From nobody Tue Feb 10 08:40:56 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=linaro.org ARC-Seal: i=1; a=rsa-sha256; t=1557862117; cv=none; d=zoho.com; s=zohoarc; b=l/KoylAYUl7gO4PCsJEeqgDXYIhcI0jlB4wUD8M3SOQNpfWs4WQ1y+uMLxsWedqPZ7vVGbOy6fI47qBIYrUTkkja2Brh6O+3cHOfSPtzvENhQxY9PjW8lBOiEEsHDX+5/fQCU4A7KpB+1KMyRFNsJBG7++c+N8mnd31248DW1/I= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1557862117; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=4MrsM8HWkl5HnptGJNmid/oZc3Q7MB8Exr59LxaGIMY=; b=og4pznn5+g+ZJCeai/mx/nrQqISQfNfGB9esN1mnQBOybVsBSLIv03+M7rzo7VKieNMCKVTsGD3bueMo10G0GvIWdAXEhzE0XgWUiQtH1l8ZdX6x9wQ4nZfFG3comU45ToHmM63JeTUyJZ5ZIhZYvWnGaGfaZ+Si1kC6vJiQmGo= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1557862117666546.325627622739; Tue, 14 May 2019 12:28:37 -0700 (PDT) Received: from localhost ([127.0.0.1]:53066 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hQd6I-0003g4-Ii for importer@patchew.org; Tue, 14 May 2019 15:28:34 -0400 Received: from eggs.gnu.org ([209.51.188.92]:48823) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hQcvG-0002Tw-Ok for qemu-devel@nongnu.org; Tue, 14 May 2019 15:17:12 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hQcvF-0006qM-Cs for qemu-devel@nongnu.org; Tue, 14 May 2019 15:17:10 -0400 Received: from mail-pf1-x444.google.com ([2607:f8b0:4864:20::444]:42945) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hQcvF-0006po-5i for qemu-devel@nongnu.org; Tue, 14 May 2019 15:17:09 -0400 Received: by mail-pf1-x444.google.com with SMTP id 13so9631937pfw.9 for ; Tue, 14 May 2019 12:17:09 -0700 (PDT) Received: from localhost.localdomain (97-113-13-231.tukw.qwest.net. [97.113.13.231]) by smtp.gmail.com with ESMTPSA id o6sm18682982pfa.88.2019.05.14.12.17.06 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 14 May 2019 12:17:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=4MrsM8HWkl5HnptGJNmid/oZc3Q7MB8Exr59LxaGIMY=; b=Lhi3bjFT32r1L9f70/VFnAglrOjySbukTfUoGsiyENHbf3yn66vSSH2rV146cwakqO R+XTfSQq8xShD9Qx6uH4BxPxbO+U22srS+UVqKLQF7+rxRCW2rLrUKiFpAUh6/Xd6moe +A/FCgjFR8VhDPdqJvHeerGvArXb3yVbplvbVYJIpvNLL8sVs9Mi63oU9/GVTArSj4d0 ITxYfSvrYleB2LdEIiwqEnQ0VnQNLmleQqCNCCSQZPGK0nSH3ZPZyeX++jEveL0Tgqmn N4BWkgokfCeA3gJySg+p9amVjNJQe1At1VpNJXa2jxxRLNAeBN+Vmqnx6y2ZRSDfgDDy q1CA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=4MrsM8HWkl5HnptGJNmid/oZc3Q7MB8Exr59LxaGIMY=; b=hKC/+RF8oMBvhaTApUXunEvVc5W24ncYOIRzJwz6qBBCL95xa1A1KpJq83aVRTYRy5 hG/EKfIGsyI+AuTswk8sL7AJhhbVZz9oPQ4+sUYAJjaPg5MgXciWkgs23y31EE+jQrXE DfQ2TZ2jitaZ2AdP+1EEaHHXZ4/0Tfz9oPXKX7cLXvF/6U8DxWvisloBQ1X9grKv2AlO 1Ewrzq9rtMLM1TFKs0T+ZC6Uz3Q99g6vSDa2AGJOr/1eFxHoYIIpu4HBUfEsrNU41/HP BhIGpzNdv1wG5y4siA30lVb125FIO+t/22sURjJ9t5+zecClGgTdH6pfL9dJGQHjBZtm 54Bw== X-Gm-Message-State: APjAAAXPu+X+U0lp7sBXI9SzTW/DZwDlYvr00Ka7BEn2VfwwqxPtMAqb XHzZj98Fb3KNyGxSSbpfl+D8Sj94qQ4= X-Google-Smtp-Source: APXvYqwm3im4htajCMx66r8XAvjHowzzRlhZ9Wbnp76Gih5okgfyD0H50wjRsOecHSpm3gkqezpUQQ== X-Received: by 2002:a62:7a8f:: with SMTP id v137mr42687906pfc.243.1557861427693; Tue, 14 May 2019 12:17:07 -0700 (PDT) From: Richard Henderson To: qemu-devel@nongnu.org Date: Tue, 