1. Patchew
  2. QEMU
  3. View series

[Qemu-devel] [PATCH] VirtIO-RNG: Update default entropy source to `/dev/urandom`

Kashyap Chamarthy posted 1 patch 4 years, 12 months ago
Test docker-mingw@fedora passed
Test docker-clang@ubuntu passed
Test asan passed
Test checkpatch passed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20190503154613.4192-2-kchamart@redhat.com
Maintainers: Amit Shah <amit@kernel.org>
There is a newer version of this series
backends/rng-random.c | 2 +-
qemu-options.hx       | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
[Qemu-devel] [PATCH] VirtIO-RNG: Update default entropy source to `/dev/urandom`
Posted by Kashyap Chamarthy 4 years, 12 months ago 
When QEMU exposes a VirtIO-RNG device to the guest, that device needs a
source of entropy, and that source needs to be "non-blocking", like
`/dev/urandom`.  However, currently QEMU defaults to the problematic
`/dev/random`, which is "blocking" (as in, it waits until sufficient
entropy is available).

So change the entropy source to the recommended `/dev/urandom`.

Related discussion in these[1][2] past threads.

[1] https://lists.nongnu.org/archive/html/qemu-devel/2018-06/msg08335.html
    -- "RNG: Any reason QEMU doesn't default to `/dev/urandom`?"
[2] https://lists.nongnu.org/archive/html/qemu-devel/2018-09/msg02724.html
    -- "[RFC] Virtio RNG: Consider changing the default entropy source to
       /dev/urandom"

Signed-off-by: Kashyap Chamarthy <kchamart@redhat.com>
---
 backends/rng-random.c | 2 +-
 qemu-options.hx       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/backends/rng-random.c b/backends/rng-random.c
index e2a49b0571..eff36ef140 100644
--- a/backends/rng-random.c
+++ b/backends/rng-random.c
@@ -112,7 +112,7 @@ static void rng_random_init(Object *obj)
                             rng_random_set_filename,
                             NULL);
 
-    s->filename = g_strdup("/dev/random");
+    s->filename = g_strdup("/dev/urandom");
     s->fd = -1;
 }
 
diff --git a/qemu-options.hx b/qemu-options.hx
index 51802cbb26..a525609149 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -4276,7 +4276,7 @@ Creates a random number generator backend which obtains entropy from
 a device on the host. The @option{id} parameter is a unique ID that
 will be used to reference this entropy backend from the @option{virtio-rng}
 device. The @option{filename} parameter specifies which file to obtain
-entropy from and if omitted defaults to @option{/dev/random}.
+entropy from and if omitted defaults to @option{/dev/urandom}.
 
 @item -object rng-egd,id=@var{id},chardev=@var{chardevid}
 
-- 
2.17.2
Re: [Qemu-devel] [PATCH] VirtIO-RNG: Update default entropy source to `/dev/urandom`
Posted by Daniel P. Berrangé 4 years, 12 months ago 
On Fri, May 03, 2019 at 05:46:13PM +0200, Kashyap Chamarthy wrote:
> When QEMU exposes a VirtIO-RNG device to the guest, that device needs a
> source of entropy, and that source needs to be "non-blocking", like
> `/dev/urandom`.  However, currently QEMU defaults to the problematic
> `/dev/random`, which is "blocking" (as in, it waits until sufficient
> entropy is available).
> 
> So change the entropy source to the recommended `/dev/urandom`.
> 
> Related discussion in these[1][2] past threads.
> 
> [1] https://lists.nongnu.org/archive/html/qemu-devel/2018-06/msg08335.html
>     -- "RNG: Any reason QEMU doesn't default to `/dev/urandom`?"
> [2] https://lists.nongnu.org/archive/html/qemu-devel/2018-09/msg02724.html
>     -- "[RFC] Virtio RNG: Consider changing the default entropy source to
>        /dev/urandom"
> 
> Signed-off-by: Kashyap Chamarthy <kchamart@redhat.com>
> ---
>  backends/rng-random.c | 2 +-
>  qemu-options.hx       | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|
Re: [Qemu-devel] [PATCH] VirtIO-RNG: Update default entropy source to `/dev/urandom`
Posted by Kashyap Chamarthy 4 years, 12 months ago 
On Fri, May 03, 2019 at 04:49:05PM +0100, Daniel P. Berrangé wrote:
> On Fri, May 03, 2019 at 05:46:13PM +0200, Kashyap Chamarthy wrote:
> > When QEMU exposes a VirtIO-RNG device to the guest, that device needs a
> > source of entropy, and that source needs to be "non-blocking", like
> > `/dev/urandom`.  However, currently QEMU defaults to the problematic
> > `/dev/random`, which is "blocking" (as in, it waits until sufficient
> > entropy is available).
> > 
> > So change the entropy source to the recommended `/dev/urandom`.
> > 
> > Related discussion in these[1][2] past threads.
> > 
> > [1] https://lists.nongnu.org/archive/html/qemu-devel/2018-06/msg08335.html
> >     -- "RNG: Any reason QEMU doesn't default to `/dev/urandom`?"
> > [2] https://lists.nongnu.org/archive/html/qemu-devel/2018-09/msg02724.html
> >     -- "[RFC] Virtio RNG: Consider changing the default entropy source to
> >        /dev/urandom"
> > 
> > Signed-off-by: Kashyap Chamarthy <kchamart@redhat.com>
> > ---
> >  backends/rng-random.c | 2 +-
> >  qemu-options.hx       | 2 +-
> >  2 files changed, 2 insertions(+), 2 deletions(-)
> 
> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>

I'm wondering if this needs to be mentioned on a Release Notes wiki
somewhere -- because we're changing the default.

