From: Amit Shah <amit.shah@redhat.com>
To: Kees Cook <keescook@chromium.org>
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
LKML <linux-kernel@vger.kernel.org>,
"# 3.4.x" <stable@vger.kernel.org>,
Virtualization List <virtualization@lists.linux-foundation.org>,
Jason Cooper <jason@lakedaemon.net>
Subject: Re: [PATCH v2 2/2] virtio: rng: ensure reads happen after successful probe
Date: Mon, 7 Jul 2014 12:04:09 +0530 [thread overview]
Message-ID: <20140707063409.GD27024@grmbl.mre> (raw)
In-Reply-To: <CAGXu5jJ9-b-NycB4ESvVnVgiBXpeQvKAT_hDPoAzhWSpQQKreg@mail.gmail.com>
On (Sun) 06 Jul 2014 [23:09:49], Kees Cook wrote:
> On Sun, Jul 6, 2014 at 10:51 PM, Amit Shah <amit.shah@redhat.com> wrote:
> > On (Sun) 06 Jul 2014 [21:38:36], Kees Cook wrote:
> >> On Fri, Jul 4, 2014 at 10:34 PM, Amit Shah <amit.shah@redhat.com> wrote:
> >> > The hwrng core asks for random data in the hwrng_register() call itself
> >> > from commit d9e7972619. This doesn't play well with virtio -- the
> >> > DRIVER_OK bit is only set by virtio core on a successful probe, and
> >> > we're not yet out of our probe routine when this call is made. This
> >> > causes the host to not acknowledge any requests we put in the virtqueue,
> >> > and the insmod or kernel boot process just waits for data to arrive from
> >> > the host, which never happens.
> >>
> >> Doesn't this mean that virtio-rng won't ever contribute entropy to the system?
> >
> > The initial randomness? Yes. But it'll start contributing entropy as
> > soon as it's used as the current source.
>
> How does that happen? I don't see an init function defined for it?
I mean the regular usage; not the initial randomness patch that you
added.
Initial randomness from virtio-rng currently won't be sourced. That's
no different from the way things were before your patch; and I can't
think of a way to make that happen for now.
virtio's probe() has to finish before communication with the host can
start. If a virtio-rng device is the only hwrng in the system (very
likely in a guest), it's almost guaranteed that hwrng_init() won't be
called after hwrng_register() completes (as it would have already been
called and the virtio-rng device will have become the current_rng).
If the VM admin configured two virtio-rng sources, though, or
hotplugged one later, the early randomness will be obtained for the
second virtio-rng device. But this is a scenario I don't expect to
ever arise -- it's just a theoretical possibility.
Amit
WARNING: multiple messages have this Message-ID (diff)
From: Amit Shah <amit.shah@redhat.com>
To: Kees Cook <keescook@chromium.org>
Cc: LKML <linux-kernel@vger.kernel.org>,
Virtualization List <virtualization@lists.linux-foundation.org>,
Rusty Russell <rusty@rustcorp.com.au>,
Herbert Xu <herbert@gondor.apana.org.au>,
Jason Cooper <jason@lakedaemon.net>,
"# 3.4.x" <stable@vger.kernel.org>
Subject: Re: [PATCH v2 2/2] virtio: rng: ensure reads happen after successful probe
Date: Mon, 7 Jul 2014 12:04:09 +0530 [thread overview]
Message-ID: <20140707063409.GD27024@grmbl.mre> (raw)
In-Reply-To: <CAGXu5jJ9-b-NycB4ESvVnVgiBXpeQvKAT_hDPoAzhWSpQQKreg@mail.gmail.com>
On (Sun) 06 Jul 2014 [23:09:49], Kees Cook wrote:
> On Sun, Jul 6, 2014 at 10:51 PM, Amit Shah <amit.shah@redhat.com> wrote:
> > On (Sun) 06 Jul 2014 [21:38:36], Kees Cook wrote:
> >> On Fri, Jul 4, 2014 at 10:34 PM, Amit Shah <amit.shah@redhat.com> wrote:
> >> > The hwrng core asks for random data in the hwrng_register() call itself
> >> > from commit d9e7972619. This doesn't play well with virtio -- the
> >> > DRIVER_OK bit is only set by virtio core on a successful probe, and
> >> > we're not yet out of our probe routine when this call is made. This
> >> > causes the host to not acknowledge any requests we put in the virtqueue,
> >> > and the insmod or kernel boot process just waits for data to arrive from
> >> > the host, which never happens.