14 May 2019 12:16:38 -0700 Message-Id: <20190514191653.31488-10-richard.henderson@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20190514191653.31488-1-richard.henderson@linaro.org> References: <20190514191653.31488-1-richard.henderson@linaro.org> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2607:f8b0:4864:20::444 Subject: [Qemu-devel] [PATCH v7 09/24] util: Add qemu_guest_getrandom and associated routines X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: lvivier@redhat.com, berrange@redhat.com, armbru@redhat.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) This routine is intended to produce high-quality random numbers to the guest. Normally, such numbers are crypto quality from the host, but a command-line option can force the use of a fully deterministic sequence for use while debugging. Reviewed-by: Laurent Vivier Reviewed-by: Philippe Mathieu-Daud=C3=A9 Reviewed-by: Daniel P. Berrang=C3=A9 Signed-off-by: Richard Henderson --- include/qemu/guest-random.h | 68 +++++++++++++++++++++++++++ util/guest-random.c | 93 +++++++++++++++++++++++++++++++++++++ util/Makefile.objs | 1 + 3 files changed, 162 insertions(+) create mode 100644 include/qemu/guest-random.h create mode 100644 util/guest-random.c diff --git a/include/qemu/guest-random.h b/include/qemu/guest-random.h new file mode 100644 index 0000000000..09ff9c2236 --- /dev/null +++ b/include/qemu/guest-random.h @@ -0,0 +1,68 @@ +/* + * QEMU guest-visible random functions + * + * Copyright 2019 Linaro, Ltd. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the F= ree + * Software Foundation; either version 2 of the License, or (at your optio= n) + * any later version. + */ + +#ifndef QEMU_GUEST_RANDOM_H +#define QEMU_GUEST_RANDOM_H + +/** + * qemu_guest_random_seed_main(const char *optarg, Error **errp) + * @optarg: a non-NULL pointer to a C string + * @errp: an error indicator + * + * The @optarg value is that which accompanies the -seed argument. + * This forces qemu_guest_getrandom into deterministic mode. + * + * Returns 0 on success, < 0 on failure while setting *errp. + */ +int qemu_guest_random_seed_main(const char *optarg, Error **errp); + +/** + * qemu_guest_random_seed_thread_part1(void) + * + * If qemu_getrandom is in deterministic mode, returns an + * independent seed for the new thread. Otherwise returns 0. + */ +uint64_t qemu_guest_random_seed_thread_part1(void); + +/** + * qemu_guest_random_seed_thread_part2(uint64_t seed) + * @seed: a value for the new thread. + * + * If qemu_guest_getrandom is in deterministic mode, this stores an + * independent seed for the new thread. Otherwise a no-op. + */ +void qemu_guest_random_seed_thread_part2(uint64_t seed); + +/** + * qemu_guest_getrandom(void *buf, size_t len, Error **errp) + * @buf: a buffer of bytes to be written + * @len: the number of bytes in @buf + * @errp: an error indicator + * + * Fills len bytes in buf with random data. This should only be used + * for data presented to the guest. Host-side crypto services should + * use qcrypto_random_bytes. + * + * Returns 0 on success, < 0 on failure while setting *errp. + */ +int qemu_guest_getrandom(void *buf, size_t len, Error **errp); + +/** + * qemu_guest_getrandom_nofail(void *buf, size_t len) + * @buf: a buffer of bytes to be written + * @len: the number of bytes in @buf + * + * Like qemu_guest_getrandom, but will assert for failure. + * Use this when there is no reasonable recovery. + */ +void qemu_guest_getrandom_nofail(void *buf, size_t len); + +#endif /* QEMU_GUEST_RANDOM_H */ diff --git a/util/guest-random.c b/util/guest-random.c new file mode 100644 index 0000000000..e8124a3cad --- /dev/null +++ b/util/guest-random.c @@ -0,0 +1,93 @@ +/* + * QEMU guest-visible random functions + * + * Copyright 2019 Linaro, Ltd. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the F= ree + * Software Foundation; either version 2 of the License, or (at your optio= n) + * any later version. + */ + +#include "qemu/osdep.h" +#include "qemu-common.h" +#include "qemu/cutils.h" +#include "qapi/error.h" +#include "qemu/guest-random.h" +#include "crypto/random.h" + + +static __thread GRand *thread_rand; +static bool deterministic; + + +static int glib_random_bytes(void *buf, size_t len) +{ + GRand *rand =3D thread_rand; + size_t i; + uint32_t x; + + if (unlikely(rand =3D=3D NULL)) { + /* Thread not initialized for a cpu, or main w/o -seed. */ + thread_rand =3D rand =3D g_rand_new(); + } + + for (i =3D 0; i + 4 <=3D len; i +=3D 4) { + x =3D g_rand_int(rand); + __builtin_memcpy(buf + i, &x, 4); + } + if (i < len) { + x =3D g_rand_int(rand); + __builtin_memcpy(buf + i, &x, i - len); + } + return 0; +} + +int qemu_guest_getrandom(void *buf, size_t len, Error **errp) +{ + if (unlikely(deterministic)) { + /* Deterministic implementation using Glib's Mersenne Twister. */ + return glib_random_bytes(buf, len); + } else { + /* Non-deterministic implementation using crypto routines. */ + return qcrypto_random_bytes(buf, len, errp); + } +} + +void qemu_guest_getrandom_nofail(void *buf, size_t len) +{ + qemu_guest_getrandom(buf, len, &error_fatal); +} + +uint64_t qemu_guest_random_seed_thread_part1(void) +{ + if (deterministic) { + uint64_t ret; + glib_random_bytes(&ret, sizeof(ret)); + return ret; + } + return 0; +} + +void qemu_guest_random_seed_thread_part2(uint64_t seed) +{ + g_assert(thread_rand =3D=3D NULL); + if (deterministic) { + thread_rand =3D + g_rand_new_with_seed_array((const guint32 *)&seed, + sizeof(seed) / sizeof(guint32)); + } +} + +int qemu_guest_random_seed_main(const char *optarg, Error **errp) +{ + unsigned long long seed; + if (parse_uint_full(optarg, &seed, 0)) { + error_setg(errp, "Invalid seed number: %s", optarg); + return -1; + } else { + deterministic =3D true; + qemu_guest_random_seed_thread_part2(seed); + return 0; + } +} diff --git a/util/Makefile.objs b/util/Makefile.objs index 9206878dec..c27a923dbe 100644 --- a/util/Makefile.objs +++ b/util/Makefile.objs @@ -54,5 +54,6 @@ util-obj-y +=3D iova-tree.o util-obj-$(CONFIG_INOTIFY1) +=3D filemonitor-inotify.o util-obj-$(CONFIG_LINUX) +=3D vfio-helpers.o util-obj-$(CONFIG_OPENGL) +=3D drm.o +util-obj-y +=3D guest-random.o =20 stub-obj-y +=3D filemonitor-stub.o --=20 2.17.1