-- 
/kashyap
Re: [Qemu-devel] [PATCH] VirtIO-RNG: Update default entropy source to `/dev/urandom`
Posted by Daniel P. Berrangé 4 years, 11 months ago 
On Fri, May 03, 2019 at 10:47:57PM +0200, Kashyap Chamarthy wrote:
> On Fri, May 03, 2019 at 04:49:05PM +0100, Daniel P. Berrangé wrote:
> > On Fri, May 03, 2019 at 05:46:13PM +0200, Kashyap Chamarthy wrote:
> > > When QEMU exposes a VirtIO-RNG device to the guest, that device needs a
> > > source of entropy, and that source needs to be "non-blocking", like
> > > `/dev/urandom`.  However, currently QEMU defaults to the problematic
> > > `/dev/random`, which is "blocking" (as in, it waits until sufficient
> > > entropy is available).
> > > 
> > > So change the entropy source to the recommended `/dev/urandom`.
> > > 
> > > Related discussion in these[1][2] past threads.
> > > 
> > > [1] https://lists.nongnu.org/archive/html/qemu-devel/2018-06/msg08335.html
> > >     -- "RNG: Any reason QEMU doesn't default to `/dev/urandom`?"
> > > [2] https://lists.nongnu.org/archive/html/qemu-devel/2018-09/msg02724.html
> > >     -- "[RFC] Virtio RNG: Consider changing the default entropy source to
> > >        /dev/urandom"
> > > 
> > > Signed-off-by: Kashyap Chamarthy <kchamart@redhat.com>
> > > ---
> > >  backends/rng-random.c | 2 +-
> > >  qemu-options.hx       | 2 +-
> > >  2 files changed, 2 insertions(+), 2 deletions(-)
> > 
> > Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
> 
> I'm wondering if this needs to be mentioned on a Release Notes wiki
> somewhere -- because we're changing the default.

Release notes need to get updated when pull requests merge to mention
any user relevant changes.


Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|
Re: [Qemu-devel] [PATCH] VirtIO-RNG: Update default entropy source to `/dev/urandom`
Posted by Richard W.M. Jones 4 years, 12 months ago 
On Fri, May 03, 2019 at 05:46:13PM +0200, Kashyap Chamarthy wrote:
> When QEMU exposes a VirtIO-RNG device to the guest, that device needs a
> source of entropy, and that source needs to be "non-blocking", like
> `/dev/urandom`.  However, currently QEMU defaults to the problematic
> `/dev/random`, which is "blocking" (as in, it waits until sufficient
> entropy is available).
> 
> So change the entropy source to the recommended `/dev/urandom`.
> 
> Related discussion in these[1][2] past threads.
> 
> [1] https://lists.nongnu.org/archive/html/qemu-devel/2018-06/msg08335.html
>     -- "RNG: Any reason QEMU doesn't default to `/dev/urandom`?"
> [2] https://lists.nongnu.org/archive/html/qemu-devel/2018-09/msg02724.html
>     -- "[RFC] Virtio RNG: Consider changing the default entropy source to
>        /dev/urandom"
> 
> Signed-off-by: Kashyap Chamarthy <kchamart@redhat.com>
> ---
>  backends/rng-random.c | 2 +-
>  qemu-options.hx       | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/backends/rng-random.c b/backends/rng-random.c
> index e2a49b0571..eff36ef140 100644
> --- a/backends/rng-random.c
> +++ b/backends/rng-random.c
> @@ -112,7 +112,7 @@ static void rng_random_init(Object *obj)
>                              rng_random_set_filename,
>                              NULL);
>  
> -    s->filename = g_strdup("/dev/random");
> +    s->filename = g_strdup("/dev/urandom");
>      s->fd = -1;
>  }
>  
> diff --git a/qemu-options.hx b/qemu-options.hx
> index 51802cbb26..a525609149 100644
> --- a/qemu-options.hx
> +++ b/qemu-options.hx
> @@ -4276,7 +4276,7 @@ Creates a random number generator backend which obtains entropy from
>  a device on the host. The @option{id} parameter is a unique ID that
>  will be used to reference this entropy backend from the @option{virtio-rng}
>  device. The @option{filename} parameter specifies which file to obtain
> -entropy from and if omitted defaults to @option{/dev/random}.
> +entropy from and if omitted defaults to @option{/dev/urandom}.
>  
>  @item -object rng-egd,id=@var{id},chardev=@var{chardevid}

I think this is a very sensible change, removing a bit of superstition
about randomness.

Reviewed-by: Richard W.M. Jones <rjones@redhat.com>

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
Fedora Windows cross-compiler. Compile Windows programs, test, and
build Windows installers. Over 100 libraries supported.
http://fedoraproject.org/wiki/MinGW

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.