From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:41977)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <aliguori@us.ibm.com>) id 1TRqL1-0006Ja-RA
	for qemu-devel@nongnu.org; Fri, 26 Oct 2012 16:17:05 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <aliguori@us.ibm.com>) id 1TRqL0-0006Xf-Lq
	for qemu-devel@nongnu.org; Fri, 26 Oct 2012 16:17:03 -0400
Received: from e28smtp09.in.ibm.com ([122.248.162.9]:58123)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <aliguori@us.ibm.com>) id 1TRqL0-0006XS-0a
	for qemu-devel@nongnu.org; Fri, 26 Oct 2012 16:17:02 -0400
Received: from /spool/local
	by e28smtp09.in.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use
	Only! Violators will be prosecuted
	for <qemu-devel@nongnu.org> from <aliguori@us.ibm.com>;
	Sat, 27 Oct 2012 01:46:56 +0530
Received: from d28av04.in.ibm.com (d28av04.in.ibm.com [9.184.220.66])
	by d28relay05.in.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id
	q9QKGrIr15532252
	for <qemu-devel@nongnu.org>; Sat, 27 Oct 2012 01:46:54 +0530
Received: from d28av04.in.ibm.com (loopback [127.0.0.1])
	by d28av04.in.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id
	q9R1kiAd029737
	for <qemu-devel@nongnu.org>; Sat, 27 Oct 2012 12:46:44 +1100
From: Anthony Liguori <aliguori@us.ibm.com>
In-Reply-To: <508AEA4E.5080202@redhat.com>
References: <1351272088-7942-1-git-send-email-aliguori@us.ibm.com>
	<1351272088-7942-3-git-send-email-aliguori@us.ibm.com>
	<508ADDAA.7070205@redhat.com> <508AEA4E.5080202@redhat.com>
Date: Fri, 26 Oct 2012 15:16:45 -0500
Message-ID: <87d305ng42.fsf@codemonkey.ws>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Subject: Re: [Qemu-devel] [PATCH 2/4] virtio-rng-pci: create a default
	backend if none exists
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: Amit Shah <amit.shah@redhat.com>, qemu-devel@nongnu.org, Andreas Faerber <afaerber@suse.de>

Paolo Bonzini <pbonzini@redhat.com> writes:

> Il 26/10/2012 20:59, Paolo Bonzini ha scritto:
>> Il 26/10/2012 19:21, Anthony Liguori ha scritto:
>>> This allows you to specify:
>>>
>>>   $ qemu -device virtio-rng-pci
>>>
>>> And things will Just Work with a reasonable default.
>>>
>>> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
>>> ---
>>>  hw/virtio-pci.c | 13 +++++++++++++
>>>  hw/virtio-rng.h |  2 ++
>>>  2 files changed, 15 insertions(+)
>>>
>>> diff --git a/hw/virtio-pci.c b/hw/virtio-pci.c
>>> index 0dc2a06..cfdb779 100644
>>> --- a/hw/virtio-pci.c
>>> +++ b/hw/virtio-pci.c
>>> @@ -885,6 +885,19 @@ static int virtio_rng_init_pci(PCIDevice *pci_dev)
>>>      VirtIOPCIProxy *proxy = DO_UPCAST(VirtIOPCIProxy, pci_dev, pci_dev);
>>>      VirtIODevice *vdev;
>>>  
>>> +    if (proxy->rng.rng == NULL) {
>>> +        proxy->rng.default_backend = RNG_RANDOM(object_new(TYPE_RNG_RANDOM));
>>> +
>>> +        object_property_add_child(OBJECT(pci_dev),
>>> +                                  "default-backend",
>>> +                                  OBJECT(proxy->rng.default_backend),
>>> +                                  NULL);
>>> +
>>> +        object_property_set_link(OBJECT(pci_dev),
>>> +                                 OBJECT(proxy->rng.default_backend),
>>> +                                 "rng", NULL);
>>> +    }
>>> +
>>>      vdev = virtio_rng_init(&pci_dev->qdev, &proxy->rng);
>>>      if (!vdev) {
>>>          return -1;
>>> diff --git a/hw/virtio-rng.h b/hw/virtio-rng.h
>>> index fbb0104..63ddb96 100644
>>> --- a/hw/virtio-rng.h
>>> +++ b/hw/virtio-rng.h
>>> @@ -13,12 +13,14 @@
>>>  #define _QEMU_VIRTIO_RNG_H
>>>  
>>>  #include "qemu/rng.h"
>>> +#include "qemu/rng-random.h"
>>>  
>>>  /* The Virtio ID for the virtio rng device */
>>>  #define VIRTIO_ID_RNG    4
>>>  
>>>  struct VirtIORNGConf {
>>>      RngBackend *rng;
>>> +    RndRandom *default_backend;
>>>  };
>>>  
>>>  #endif
>>>
>> 
>> NACK.  Starting a guest that runs rngd (or just a malicious guest) will
>> completely deprive the host of entropy.
>> 
>> If you make the default /dev/hwrng, however, that would be ok.
>
> Also, does this break non-Linux?

It should fail gracefully.

If you do:

qemu -device virtio-rng-pci

Before this series you'd get:

qemu: Invalid value for parameter 'rng', expects a valid object

Now on !Linux you would get:

qemu -device virtio-rng-pci

qemu: Failed to open /dev/random

So it's still a failure, just a different message.

But this does suggest that we shouldn't add it to the default machine on
!Linux because we don't want the default machine failing.

Perhaps we can find better default backends on !Linux...

> What if the default was changed to /dev/hwrng but an older Linux
> distro didn't have the device file at all?

It would throw an error gracefully.

Regards,

Anthony Liguori

>
> Paolo