

[PATCH v2 0/8] rerandomize RNG seeds on reboot and handle record&replay

Jason A. Donenfeld posted 8 patches 3 years, 3 months ago

Diff against v3 v4
Download series mbox

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20221011204645.1160916-1-Jason@zx2c4.com

Maintainers: "Cédric Le Goater" <clg@kaod.org>, Peter Maydell <peter.maydell@linaro.org>, Andrew Jeffery <andrew@aj.id.au>, Joel Stanley <joel@jms.id.au>, Richard Henderson <richard.henderson@linaro.org>, Helge Deller <deller@gmx.de>, Sergio Lopez <slp@redhat.com>, Paolo Bonzini <pbonzini@redhat.com>, "Michael S. Tsirkin" <mst@redhat.com>, Marcel Apfelbaum <marcel.apfelbaum@gmail.com>, Eduardo Habkost <eduardo@habkost.net>, Paul Burton <paulburton@kernel.org>, Aleksandar Rikalo <aleksandar.rikalo@syrmia.com>, "Philippe Mathieu-Daudé" <f4bug@amsat.org>, Stafford Horne <shorne@gmail.com>, BALATON Zoltan <balaton@eik.bme.hu>, Daniel Henrique Barboza <danielhb413@gmail.com>, David Gibson <david@gibson.dropbear.id.au>, Greg Kurz <groug@kaod.org>, Palmer Dabbelt <palmer@dabbelt.com>, Alistair Francis <alistair.francis@wdc.com>, Bin Meng <bin.meng@windriver.com>, Yoshinori Sato <ysato@users.sourceforge.jp>, David Hildenbrand <david@redhat.com>, Halil Pasic <pasic@linux.ibm.com>, Christian Borntraeger <borntraeger@linux.ibm.com>, Eric Farman <farman@linux.ibm.com>, Cornelia Huck <cohuck@redhat.com>, Thomas Huth <thuth@redhat.com>, Yanan Wang <wangyanan55@huawei.com>, Juan Quintela <quintela@redhat.com>, "Dr. David Alan Gilbert" <dgilbert@redhat.com>, Eric Blake <eblake@redhat.com>, Markus Armbruster <armbru@redhat.com>

There is a newer version of this series

hw/arm/aspeed.c              |  4 ++--
hw/arm/boot.c                |  2 ++
hw/arm/mps2-tz.c             |  4 ++--
hw/core/reset.c              | 15 ++++++++++++++-
hw/hppa/machine.c            |  4 ++--
hw/i386/microvm.c            |  4 ++--
hw/i386/pc.c                 |  6 +++---
hw/i386/x86.c                |  2 +-
hw/mips/boston.c             |  3 +++
hw/openrisc/boot.c           |  3 +++
hw/ppc/pegasos2.c            |  4 ++--
hw/ppc/pnv.c                 |  4 ++--
hw/ppc/spapr.c               |  4 ++--
hw/riscv/boot.c              |  3 +++
hw/rx/rx-gdbsim.c            |  3 +++
hw/s390x/s390-virtio-ccw.c   |  4 ++--
include/hw/boards.h          |  2 +-
include/sysemu/device_tree.h |  9 +++++++++
include/sysemu/reset.h       |  5 ++++-
migration/savevm.c           |  2 +-
qapi/run-state.json          |  4 +++-
softmmu/device_tree.c        | 21 +++++++++++++++++++++
softmmu/runstate.c           |  4 ++--
23 files changed, 89 insertions(+), 27 deletions(-)

Expand all Fold all

[PATCH v2 0/8] rerandomize RNG seeds on reboot and handle record&replay

Posted by Jason A. Donenfeld 3 years, 3 months ago

When the system reboots, the rng seed that QEMU passes should be
re-randomized, so that the new boot gets a new seed. This series wires
that up for FDT.

Then, since the record&replay subsystem makes use of reset as well, we
add a new reset cause for record&replay, so that we can avoid
re-randomizing in these cases.

