From: Amit Shah <amit@infradead.org>
To: Babis Chalios <bchalios@amazon.es>,
"Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>,
Laurent Vivier <lvivier@redhat.com>, Amit Shah <amit@kernel.org>,
qemu-devel@nongnu.org, sgarzare@redhat.com, graf@amazon.de,
xmarcalx@amazon.co.uk
Subject: Re: [RFC PATCH 0/1] Implement entropy leak reporting for virtio-rng
Date: Fri, 14 Apr 2023 14:02:12 +0200 [thread overview]
Message-ID: <f21f646279d07be8ecd07096654176f32b44d90f.camel@infradead.org> (raw)
In-Reply-To: <ddcb2bd7-964a-331a-d847-494c74a31667@amazon.es>
On Thu, 2023-04-13 at 15:36 +0200, Babis Chalios wrote:
>
> On 11/4/23 18:20, Jason A. Donenfeld wrote:
> > CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.
> >
> >
> >
> > On Tue, Apr 11, 2023 at 6:19 PM Amit Shah <amit@infradead.org> wrote:
> > > Hey Babis,
> > >
> > > On Mon, 2023-04-03 at 12:52 +0200, Babis Chalios wrote:
> > > > This patchset implements the entropy leak reporting feature proposal [1]
> > > > for virtio-rng devices.
> > > >
> > > > Entropy leaking (as defined in the specification proposal) typically
> > > > happens when we take a snapshot of a VM or while we resume a VM from a
> > > > snapshot. In these cases, we want to let the guest know so that it can
> > > > reset state that needs to be uniqueue, for example.
> > > >
> > > > This feature is offering functionality similar to what VMGENID does.
> > > > However, it allows to build mechanisms on the guest side to notify
> > > > user-space applications, like VMGENID for userspace and additionally for
> > > > kernel.
> > > >
> > > > The new specification describes two request types that the guest might
> > > > place in the queues for the device to perform, a fill-on-leak request
> > > > where the device needs to fill with random bytes a buffer and a
> > > > copy-on-leak request where the device needs to perform a copy between
> > > > two guest-provided buffers. We currently trigger the handling of guest
> > > > requests when saving the VM state and when loading a VM from a snapshot
> > > > file.
> > > >
> > > > This is an RFC, since the corresponding specification changes have not
> > > > yet been merged. It also aims to allow testing a respective patch-set
> > > > implementing the feature in the Linux front-end driver[2].
> > > >
> > > > However, I would like to ask the community's opinion regarding the
> > > > handling of the fill-on-leak requests. Essentially, these requests are
> > > > very similar to the normal virtio-rng entropy requests, with the catch
> > > > that we should complete these requests before resuming the VM, so that
> > > > we avoid race-conditions in notifying the guest about entropy leak
> > > > events. This means that we cannot rely on the RngBackend's API, which is
> > > > asynchronous. At the moment, I have handled that using getrandom(), but
> > > > I would like a solution which doesn't work only with (relatively new)
> > > > Linux hosts. I am inclined to solve that by extending the RngBackend API
> > > > with a synchronous call to request for random bytes and I'd like to hear
> > > > opinion's on this approach.
> > > The patch looks OK - I suggest you add a new sync call that also probes
> > > for the availability of getrandom().
> > qemu_guest_getrandom_nofail?
>
> That should work, I think. Any objections to this Amit?
That's one way to do it - and is fine too - but still needs probing
before calling in that function to ensure it's not going to fail.
Amit
prev parent reply other threads:[~2023-04-14 12:03 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-03 10:52 [RFC PATCH 0/1] Implement entropy leak reporting for virtio-rng Babis Chalios
2023-04-03 10:52 ` [RFC PATCH 1/1] virtio-rng: implement entropy leak feature Babis Chalios
2023-04-03 14:15 ` [RFC PATCH 0/1] Implement entropy leak reporting for virtio-rng Jason A. Donenfeld
2023-04-03 14:16 ` Jason A. Donenfeld
2023-04-03 14:27 ` bchalios
2023-04-11 16:19 ` Amit Shah
2023-04-11 16:20 ` Jason A. Donenfeld
2023-04-13 13:36 ` Babis Chalios
2023-04-14 12:02 ` Amit Shah [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f21f646279d07be8ecd07096654176f32b44d90f.camel@infradead.org \
--to=amit@infradead.org \
--cc=Jason@zx2c4.com \
--cc=amit@kernel.org \
--cc=bchalios@amazon.es \
--cc=graf@amazon.de \
--cc=lvivier@redhat.com \
--cc=mst@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=sgarzare@redhat.com \
--cc=xmarcalx@amazon.co.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).