From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:34208)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <amit.shah@redhat.com>) id 1SUieD-0001g5-RR
	for qemu-devel@nongnu.org; Wed, 16 May 2012 14:08:31 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <amit.shah@redhat.com>) id 1SUie7-0008Uo-Ea
	for qemu-devel@nongnu.org; Wed, 16 May 2012 14:08:29 -0400
Received: from mx1.redhat.com ([209.132.183.28]:58889)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <amit.shah@redhat.com>) id 1SUie7-0008UG-71
	for qemu-devel@nongnu.org; Wed, 16 May 2012 14:08:23 -0400
Date: Wed, 16 May 2012 22:51:43 +0530
From: Amit Shah <amit.shah@redhat.com>
Message-ID: <20120516172143.GA16342@amit.redhat.com>
References: <aa4c6913ca2bc37e049f04f498c6414a4ec544bd.1337167727.git.amit.shah@redhat.com>
	<4FB3AA86.3080507@codemonkey.ws>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4FB3AA86.3080507@codemonkey.ws>
Subject: Re: [Qemu-devel] [PATCH 1/1] virtio-rng: device to send host
 entropy to guest
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Anthony Liguori <anthony@codemonkey.ws>
Cc: qemu list <qemu-devel@nongnu.org>

On (Wed) 16 May 2012 [08:24:22], Anthony Liguori wrote:
> On 05/16/2012 06:30 AM, Amit Shah wrote:
> >The Linux kernel already has a virtio-rng driver, this is the device
> >implementation.
> >
> >When Linux needs more entropy, it puts a buffer in the vq.  We then put
> >entropy into that buffer, and push it back to the guest.
> >
> >Feeding randomness from host's /dev/urandom into the guest is
> >sufficient, so this is a simple implementation that opens /dev/urandom
> >and reads from it whenever required.
> >
> >Invocation is simple:
> >
> >   qemu ... -device virtio-rng-pci
> >
> >In the guest, we see
> >
> >   $ cat /sys/devices/virtual/misc/hw_random/rng_available
> >   virtio
> >
> >   $ cat /sys/devices/virtual/misc/hw_random/rng_current
> >   virtio
> >
> >There are ways to extend the device to be more generic and collect
> >entropy from other sources, but this is simple enough and works for now.
> >
> >Signed-off-by: Amit Shah<amit.shah@redhat.com>
> 
> It's not this simple unfortunately.
> 
> If you did this with libvirt, one guest could exhaust the available
> entropy for the remaining guests.  This could be used as a mechanism
> for one guest to attack another (reducing the available entropy for
> key generation).
> 
> You need to rate limit the amount of entropy that a guest can obtain
> to allow management tools to mitigate this attack.

Hm, rate-limiting is a good point.  However, we're using /dev/urandom
here, which is nonblocking, and will keep on providing data as long as
we keep reading.

		Amit