On 21/07/14 14:42, Justin Cormack wrote: > On Mon, Jul 21, 2014 at 2:29 PM, Antti Kantee <[email protected]> wrote: >> One more thing to take into consideration in revamping the hypercall is >> that not necessary all platforms can deliver random numbers to guests >> (e.g. Xen), except by collecting some random events and mixing and >> mashing. For those platforms, we should just signal that getrandom() >> never returns anything, and use the in-rump-kernel rnd_add_foo() to seed >> the pool. That way we don't need to implement the tricky entropy >> collection in the hypercall layer. > > Agreed, it should return an error code rather than always returning no bytes.
Ok, so an error code signals a permanent problem, and transient problems will return 0 and 0 bytes. Then, in bootstrap, the rump kernel can try to fetch some small amount of randomness and iff returning zero, init the hyperentropy driver. Maybe the hypercall should also have some mechanism for telling the kernel that new randomness is now available .... getting complicated. > I don't really know why Xen does not have a host-provided random > driver; KVM for example does. Need to ask the Xen lists about that. > It might be helpful to document which parts need randomness, eg I > imagine many filesystems do not. Such documents are perpetually out-of-date, and in the particular case of randomness the effects can be problematic. >> Note, lack of platform randomness can be problematic especially on >> short-lived guests, but not sure how we can produce something we don't have. > > RDRAND support in NetBSD would help for amd64 for hardware that supports it. What support does it need? Isn't it just one instruction? Yea, it might make things a bit better, although as I understand it, it's untrustworthy randomness. ------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds _______________________________________________ rumpkernel-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rumpkernel-users
