From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:52339)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <stefanb@linux.vnet.ibm.com>) id 1UBWKk-00036G-VU
	for qemu-devel@nongnu.org; Fri, 01 Mar 2013 15:13:39 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <stefanb@linux.vnet.ibm.com>) id 1UBWKj-0008Nl-Je
	for qemu-devel@nongnu.org; Fri, 01 Mar 2013 15:13:34 -0500
Received: from e39.co.us.ibm.com ([32.97.110.160]:35617)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <stefanb@linux.vnet.ibm.com>) id 1UBWKj-0008Na-Da
	for qemu-devel@nongnu.org; Fri, 01 Mar 2013 15:13:33 -0500
Received: from /spool/local
	by e39.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only!
	Violators will be prosecuted
	for <qemu-devel@nongnu.org> from <stefanb@linux.vnet.ibm.com>;
	Fri, 1 Mar 2013 13:13:31 -0700
Received: from d01relay02.pok.ibm.com (d01relay02.pok.ibm.com [9.56.227.234])
	by d01dlp02.pok.ibm.com (Postfix) with ESMTP id A75726E803F
	for <qemu-devel@nongnu.org>; Fri,  1 Mar 2013 15:13:25 -0500 (EST)
Received: from d01av01.pok.ibm.com (d01av01.pok.ibm.com [9.56.224.215])
	by d01relay02.pok.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id
	r21KDR3w291650
	for <qemu-devel@nongnu.org>; Fri, 1 Mar 2013 15:13:27 -0500
Received: from d01av01.pok.ibm.com (loopback [127.0.0.1])
	by d01av01.pok.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id
	r21KDR4q020343
	for <qemu-devel@nongnu.org>; Fri, 1 Mar 2013 15:13:27 -0500
Message-ID: <51310BD6.20708@linux.vnet.ibm.com>
Date: Fri, 01 Mar 2013 15:13:10 -0500
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
MIME-Version: 1.0
References: <512FF819.7050505@redhat.com> <51310365.8040102@zytor.com>
In-Reply-To: <51310365.8040102@zytor.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] virtio-rng and fd passing
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: "H. Peter Anvin" <hpa@zytor.com>
Cc: "qemu-devel@nongnu.org" <qemu-devel@nongnu.org>

On 03/01/2013 02:37 PM, H. Peter Anvin wrote:
> On 02/28/2013 04:36 PM, Eric Blake wrote:
>> Stefan Berger and I discovered on IRC that virtio-rng is unable to
>> support fd passing.  We attempted:
>>
>> qemu-system-x86_64 ... -add-fd
>> set=4,fd=34,opaque=RDONLY:/dev/urandom
>                              ^^^^^^^^^^^^
>> -object rng-random,id=rng0,filename=/dev/fdset/4 -device
>> virtio-rng-pci,rng=rng0,bus=pci.0,addr=0x6
>>
> Unrelated, but you really, really, really don't want to pass
> /dev/urandom there, use /dev/random.

 From what I am reading about /dev/random is that it will start blocking 
once not enough entropy is available anymore. Sounds like this could be 
abused if multiple VMs were using this device and one drains the 
entropy.. An alternative may be to pick go through a crypto library that 
seeds itself with entropy and implements random number generators 
following NIST 800-90 for example. Freebl would offer at least one such 
implementation:

http://dxr.mozilla.org/mozilla-central/security/nss/lib/freebl/drbg.c.html 
-   search for 'NIST' there

     Stefan