From: Paolo Bonzini <pbonzini@redhat.com>
To: "H. Peter Anvin" <hpa@zytor.com>
Cc: Amit Shah <amit.shah@redhat.com>,
Anthony Liguori <aliguori@us.ibm.com>,
Andreas Faerber <afaerber@suse.de>,
qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH 0/6] add paravirtualization hwrng support
Date: Fri, 26 Oct 2012 20:58:46 +0200 [thread overview]
Message-ID: <508ADD66.5040909@redhat.com> (raw)
In-Reply-To: <508AB5C0.2000304@zytor.com>
Il 26/10/2012 18:09, H. Peter Anvin ha scritto:
> a) it means that the guest *has* to run rngd or a similar engine; if you
> have control over the guests it might be more efficient to run rngd in
> skip-test mode (I don't think that is currently implemented but it
> could/should be) and centralize all testing to the host.
>
> A skip-test mode would also allow rngd to forward-feed shorter blocks
> than 2500 bytes.
That would be something we can communicate via virtio-rng-pci feature
bits. Perhaps /dev/hwrng could also expose a need-whitening property in
sysfs.
> b) if the host has no physical hwrng, /dev/hwrng will output nothing at
> all, which is worse than /dev/random in that situation.
Not really, it would just mean that the guest takes more time to gather
entropy, just like if you had no virtio-rng-pci at all.
> If you have rdrand you might just use it in the guest directly, unless
> you have a strong reason (migration?) not to do that. Either way, for
> rdrand you need whitening similar to what rngd is doing (for *rdseed*
> you do not, but rdseed is not shipping yet.)
Yes, migration is a good reason.
> The startup issue is an interesting problem. If you have full control
> over the guest it might be best to simply inject some entropy into the
> guest on startup via the initramfs or a disk image; that has its own
> awkwardness too, of course. The one bit that could potentially be
> solved in Qemu would be an option to "don't start the guest until X
> bytes of entropy have been gathered."
>
> Overall, I want to emphasize that we don't want to try solve generic
> problems in virtualization space... resource constraints on /dev/random
> is a generic host OS issue for example.
Yes, but the agreed solution right now is that programs should not ask
for more than 32 bytes or so from /dev/random. Which means /dev/random
is not a suitable backend for virtio-rng-pci as things stand now.
Paolo
next prev parent reply other threads:[~2012-10-26 18:58 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-10-26 14:43 [Qemu-devel] [PATCH 0/6] add paravirtualization hwrng support Anthony Liguori
2012-10-26 14:43 ` [Qemu-devel] [PATCH 1/6] vl: add -object option to create QOM objects from the command line Anthony Liguori
2012-10-26 14:43 ` [Qemu-devel] [PATCH 2/6] object: add object_property_add_bool (v2) Anthony Liguori
2012-10-26 14:43 ` [Qemu-devel] [PATCH 3/6] rng: add RndBackend abstract object class Anthony Liguori
2012-10-26 14:43 ` [Qemu-devel] [PATCH 4/6] rng-random: add an RNG backend that uses /dev/random Anthony Liguori
2012-10-26 14:43 ` [Qemu-devel] [PATCH 5/6] rng-egd: introduce EGD compliant RNG backend Anthony Liguori
2012-10-26 14:43 ` [Qemu-devel] [PATCH 6/6] virtio-rng: hardware random number generator device Anthony Liguori
2012-10-26 15:08 ` [Qemu-devel] [PATCH 0/6] add paravirtualization hwrng support Paolo Bonzini
2012-10-26 15:42 ` Anthony Liguori
2012-10-26 16:09 ` H. Peter Anvin
2012-10-26 18:24 ` Anthony Liguori
2012-10-26 18:26 ` H. Peter Anvin
2012-10-29 6:23 ` Amit Shah
2012-10-30 4:32 ` H. Peter Anvin
2012-10-26 18:58 ` Paolo Bonzini [this message]
2012-10-26 19:07 ` H. Peter Anvin
2012-10-26 19:51 ` Paolo Bonzini
2012-10-26 19:54 ` H. Peter Anvin
2012-10-26 20:29 ` H. Peter Anvin
2012-10-29 8:45 ` Paolo Bonzini
2012-10-30 4:34 ` H. Peter Anvin
2012-10-30 4:43 ` H. Peter Anvin
2012-10-30 9:05 ` Paolo Bonzini
2012-10-30 21:11 ` H. Peter Anvin
2012-10-31 7:29 ` Paolo Bonzini
2012-10-31 14:15 ` H. Peter Anvin
2012-10-31 14:27 ` Paolo Bonzini
2012-10-26 18:53 ` Paolo Bonzini
2012-10-29 7:01 ` Amit Shah
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=508ADD66.5040909@redhat.com \
--to=pbonzini@redhat.com \
--cc=afaerber@suse.de \
--cc=aliguori@us.ibm.com \
--cc=amit.shah@redhat.com \
--cc=hpa@zytor.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).