similar to: [PATCH v2 0/2] [RFC] virtio-rng entropy leak reporting feature

On Thu, Jan 19, 2023 at 07:43:47PM +0100, Babis Chalios wrote: > Implement the virtio-rng feature that allows a guest driver to request > from the device to perform certain operations in the event of an > "entropy leak", such as when taking a VM snapshot or restoring a VM from > a snapshot. The guest can request one of two operations: (i) fill a > buffer with random bytes,

On Fri, Jul 4, 2014 at 10:34 PM, Amit Shah <amit.shah at redhat.com> wrote: > The hwrng core asks for random data in the hwrng_register() call itself > from commit d9e7972619. This doesn't play well with virtio -- the > DRIVER_OK bit is only set by virtio core on a successful probe, and > we're not yet out of our probe routine when this call is made. This > causes

On Fri, Jul 4, 2014 at 10:34 PM, Amit Shah <amit.shah at redhat.com> wrote: > The hwrng core asks for random data in the hwrng_register() call itself > from commit d9e7972619. This doesn't play well with virtio -- the > DRIVER_OK bit is only set by virtio core on a successful probe, and > we're not yet out of our probe routine when this call is made. This > causes

On Mon, Jul 07, 2014 at 12:04:09PM +0530, Amit Shah wrote: > On (Sun) 06 Jul 2014 [23:09:49], Kees Cook wrote: > > On Sun, Jul 6, 2014 at 10:51 PM, Amit Shah <amit.shah at redhat.com> wrote: > > > On (Sun) 06 Jul 2014 [21:38:36], Kees Cook wrote: > > >> On Fri, Jul 4, 2014 at 10:34 PM, Amit Shah <amit.shah at redhat.com> wrote: > > >> > The

On Mon, Jul 07, 2014 at 12:04:09PM +0530, Amit Shah wrote: > On (Sun) 06 Jul 2014 [23:09:49], Kees Cook wrote: > > On Sun, Jul 6, 2014 at 10:51 PM, Amit Shah <amit.shah at redhat.com> wrote: > > > On (Sun) 06 Jul 2014 [21:38:36], Kees Cook wrote: > > >> On Fri, Jul 4, 2014 at 10:34 PM, Amit Shah <amit.shah at redhat.com> wrote: > > >> > The

On (Sun) 06 Jul 2014 [23:09:49], Kees Cook wrote: > On Sun, Jul 6, 2014 at 10:51 PM, Amit Shah <amit.shah at redhat.com> wrote: > > On (Sun) 06 Jul 2014 [21:38:36], Kees Cook wrote: > >> On Fri, Jul 4, 2014 at 10:34 PM, Amit Shah <amit.shah at redhat.com> wrote: > >> > The hwrng core asks for random data in the hwrng_register() call itself > >>

The khwrngd thread is started when a hwrng device of sufficient quality is registered. The virtio-rng device is backed by the hypervisor, and we trust the hypervisor to provide real entropy. A malicious hypervisor is a scenario that's ruled out, so we are certain the quality of randomness we receive is perfectly trustworthy. Hence, we use 100% for the factor, indicating maximum confidence

The khwrngd thread is started when a hwrng device of sufficient quality is registered. The virtio-rng device is backed by the hypervisor, and we trust the hypervisor to provide real entropy. A malicious hypervisor is a scenario that's ruled out, so we are certain the quality of randomness we receive is perfectly trustworthy. Hence, we use 100% for the factor, indicating maximum confidence

On 08/07/2014 06:08 AM, Amit Shah wrote: > On KVM guests where the virtio-rng device is available, and set as the > current rng, this udev rule will start rngd which will feed in the > host-provided entropy to /dev/random. > > Signed-off-by: Amit Shah <amit.shah at redhat.com> > --- > 90-virtio-rng.rules | 1 + > 1 file changed, 1 insertion(+) > create mode

On 08/07/2014 06:08 AM, Amit Shah wrote: > On KVM guests where the virtio-rng device is available, and set as the > current rng, this udev rule will start rngd which will feed in the > host-provided entropy to /dev/random. > > Signed-off-by: Amit Shah <amit.shah at redhat.com> > --- > 90-virtio-rng.rules | 1 + > 1 file changed, 1 insertion(+) > create mode