Jason A. Donenfeld (8):
  device-tree: add re-randomization helper function
  arm: re-randomize rng-seed on reboot
  riscv: re-randomize rng-seed on reboot
  openrisc: re-randomize rng-seed on reboot
  rx: re-randomize rng-seed on reboot
  mips: re-randomize rng-seed on reboot
  reset: allow registering handlers that aren't called by snapshot
    loading
  reset: do not re-randomize RNG seed on snapshot load

 hw/arm/aspeed.c              |  4 ++--
 hw/arm/boot.c                |  2 ++
 hw/arm/mps2-tz.c             |  4 ++--
 hw/core/reset.c              | 15 ++++++++++++++-
 hw/hppa/machine.c            |  4 ++--
 hw/i386/microvm.c            |  4 ++--
 hw/i386/pc.c                 |  6 +++---
 hw/i386/x86.c                |  2 +-
 hw/mips/boston.c             |  3 +++
 hw/openrisc/boot.c           |  3 +++
 hw/ppc/pegasos2.c            |  4 ++--
 hw/ppc/pnv.c                 |  4 ++--
 hw/ppc/spapr.c               |  4 ++--
 hw/riscv/boot.c              |  3 +++
 hw/rx/rx-gdbsim.c            |  3 +++
 hw/s390x/s390-virtio-ccw.c   |  4 ++--
 include/hw/boards.h          |  2 +-
 include/sysemu/device_tree.h |  9 +++++++++
 include/sysemu/reset.h       |  5 ++++-
 migration/savevm.c           |  2 +-
 qapi/run-state.json          |  4 +++-
 softmmu/device_tree.c        | 21 +++++++++++++++++++++
 softmmu/runstate.c           |  4 ++--
 23 files changed, 89 insertions(+), 27 deletions(-)

-- 
2.37.3

Re: [PATCH v2 0/8] rerandomize RNG seeds on reboot and handle record&replay

Posted by Richard Henderson 3 years, 3 months ago

On 10/12/22 13:46, Jason A. Donenfeld wrote:
> When the system reboots, the rng seed that QEMU passes should be
> re-randomized, so that the new boot gets a new seed. This series wires
> that up for FDT.
> 
> Then, since the record&replay subsystem makes use of reset as well, we
> add a new reset cause for record&replay, so that we can avoid
> re-randomizing in these cases.
> 
> Jason A. Donenfeld (8):
>    device-tree: add re-randomization helper function
>    arm: re-randomize rng-seed on reboot
>    riscv: re-randomize rng-seed on reboot
>    openrisc: re-randomize rng-seed on reboot
>    rx: re-randomize rng-seed on reboot
>    mips: re-randomize rng-seed on reboot
>    reset: allow registering handlers that aren't called by snapshot
>      loading
>    reset: do not re-randomize RNG seed on snapshot load

You need to invert the patch order so that the series is bisectable.
At the moment you still introduce the reported bug, then fix it in the final patch.


r~

Re: [PATCH v2 0/8] rerandomize RNG seeds on reboot and handle record&replay

Posted by Jason A. Donenfeld 3 years, 3 months ago

On Fri, Oct 14, 2022 at 05:13:58AM +1100, Richard Henderson wrote:
> On 10/12/22 13:46, Jason A. Donenfeld wrote:
> > When the system reboots, the rng seed that QEMU passes should be
> > re-randomized, so that the new boot gets a new seed. This series wires
> > that up for FDT.
> > 
> > Then, since the record&replay subsystem makes use of reset as well, we
> > add a new reset cause for record&replay, so that we can avoid
> > re-randomizing in these cases.
> > 
> > Jason A. Donenfeld (8):
> >    device-tree: add re-randomization helper function
> >    arm: re-randomize rng-seed on reboot
> >    riscv: re-randomize rng-seed on reboot
> >    openrisc: re-randomize rng-seed on reboot
> >    rx: re-randomize rng-seed on reboot
> >    mips: re-randomize rng-seed on reboot
> >    reset: allow registering handlers that aren't called by snapshot
> >      loading
> >    reset: do not re-randomize RNG seed on snapshot load
> 
> You need to invert the patch order so that the series is bisectable.
> At the moment you still introduce the reported bug, then fix it in the final patch.

I was afraid of that. Okay, will do. v+1 coming your way.

Jason