From: Amit Shah <amit@infradead.org>
To: Babis Chalios <bchalios@amazon.es>,
"Michael S. Tsirkin" <mst@redhat.com>,
Laurent Vivier <lvivier@redhat.com>, Amit Shah <amit@kernel.org>,
qemu-devel@nongnu.org
Cc: sgarzare@redhat.com, graf@amazon.de, Jason@zx2c4.com,
xmarcalx@amazon.co.uk
Subject: Re: [RFC PATCH 0/1] Implement entropy leak reporting for virtio-rng
Date: Tue, 11 Apr 2023 18:19:15 +0200 [thread overview]
Message-ID: <b6724d973b276a3252e640cf687cad484fe3fbff.camel@infradead.org> (raw)
In-Reply-To: <20230403105245.29499-1-bchalios@amazon.es>
Hey Babis,
On Mon, 2023-04-03 at 12:52 +0200, Babis Chalios wrote:
> This patchset implements the entropy leak reporting feature proposal [1]
> for virtio-rng devices.
>
> Entropy leaking (as defined in the specification proposal) typically
> happens when we take a snapshot of a VM or while we resume a VM from a
> snapshot. In these cases, we want to let the guest know so that it can
> reset state that needs to be uniqueue, for example.
>
> This feature is offering functionality similar to what VMGENID does.
> However, it allows to build mechanisms on the guest side to notify
> user-space applications, like VMGENID for userspace and additionally for
> kernel.
>
> The new specification describes two request types that the guest might
> place in the queues for the device to perform, a fill-on-leak request
> where the device needs to fill with random bytes a buffer and a
> copy-on-leak request where the device needs to perform a copy between
> two guest-provided buffers. We currently trigger the handling of guest
> requests when saving the VM state and when loading a VM from a snapshot
> file.
>
> This is an RFC, since the corresponding specification changes have not
> yet been merged. It also aims to allow testing a respective patch-set
> implementing the feature in the Linux front-end driver[2].
>
> However, I would like to ask the community's opinion regarding the
> handling of the fill-on-leak requests. Essentially, these requests are
> very similar to the normal virtio-rng entropy requests, with the catch
> that we should complete these requests before resuming the VM, so that
> we avoid race-conditions in notifying the guest about entropy leak
> events. This means that we cannot rely on the RngBackend's API, which is
> asynchronous. At the moment, I have handled that using getrandom(), but
> I would like a solution which doesn't work only with (relatively new)
> Linux hosts. I am inclined to solve that by extending the RngBackend API
> with a synchronous call to request for random bytes and I'd like to hear
> opinion's on this approach.
The patch looks OK - I suggest you add a new sync call that also probes
for the availability of getrandom(). If that doesn't exist, your new
code should figure out a way to deal with the lack of that call.
On older Linux or non-Linux, there are other ways of getting random
numbers, so I expect that sync backend you introduce get more capable.
Amit
next prev parent reply other threads:[~2023-04-11 17:59 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-03 10:52 [RFC PATCH 0/1] Implement entropy leak reporting for virtio-rng Babis Chalios
2023-04-03 10:52 ` [RFC PATCH 1/1] virtio-rng: implement entropy leak feature Babis Chalios
2023-04-03 14:15 ` [RFC PATCH 0/1] Implement entropy leak reporting for virtio-rng Jason A. Donenfeld
2023-04-03 14:16 ` Jason A. Donenfeld
2023-04-03 14:27 ` bchalios
2023-04-11 16:19 ` Amit Shah [this message]
2023-04-11 16:20 ` Jason A. Donenfeld
2023-04-13 13:36 ` Babis Chalios
2023-04-14 12:02 ` Amit Shah
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b6724d973b276a3252e640cf687cad484fe3fbff.camel@infradead.org \
--to=amit@infradead.org \
--cc=Jason@zx2c4.com \
--cc=amit@kernel.org \
--cc=bchalios@amazon.es \
--cc=graf@amazon.de \
--cc=lvivier@redhat.com \
--cc=mst@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=sgarzare@redhat.com \
--cc=xmarcalx@amazon.co.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).