On (Thu) 07 Aug 2014 [12:31:11], H. Peter Anvin wrote: > On 08/07/2014 06:08 AM, Amit Shah wrote: > > On KVM guests where the virtio-rng device is available, and set as the > > current rng, this udev rule will start rngd which will feed in the > > host-provided entropy to /dev/random. > > > > Signed-off-by: Amit Shah <amit.shah at redhat.com> > > ---

Hello, I didn't find a mailing list for rng-tools, so CC'ing the kernel lists and the last few committers. The first patch in this series adds a udev rule to start rngd for guests that have a virtio-rng device available. The second patch attempts to add autoconf magic to install the udev rule in the system dirs. However, installing as non-root will obviously fail. Prefixes are also

Hello, I didn't find a mailing list for rng-tools, so CC'ing the kernel lists and the last few committers. The first patch in this series adds a udev rule to start rngd for guests that have a virtio-rng device available. The second patch attempts to add autoconf magic to install the udev rule in the system dirs. However, installing as non-root will obviously fail. Prefixes are also

On Sun, Jul 6, 2014 at 10:51 PM, Amit Shah <amit.shah at redhat.com> wrote: > On (Sun) 06 Jul 2014 [21:38:36], Kees Cook wrote: >> On Fri, Jul 4, 2014 at 10:34 PM, Amit Shah <amit.shah at redhat.com> wrote: >> > The hwrng core asks for random data in the hwrng_register() call itself >> > from commit d9e7972619. This doesn't play well with virtio -- the

On Sun, Jul 6, 2014 at 10:51 PM, Amit Shah <amit.shah at redhat.com> wrote: > On (Sun) 06 Jul 2014 [21:38:36], Kees Cook wrote: >> On Fri, Jul 4, 2014 at 10:34 PM, Amit Shah <amit.shah at redhat.com> wrote: >> > The hwrng core asks for random data in the hwrng_register() call itself >> > from commit d9e7972619. This doesn't play well with virtio -- the

This is a 3.16-only patch. The linux.git fix is 5c06273401f2eb7b290cadbae18ee00f8f65e893, which fixes this issue in a different way. Amos reported using multiple virtio-rng devices cause boot to freeze even after the recent fixes. We need the probe_done test per device rather than just once for the driver. Reported-by: Amos Kong <akong at redhat.com> Signed-off-by: Amit Shah

This is a 3.16-only patch. The linux.git fix is 5c06273401f2eb7b290cadbae18ee00f8f65e893, which fixes this issue in a different way. Amos reported using multiple virtio-rng devices cause boot to freeze even after the recent fixes. We need the probe_done test per device rather than just once for the driver. Reported-by: Amos Kong <akong at redhat.com> Signed-off-by: Amit Shah

On (Mon) 11 Aug 2014 [15:11:03], H. Peter Anvin wrote: > On 08/11/2014 11:49 AM, Amit Shah wrote: > > The khwrngd thread is started when a hwrng device of sufficient > > quality is registered. The virtio-rng device is backed by the > > hypervisor, and we trust the hypervisor to provide real entropy. A > > malicious hypervisor is a scenario that's ruled out, so we

On (Mon) 11 Aug 2014 [15:11:03], H. Peter Anvin wrote: > On 08/11/2014 11:49 AM, Amit Shah wrote: > > The khwrngd thread is started when a hwrng device of sufficient > > quality is registered. The virtio-rng device is backed by the > > hypervisor, and we trust the hypervisor to provide real entropy. A > > malicious hypervisor is a scenario that's ruled out, so we

Hi Linus, Sending directly to you with the commit log changes Ted Ts'o pointed out. Not sure if Rusty's back after his travel, but this already has his s-o-b. Please pull. The following changes since commit c9d26423e56ce1ab4d786f92aebecf859d419293: Merge tag 'pm+acpi-3.17-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm (2014-08-14 18:13:46 -0600) are