From nobody Mon Nov 10 01:31:01 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted
 sender)  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=fail(p=none dis=none)  header.from=linaro.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1552458496870610.7797989737983;
 Tue, 12 Mar 2019 23:28:16 -0700 (PDT)
Received: from localhost ([127.0.0.1]:39170 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <qemu-devel-bounces+importer=patchew.org@nongnu.org>)
	id 1h3xN4-0001JU-Ri
	for importer@patchew.org; Wed, 13 Mar 2019 02:28:10 -0400
Received: from eggs.gnu.org ([209.51.188.92]:53883)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <richard.henderson@linaro.org>) id 1h3xLg-0000f0-U4
	for qemu-devel@nongnu.org; Wed, 13 Mar 2019 02:26:46 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <richard.henderson@linaro.org>) id 1h3xLd-00020I-PD
	for qemu-devel@nongnu.org; Wed, 13 Mar 2019 02:26:44 -0400
Received: from mail-pf1-x443.google.com ([2607:f8b0:4864:20::443]:34005)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <richard.henderson@linaro.org>)
	id 1h3xLb-0001zJ-2x
	for qemu-devel@nongnu.org; Wed, 13 Mar 2019 02:26:39 -0400
Received: by mail-pf1-x443.google.com with SMTP id v64so678760pfb.1
	for <qemu-devel@nongnu.org>; Tue, 12 Mar 2019 23:26:36 -0700 (PDT)
Received: from localhost.localdomain (97-113-188-82.tukw.qwest.net.
	[97.113.188.82]) by smtp.gmail.com with ESMTPSA id
	m64sm25593889pfi.149.2019.03.12.23.26.33
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Tue, 12 Mar 2019 23:26:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=2Mo+uQeJOvkzulvZHsMg8FatmP4cFOzNXezUkMKmYfY=;
	b=OSCXIJy6l0sZwBOpnRart2TJQvO2bTZbcqyYKZjcfbnQA1qFURevryu5JAdIjxNE/7
	PCZeUzDKdg7dCCXcsajcanTFN3X6lzv6ZrHFgWDn+b4se8OmwmWYy8+qAl2c9HWvtuHb
	XvFTsTD/U+c4CJmNO+LdlGBqfDvAFMcS0vYEiwfwKRK1CUtkDJSb7eW941cBlOAeDqYx
	3I8KsdSFHF+/sa5s153XgU46pdMGNohAwFVkz4lXQKNOwYlcLb2q/wF/WeieZlOeU0tR
	UQnL6SjaudAARg1aX+LxvvJn2zB2np/2Mvjt+Rj9pAFAbDsNriMZJkHERQUJ0QlDe8K+
	Fsig==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=2Mo+uQeJOvkzulvZHsMg8FatmP4cFOzNXezUkMKmYfY=;
	b=luvxV+8dd6jQOvTR+WdMlr1OBvA1Px6wSfljSF2XI9NkG/REQwl0HfBSPsmILddICG
	XEOaqOZgzCkY/6bpVd75evVyCznwH5zF7fr5WKr0vzeo7jidHYTj4OTp6wnOJ4e1m/MU
	KYkdf4+h0XchCg+xy6Q4+i3N3GyFKzJC1Y9gf9WvSD9kSZsbz+DkpsqBckFhGiM7YKn6
	vbXBvmJPBgeNTxz9DNVjZc1eG0V++8DdQ11xJy9uBGjLPxjp9xD1x8gRq3tQCl0EN9E6
	QdMvxVxJ07O5v2b3eI2H/5IC5Fjs+L4pkzyXjfij+OrxBV4q/lCgUMzT8pT1P8o533aX
	R5wQ==
X-Gm-Message-State: APjAAAX3o09JuF+1vZrw3ElBZWiLncghZmbemaLMe852FCI3rrHLZGn/
	SNT/+csDJNtX4/MTDk/BoT9r7izBqBo=
X-Google-Smtp-Source: 
 APXvYqySOKLS3eAMKUdDmpz5vfe4sfLzaiCwbu0XJIF5H6GgMyNQuWBUU4MMpxTQr3HXHORTgPRAug==
X-Received: by 2002:a17:902:8d89:: with SMTP id
	v9mr44599962plo.254.1552458395122;
	Tue, 12 Mar 2019 23:26:35 -0700 (PDT)
From: Richard Henderson <richard.henderson@linaro.org>
To: qemu-devel@nongnu.org
Date: Tue, 12 Mar 2019 23:26:25 -0700
Message-Id: <20190313062630.30568-3-richard.henderson@linaro.org>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20190313062630.30568-1-richard.henderson@linaro.org>
References: <20190313062630.30568-1-richard.henderson@linaro.org>
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 2607:f8b0:4864:20::443
Subject: [Qemu-devel] [PATCH for-4.1 2/7] util: Use getrandom for
 qemu_getrandom if available
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: peter.maydell@linaro.org, david@redhat.com, laurent@vivier.eu,
	armbru@redhat.com, kraxel@redhat.com, pbonzini@redhat.com,
	david@gibson.dropbear.id.au
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+importer=patchew.org@nongnu.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"

We only allow access to the "urandom" side of the interface,
and using -seed forces the use of the deterministic algorithm.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 util/random.c | 78 ++++++++++++++++++++++++++++++++++++++++++++++-----
 configure     | 18 +++++++++++-
 2 files changed, 88 insertions(+), 8 deletions(-)

diff --git a/util/random.c b/util/random.c
index ded8725a3b..833169fad5 100644
--- a/util/random.c
+++ b/util/random.c
@@ -15,6 +15,13 @@
 #include "qapi/error.h"
 #include "qemu/random.h"
=20
+#ifdef CONFIG_GETRANDOM
+# include <sys/random.h>
+static bool deterministic;
+#else
+#define deterministic  true
+#endif
+
=20
 /*
  * While jrand48 is not technically thread safe, jrand48_r is glibc specif=
ic.
