Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

kvm tools: use /dev/random in virtio-rng

hpa explained it way better than I ever could:

  On 11/15/2012 04:13 PM, H. Peter Anvin wrote:
  >> In tools/kvm, you are currently using /dev/urandom as a source for
  >> virtio-rng.  virtio-rng is expected to provide entropic content, as
  >> the PRNG side of the force can be run in the guest itself.

  On 11/15/2012 01:49 PM, Sasha Levin wrote:
  > I was under the impression that by supplying /dev/urandom from the
  > host, which is *outside* the guest, this is equivalent to completely
  > random data for the guest since the guest cannot possibly calculate
  > the random data by observing it's own actions.
  >
  > I guess I was wrong on that? If so I'll fix it as you've suggested.

  It is unpredictable, but not entropic.  Those are different things.
  Consider a PRNG built by AES-encrypting a counter with a random key
  (the seed).  If it is properly randomly seeded, the first 16 bytes
  would be entropic.  However, the second 16 bytes would be completely
  determined by the first ones and thus add no entropy, even though to
  be able to predict them you would have to invert AES via a
  known-plaintext attack.

  That is why they are different metrics.

  We already have a PRNG in guest space, so there is no reason to burn
  more CPU time running one in host space to fake-seed the one in guest
  space.

Suggested-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: Pekka Enberg <penberg@kernel.org>
  • Loading branch information...
commit 10ed0ae7373128917f704804f861d4c4cec25f25 1 parent a6d404d
Sasha Levin authored November 16, 2012 penberg committed November 16, 2012

Showing 1 changed file with 4 additions and 2 deletions. Show diff stats Hide diff stats

  1. 6  tools/kvm/virtio/rng.c
6  tools/kvm/virtio/rng.c
@@ -61,11 +61,13 @@ static void set_guest_features(struct kvm *kvm, void *dev, u32 features)
61 61
 static bool virtio_rng_do_io_request(struct kvm *kvm, struct rng_dev *rdev, struct virt_queue *queue)
62 62
 {
63 63
 	struct iovec iov[VIRTIO_RNG_QUEUE_SIZE];
64  
-	unsigned int len = 0;
  64
+	ssize_t len = 0;
65 65
 	u16 out, in, head;
66 66
 
67 67
 	head	= virt_queue__get_iov(queue, iov, &out, &in, kvm);
68 68
 	len	= readv(rdev->fd, iov, in);
  69
+	if (len < 0 && errno == EAGAIN)
  70
+		len = 0;
69 71
 
70 72
 	virt_queue__set_used_elem(queue, head, len);
71 73
 
@@ -161,7 +163,7 @@ int virtio_rng__init(struct kvm *kvm)
161 163
 	if (rdev == NULL)
162 164
 		return -ENOMEM;
163 165
 
164  
-	rdev->fd = open("/dev/urandom", O_RDONLY);
  166
+	rdev->fd = open("/dev/random", O_RDONLY | O_NONBLOCK);
165 167
 	if (rdev->fd < 0) {
166 168
 		r = rdev->fd;
167 169
 		goto cleanup;

0 notes on commit 10ed0ae

Please sign in to comment.
Something went wrong with that request. Please try again.