> >>
> >> Doesn't this mean that virtio-rng won't ever contribute entropy to the system?
> >
> > The initial randomness? Yes. But it'll start contributing entropy as
> > soon as it's used as the current source.
>
> How does that happen? I don't see an init function defined for it?
I mean the regular usage; not the initial randomness patch that you
added.
Initial randomness from virtio-rng currently won't be sourced. That's
no different from the way things were before your patch; and I can't
think of a way to make that happen for now.
virtio's probe() has to finish before communication with the host can
start. If a virtio-rng device is the only hwrng in the system (very
likely in a guest), it's almost guaranteed that hwrng_init() won't be
called after hwrng_register() completes (as it would have already been
called and the virtio-rng device will have become the current_rng).
If the VM admin configured two virtio-rng sources, though, or
hotplugged one later, the early randomness will be obtained for the
second virtio-rng device. But this is a scenario I don't expect to
ever arise -- it's just a theoretical possibility.
Amit
next prev parent reply other threads:[~2014-07-07 6:34 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-05 5:34 [PATCH v2 0/2] hwrng, virtio-rng: init-time fixes Amit Shah
2014-07-05 5:34 ` Amit Shah
2014-07-05 5:34 ` [PATCH v2 1/2] hwrng: fetch randomness only after device init Amit Shah
2014-07-05 5:34 ` Amit Shah
2014-07-07 4:41 ` Kees Cook
2014-07-07 5:53 ` Amit Shah
2014-07-07 5:53 ` Amit Shah
2014-07-07 6:04 ` Amit Shah
2014-07-07 6:04 ` Amit Shah
2014-07-07 6:39 ` Amit Shah
2014-07-07 6:39 ` Amit Shah
2014-07-07 4:41 ` Kees Cook
2014-07-09 11:53 ` Jason Cooper
2014-07-09 11:53 ` Jason Cooper
2014-07-09 13:08 ` Amit Shah
2014-07-09 13:08 ` Amit Shah
2014-07-09 13:17 ` Jason Cooper
2014-07-09 13:17 ` Jason Cooper
2014-07-09 13:25 ` Amit Shah
2014-07-09 13:25 ` Amit Shah
2014-07-09 16:07 ` [RFC PATCH] hwrng: sysfs entry rng_seed_kernel, was: "Re: [PATCH v2 1/2] hwrng: fetch randomness only after device init" Jason Cooper
2014-07-09 16:07 ` Jason Cooper
2014-07-11 13:26 ` Amit Shah
2014-07-11 13:26 ` Amit Shah
2014-07-11 15:44 ` Jason Cooper
2014-07-11 15:44 ` Jason Cooper
2014-07-14 21:50 ` Kees Cook
2014-07-14 21:50 ` Kees Cook
2014-07-05 5:34 ` [PATCH v2 2/2] virtio: rng: ensure reads happen after successful probe Amit Shah
2014-07-05 5:34 ` Amit Shah
2014-07-07 4:38 ` Kees Cook
2014-07-07 4:38 ` Kees Cook
2014-07-07 5:51 ` Amit Shah
2014-07-07 5:51 ` Amit Shah
2014-07-07 6:09 ` Kees Cook
2014-07-07 6:09 ` Kees Cook
2014-07-07 6:34 ` Amit Shah [this message]
2014-07-07 6:34 ` Amit Shah
2014-07-09 12:08 ` Jason Cooper
2014-07-09 12:08 ` Jason Cooper
2014-07-09 13:15 ` Amit Shah
2014-07-09 13:15 ` Amit Shah
2014-07-09 16:18 ` Jason Cooper
2014-07-09 16:18 ` Jason Cooper
2014-07-10 8:45 ` Herbert Xu
2014-07-10 8:45 ` Herbert Xu
2014-07-10 9:53 ` Amit Shah
2014-07-10 9:53 ` Amit Shah
2014-07-10 8:52 ` Amit Shah
2014-07-10 8:52 ` Amit Shah
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140707063409.GD27024@grmbl.mre \
--to=amit.shah@redhat.com \
--cc=herbert@gondor.apana.org.au \
--cc=jason@lakedaemon.net \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=virtualization@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.