On Thu, Jun 28, 2018 at 02:15:14PM +0200, Markus Armbruster wrote:
> Kashyap Chamarthy <kcham...@redhat.com> writes:
[...]
> There's also getrandom(2).
>
> See random(7) for a comparison between getrandom(), /dev/urandom,
> /dev/random.
>
> As you wrote, Linux's /dev/random blocks when the kernel entropy pool
> has been depleted, while /dev/urandom doesn't. There are systems where
> both devices behave exactly the same, or only /dev/random exists.
> Trying /dev/urandom first, and /dev/random as fallback is simple and
> works okay across a wide range of hosts. That said, getrandom(2) or
> getentropy(3) are even nicer when available.
>
> I can see two uses of /dev/random in QEMU outside tests:
>
> * crypto/random-platform.c
>
> int qcrypto_random_init(Error **errp)
> {
> #ifndef _WIN32
> /* TBD perhaps also add support for BSD getentropy / Linux
> * getrandom syscalls directly */
> fd = open("/dev/urandom", O_RDONLY);
> if (fd == -1 && errno == ENOENT) {
> fd = open("/dev/random", O_RDONLY);
> }
>
> if (fd < 0) {
> error_setg(errp, "No /dev/urandom or /dev/random found");
> return -1;
> }
> #else
> [...]
> #endif
>
> return 0;
> }
>
> Looks good to me. Resolving the TBD would be nice.
>
> * backends/rng-random.c
>
> static void rng_random_init(Object *obj)
> {
> RngRandom *s = RNG_RANDOM(obj);
>
> object_property_add_str(obj, "filename",
> rng_random_get_filename,
> rng_random_set_filename,
> NULL);
>
> s->filename = g_strdup("/dev/random");
> s->fd = -1;
> }
>
> This is TYPE_RNG_RANDOM's instance_init() method. Doesn't look so
> good, but it's "only" a default.
>
> What TYPE_RNG_RANDOM's intended use? The manual suggests "backend
> for virtio-rng":
>
> @item -object rng-random,id=@var{id},filename=@var{/dev/random}
>
> Creates a random number generator backend which obtains entropy from
> a device on the host. The @option{id} parameter is a unique ID that
> will be used to reference this entropy backend from the
> @option{virtio-rng}
> device. The @option{filename} parameter specifies which file to obtain
> entropy from and if omitted defaults to @option{/dev/random}.
>
> Regardless of other considerations, duplicating something as hairy as
> getting high-quality random numbers from the host in a portable manner
> is a Bad Idea.
I see, thanks for the detailed responses, both. This is not really a
high-priority item for management layers for now. For now, (OpenStack)
Nova overrides the QEMU default.
--
/kashyap
