From: Jamie Lokier <jamie@shareable.org>
To: Ian Molton <ian.molton@collabora.co.uk>
Cc: Gerd Hoffmann <kraxel@redhat.com>,
Paul Brook <paul@codesourcery.com>,
qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH 2/2] VirtIO RNG
Date: Tue, 20 Apr 2010 21:56:54 +0100 [thread overview]
Message-ID: <20100420205654.GI11723@shareable.org> (raw)
In-Reply-To: <4BCE061B.2030506@collabora.co.uk>
Ian Molton wrote:
> Jamie Lokier wrote:
>
> Hi :-)
>
> > Ian Molton wrote:
> >> One last and quite important point - where should the EGD protocol
> >> implementation go? really it needs to work as kind-of a line discipline,
> >> but AFAICT thats not supported? it would be a mistake to put rate
> >> limiting in the chardev layer and leave the EGD protocol implementation
> >> in the driver.
> >
> > What do the other hypervisors supporting virtio-rng do?
>
> Um. support it? Im not sure what you mean there.
Do the other hypervisors do anything special to support EGD, or is it
just treated as another kind of serial port connected to /dev/urandom
(or whatever) on the host?
> > Personally I'm failing to see why EGD support is needed in Qemu, as
> > none of the crypto services on my Linux machines seem to need it so
> > why should Qemu be special, but I acknowledge there might be some
> > obscure reason.
>
> I know seevral people who use egd based hardware on their hosts who want
> virtio-rng support in their guests
That's a fine reason.
> - it avoids having to route the data
> via TCP or other long winded paths that are trivially vulverable to
> attack both on the host and from the guests userspace. The hwrng core is
> inherently very simple.
Wouldn't it be trivial to run egd on the guest, talking over the
recent virtio-serial driver to egd on the host?
> > Would it be much work to change the guest to use virtio-serial
> > instead? Would it fit the problem or does virtio-rng need more
> > metadata than just a bytestream?
>
> If anything virtio-rng uses *less* info than the virtio-serial driver
> (it has one stream, in one direction, only).
>
> But the kernel already has a virtio-rng driver and it already works in a
> particular way, which is already implemented in other hypervisors. I
> didn't write the kernel driver, it is pre-existing. I suppose we could
> ask the kernel devs if they'd like another virtio-based rng driver in
> addition to the one already in use? but that seems perverse.
I agree with you on that.
> Why even bother with virtio at all if you're going to abstract
> everything away behind a serial port? we could just modify all the guest
> kernel virtio-block drivers to serialise all their metadata, then we
> could use serial ports for that too!
No, the point is virtio-rng *is* already a byte stream. It's already
a perfect match for a serial port, unless there's something you're not
saying about it. Does it need tell the host how much entropy it
needs, or does it just trickle through, stealing host entropy when it
doesn't need it, and stalling the guest when the trickle isn't enough?
If it's dumb enough to just trickle the entropy through, that would
seem a very good match to virtio-serial - apart from the guests which
already expect virtio-rng support.
-- Jamie
next prev parent reply other threads:[~2010-04-20 20:57 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-03-30 14:05 [Qemu-devel] [PATCH 0/2] VirtIO RNG Ian Molton
2010-03-30 14:12 ` [Qemu-devel] [PATCH 1/2] " Ian Molton
2010-03-30 14:13 ` [Qemu-devel] [PATCH 2/2] " Ian Molton
2010-04-01 12:17 ` Paul Brook
2010-04-01 12:30 ` Jamie Lokier
2010-04-01 14:03 ` Paul Brook
2010-04-02 10:13 ` Ian Molton
2010-04-03 15:06 ` Paul Brook
2010-04-13 14:41 ` Ian Molton
2010-04-13 15:01 ` Paul Brook
2010-04-13 15:32 ` Paul Brook
2010-04-20 15:15 ` Ian Molton
2010-04-20 16:13 ` Jamie Lokier
2010-04-20 19:52 ` Ian Molton
2010-04-20 20:11 ` Blue Swirl
2010-04-20 20:56 ` Jamie Lokier [this message]
2010-04-20 21:31 ` Ian Molton
2010-04-20 21:55 ` Jamie Lokier
2010-04-21 7:43 ` Gerd Hoffmann
2010-04-21 9:40 ` Jamie Lokier
2010-04-21 12:34 ` Ian Molton
2010-04-21 13:55 ` Gerd Hoffmann
2010-04-22 19:06 ` Ian Molton
2010-04-22 21:05 ` Jamie Lokier
2010-04-23 10:17 ` Ian Molton
2010-04-24 1:37 ` Jamie Lokier
2010-04-24 8:58 ` Ian Molton
2010-04-23 8:27 ` Gerd Hoffmann
2010-04-23 9:28 ` Ian Molton
2010-04-23 14:07 ` Gerd Hoffmann
2010-04-23 15:49 ` Ian Molton
2010-04-23 17:32 ` Jamie Lokier
2010-04-24 9:16 ` Ian Molton
2010-04-02 10:15 ` Ian Molton
2010-04-02 10:07 ` Ian Molton
2010-05-03 17:56 ` Anthony Liguori
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100420205654.GI11723@shareable.org \
--to=jamie@shareable.org \
--cc=ian.molton@collabora.co.uk \
--cc=kraxel@redhat.com \
--cc=paul@codesourcery.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).