@@ -25,13 +32,11 @@
 static __thread uint16_t xsubi[3];
=20
 /* Deterministic implementation using libc functions.  */
-bool qemu_getrandom(void *buf, size_t len, bool nonblock)
+static bool do_jrand48(void *buf, size_t len, bool nonblock)
 {
     size_t i;
     uint32_t val;
=20
-    g_assert_cmpuint(len, <=3D, 256);
-
     for (i =3D 0; i + 4 <=3D len; i +=3D 4) {
         val =3D jrand48(xsubi);
         __builtin_memcpy(buf + i, &val, 4);
@@ -44,18 +49,63 @@ bool qemu_getrandom(void *buf, size_t len, bool nonbloc=
k)
     return true;
 }
=20
+#ifdef CONFIG_GETRANDOM
+static bool do_getrandom(void *buf, size_t len, bool nonblock)
+{
+    while (len !=3D 0) {
+        ssize_t ret =3D getrandom(buf, len, nonblock ? GRND_NONBLOCK : 0);
+        if (unlikely(ret < 0)) {
+            switch (errno) {
+            case EAGAIN:
+                /* Only returned for GRND_NONBLOCK. */
+                return false;
+            case EINTR:
+                /* Signal.  Just try again.  */
+                break;
+            default:
+                /* EFAULT or EINVAL; either a bug in the user or here. */
+                g_assert_not_reached();
+            }
+        } else {
+            len -=3D ret;
+            buf +=3D ret;
+        }
+    }
+    return true;
+}
+#endif
+
+bool qemu_getrandom(void *buf, size_t len, bool nonblock)
+{
+    /* Assert the interface contract is honored.  */
+    g_assert_cmpuint(len, <=3D, 256);
+
+    if (!deterministic) {
+#ifdef CONFIG_GETRANDOM
+        return do_getrandom(buf, len, nonblock);
+#endif
+    }
+    return do_jrand48(buf, len, nonblock);
+}
+
 uint64_t qemu_seedrandom_thread_part1(void)
 {
     uint64_t ret;
-    qemu_getrandom(&ret, sizeof(ret), false);
+    if (deterministic) {
+        qemu_getrandom(&ret, sizeof(ret), false);
+    } else {
+        ret =3D 0;
+    }
     return ret;
 }
=20
 void qemu_seedrandom_thread_part2(uint64_t seed)
 {
-    xsubi[0] =3D seed;
-    xsubi[1] =3D seed >> 16;
-    xsubi[2] =3D seed >> 32;
+    if (deterministic) {
+        xsubi[0] =3D seed;
+        xsubi[1] =3D seed >> 16;
+        xsubi[2] =3D seed >> 32;
+    }
 }
=20
 void qemu_seedrandom_main(const char *optarg, Error **errp)
@@ -64,6 +114,9 @@ void qemu_seedrandom_main(const char *optarg, Error **er=
rp)
     if (parse_uint_full(optarg, &seed, 0)) {
         error_setg(errp, "Invalid seed number: %s", optarg);
     } else {
+#ifndef deterministic
+        deterministic =3D true;
+#endif
         qemu_seedrandom_thread_part2(seed);
     }
 }
@@ -72,5 +125,16 @@ static void __attribute__((constructor)) initialize(voi=
d)
 {
     /* Make sure A and C parameters are initialized.  */
     srand48(0);
+
+#ifdef CONFIG_GETRANDOM
+    /* Make sure support exists within the running kernel.  */
+    errno =3D 0;
+    if (getrandom(NULL, 0, 0) =3D=3D 0) {
+        return;
+    }
+    g_assert_cmpint(errno, =3D=3D, ENOSYS);
+    deterministic =3D true;
+#endif
+
     qemu_seedrandom_thread_part2(time(NULL) + getpid() * 1500450271ull);
 }
diff --git a/configure b/configure
index cab830a4c9..22c7944e38 100755
--- a/configure
+++ b/configure
@@ -5700,6 +5700,20 @@ if compile_prog "" "" ; then
     have_utmpx=3Dyes
 fi
=20
+##########################################
+# check for getrandom()
+
+have_getrandom=3Dno
+cat > $TMPC << EOF
+#include <sys/random.h>
+int main(void) {
+    return getrandom(0, 0, GRND_NONBLOCK);
+}
+EOF
+if compile_prog "" "" ; then
+    have_getrandom=3Dyes
+fi
+
 ##########################################
 # checks for sanitizers
=20
@@ -7073,7 +7087,9 @@ fi
 if test "$have_utmpx" =3D "yes" ; then
   echo "HAVE_UTMPX=3Dy" >> $config_host_mak
 fi
-
+if test "$have_getrandom" =3D "yes" ; then
+  echo "CONFIG_GETRANDOM=3Dy" >> $config_host_mak
+fi
 if test "$ivshmem" =3D "yes" ; then
   echo "CONFIG_IVSHMEM=3Dy" >> $config_host_mak
 fi
--=20
2.17.1