From: Jamie Lokier <jamie@shareable.org>
To: Ian Molton <ian.molton@collabora.co.uk>
Cc: qemu-devel@nongnu.org, Gerd Hoffmann <kraxel@redhat.com>,
Paul Brook <paul@codesourcery.com>
Subject: Re: [Qemu-devel] [PATCH 2/2] VirtIO RNG
Date: Thu, 22 Apr 2010 22:05:42 +0100 [thread overview]
Message-ID: <20100422210542.GB13951@shareable.org> (raw)
In-Reply-To: <4BD09E3F.7070605@collabora.co.uk>
Ian Molton wrote:
> > It might make sense to have the reconnect logic in the egd chardev
> > backend then, thereby obsoleting the socket reconnect patch.
>
> Im not sure I agree there... surely there are other things which would
> benefit from generic socket reconnection support (virtio-rng cant be the
> only driver that might want to rely on a reliable source of data via a
> socket in a server-farm type situation?)
First of all: Why are your egd daemons with open connections dying
anyway? Buggy egd?
Secondly: why isn't egd death an event reported over QMP, with a
monitor command to reconnect manually?
If guests need a _reliable_ source of data for security, silently not
complaining when it's gone away and hoping it comes back isn't good
enough. It should be an error condition known to management, which
can halt the guest until egd is fixed or restarts if running without
entropy isn't acceptable in its policy.
Thirdly, which other things do you think would use it?
Maybe some virtio-serial apps would like it.
But then it would need to sync with the guest on reconnection, so that
the guest can restart whatever protocol it's using over the byte
stream.
In which case, it's better to tell the guest that the connection died,
and give the guest a way to request a new one when it's ready.
Reconnecting and resuming in the middle of the byte stram would be bad
(even for egd protocol?). Pure /dev/urandom fetching is quite unusual in not
caring about this, but you shouldn't need to reconnect to that.
> Do we really want to re-implement reconnection (and reconnection retry
> anti-flood limiting) in every single backend?
I don't think it'll happen. I think egd is a rather unusual
If another backend ever needs it, it's easy to move code around.
I'm not convinced there's a need for it even for egd. Either egd
shouldn't be killing open connections (and is buggy if it is), or this
is normal egd behavior and so it's part of the egd protocol to
repeatedly reconnect, and therefore can go in the egd client code.
Meanwhile, because the egd might not return, it should be reported as
an error condition over QMP for management to do what it deems
appropriate. In which case, management could tell it to reconnect
when it thinks is a good time, or do other things like switch the
randomness source to something else, or stop the guest, or warn the
admin that a guest is running without entropy.
-- Jamie
next prev parent reply other threads:[~2010-04-22 21:05 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-03-30 14:05 [Qemu-devel] [PATCH 0/2] VirtIO RNG Ian Molton
2010-03-30 14:12 ` [Qemu-devel] [PATCH 1/2] " Ian Molton
2010-03-30 14:13 ` [Qemu-devel] [PATCH 2/2] " Ian Molton
2010-04-01 12:17 ` Paul Brook
2010-04-01 12:30 ` Jamie Lokier
2010-04-01 14:03 ` Paul Brook
2010-04-02 10:13 ` Ian Molton
2010-04-03 15:06 ` Paul Brook
2010-04-13 14:41 ` Ian Molton
2010-04-13 15:01 ` Paul Brook
2010-04-13 15:32 ` Paul Brook
2010-04-20 15:15 ` Ian Molton
2010-04-20 16:13 ` Jamie Lokier
2010-04-20 19:52 ` Ian Molton
2010-04-20 20:11 ` Blue Swirl
2010-04-20 20:56 ` Jamie Lokier
2010-04-20 21:31 ` Ian Molton
2010-04-20 21:55 ` Jamie Lokier
2010-04-21 7:43 ` Gerd Hoffmann
2010-04-21 9:40 ` Jamie Lokier
2010-04-21 12:34 ` Ian Molton
2010-04-21 13:55 ` Gerd Hoffmann
2010-04-22 19:06 ` Ian Molton
2010-04-22 21:05 ` Jamie Lokier [this message]
2010-04-23 10:17 ` Ian Molton
2010-04-24 1:37 ` Jamie Lokier
2010-04-24 8:58 ` Ian Molton
2010-04-23 8:27 ` Gerd Hoffmann
2010-04-23 9:28 ` Ian Molton
2010-04-23 14:07 ` Gerd Hoffmann
2010-04-23 15:49 ` Ian Molton
2010-04-23 17:32 ` Jamie Lokier
2010-04-24 9:16 ` Ian Molton
2010-04-02 10:15 ` Ian Molton
2010-04-02 10:07 ` Ian Molton
2010-05-03 17:56 ` Anthony Liguori
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100422210542.GB13951@shareable.org \
--to=jamie@shareable.org \
--cc=ian.molton@collabora.co.uk \
--cc=kraxel@redhat.com \
--cc=paul@codesourcery.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).