From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:58020)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <berrange@redhat.com>) id 1SYvP0-0001Hb-7H
	for qemu-devel@nongnu.org; Mon, 28 May 2012 04:34:16 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <berrange@redhat.com>) id 1SYvOt-00063z-Ol
	for qemu-devel@nongnu.org; Mon, 28 May 2012 04:34:09 -0400
Received: from mx1.redhat.com ([209.132.183.28]:27936)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <berrange@redhat.com>) id 1SYvOt-00063c-G3
	for qemu-devel@nongnu.org; Mon, 28 May 2012 04:34:03 -0400
Date: Mon, 28 May 2012 09:33:57 +0100
From: "Daniel P. Berrange" <berrange@redhat.com>
Message-ID: <20120528083357.GB19909@redhat.com>
References: <cover.1337972540.git.amit.shah@redhat.com>
	<e04e5a79dc6c5143c53aba66cf226c97c8300343.1337972540.git.amit.shah@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <e04e5a79dc6c5143c53aba66cf226c97c8300343.1337972540.git.amit.shah@redhat.com>
Subject: Re: [Qemu-devel] [PATCH v2 1/1] virtio-rng: hardware random number
 generator device
Reply-To: "Daniel P. Berrange" <berrange@redhat.com>
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Amit Shah <amit.shah@redhat.com>
Cc: qemu list <qemu-devel@nongnu.org>, Anthony Liguori <anthony@codemonkey.ws>

On Sat, May 26, 2012 at 01:02:49AM +0530, Amit Shah wrote:
> The Linux kernel already has a virtio-rng driver, this is the device
> implementation.
> 
> When the guest asks for entropy from the virtio hwrng, it puts a buffer
> in the vq.  We then put entropy into that buffer, and push it back to
> the guest.
> 
> The chardev connected to this device is fed the data to be sent to the
> guest.
> 
> Invocation is simple:
> 
>   $ qemu ... -device virtio-rng-pci,chardev=foo
> 
> In the guest, we see
> 
>   $ cat /sys/devices/virtual/misc/hw_random/rng_available
>   virtio
> 
>   $ cat /sys/devices/virtual/misc/hw_random/rng_current
>   virtio
> 
>   # cat /dev/hwrng
> 
> Simply feeding /dev/urandom from the host to the chardev is sufficient:
> 
>   $ qemu ... -chardev socket,path=/tmp/foo,server,nowait,id=foo \
>              -device virtio-rng,chardev=foo
> 
>   $ nc -U /tmp/foo < /dev/urandom

ACK to this ARGV design from a libvirt POV.

> A QMP event is sent for interested apps to monitor activity and send the
> appropriate number of bytes that get asked by the guest:
> 
>   {"timestamp": {"seconds": 1337966878, "microseconds": 517009}, \
>    "event": "ENTROPY_NEEDED", "data": {"bytes": 64}}

IIUC, there are three ways mgmt apps can use the RNG with the
chardev

 - Wire it up to a source that just blindly provides all the
   entropy QEMU desires (as you /dev/urandom example above)

 - Feed in a fixed amount of entropy every minute, regardless
   of how much QEMU desires

 - Feed in entropy on demand, in response to the ENTROPY_NEEDED
   event notification (possibly throttling)

These options sounds like they should cover all reasonable needs,
so gets my vote. Probably want to include the ENTROPY_NEEDED
event in my patch which adds rate limiting to guest initiated
events.

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|