virtio-dev message

Subject: Re: [virtio-dev] [PATCH RFC 3/3] rng: leak detection support

From: Babis Chalios <bchalios@amazon.es>
To: "Michael S. Tsirkin" <mst@redhat.com>
Date: Tue, 19 Sep 2023 09:32:08 +0200

Resending to fix e-mail formatting issues (sorry for the spam)

On 18/9/23 18:30, Babis Chalios wrote:

Yes, that's what the driver does now in the RFC patch. However,this just
decreases
the race window, it doesn't eliminate it. If a third leak eventhappens it
might not
find any buffers to use:

1. available buffers to queue 1-X
2. available buffers to queue X


3. poll queue X
4. used buffers in queue XÂÂÂÂÂÂ <- leak event 1 will use buffersin X
5. avail buffers in queue X
6. poll queue 1-XÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ <- leak event 2 will use buffersin 1-X
7. used buffers in queue 1-X
8. avail buffers in queue 1-X
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ <- leak event 3 (it needsbuffers in X, race with step 5)
9. goto 3
I don't get it. we added buffers in step 5.
What if the leak event 3 arrives before step 5 had time to actuallyadd the
buffers in X and make
them visible to the device?
Then it will see a single event in 1-X instead of two events.Â A leak is
a leak though, I don't see does it matter how many triggered.



So the scenario I have in mind is the following:

(Epoch here is terminology that I used in the Linux RFC. It is a valuemaintained by random.c

that changes every time a leak event happens).

1. add buffers to 1-X
2. add buffers to X
3. poll queue X
4. vcpu 0: get getrandom() entropy and cache epoch value
5. Device: First snapshot, uses buffers in X
6. vcpu 1: sees used buffers
7. Device: Second snapshot, uses buffers in 1-X
8. vcpu 0: getrandom() observes newÂ epoch value & caches it

9. Device: Third snapshot, no buffers in either queue, (vcpu 1 from step6 has not yet finished adding new buffers).

10. vcpu 1 adds new buffer in X
11. vcpu 0: getrandom() will not see new epoch and gets stale entropy.

In this succession of events, when the third snapshot will happen, thedevice won't findany buffers in either queue, so it won't increase the RNG epoch value.So, any entropygathered after step 8 will be the same across all snapshots. Am Imissing something?


Cheers,
Babis

Follow-Ups:
- Re: [virtio-dev] [PATCH RFC 3/3] rng: leak detection support
  - From: "Michael S. Tsirkin" <mst@redhat.com>

References:
- Re: [virtio-dev] [PATCH RFC 3/3] rng: leak detection support
  - From: "Michael S. Tsirkin" <mst@redhat.com>
- Re: [virtio-dev] [PATCH RFC 3/3] rng: leak detection support
  - From: Babis Chalios <bchalios@amazon.es>
- Re: [virtio-dev] [PATCH RFC 3/3] rng: leak detection support
  - From: "Michael S. Tsirkin" <mst@redhat.com>
- Re: [virtio-dev] [PATCH RFC 3/3] rng: leak detection support
  - From: Babis Chalios <bchalios@amazon.es>
- Re: [virtio-dev] [PATCH RFC 3/3] rng: leak detection support
  - From: "Michael S. Tsirkin" <mst@redhat.com>
- Re: [virtio-dev] [PATCH RFC 3/3] rng: leak detection support
  - From: Babis Chalios <bchalios@amazon.es>
- Re: [virtio-dev] [PATCH RFC 3/3] rng: leak detection support
  - From: "Michael S. Tsirkin" <mst@redhat.com>
- Re: [virtio-dev] [PATCH RFC 3/3] rng: leak detection support
  - From: Babis Chalios <bchalios@amazon.es>
- Re: [virtio-dev] [PATCH RFC 3/3] rng: leak detection support
  - From: "Michael S. Tsirkin" <mst@redhat.com>
- Re: [virtio-dev] [PATCH RFC 3/3] rng: leak detection support
  - From: Babis Chalios <bchalios@amazon.es>