Re: [Qemu-devel] [PATCH 0/8] add paravirtualization hwrng support (v2)

[H. Peter Anvin]

On 10/30/2012 04:02 PM, Anthony Liguori wrote:
> My take away from all of the various discussions on what the Right Way to
> use virtio-rng is:
>
>   1) /dev/random should always be used as the entropy source (I've left it
>      configurable though)
>
>   2) I think the Right Way to configure virtio-rng is to figure out what the
>      available entropy is on the host, and then decide how to allocate that
>      to each guest.  As such, I've implemented rate limiting.
>
>      I think QEMU is the right place to do this because this is a property of
>      specific virtual machines.  I can imagine a cloud provider wanting to
>      guarantee a certain level of entropy for different classes of VMs.  Even
>      if rngd could be used to do this, configuring it differently for different
>      guests would be cumbersome.

rngd is not where this should happen, it should be in the /dev/random 
implementation in the (host) kernel.  That way it is applicable to all 
types of clients, not just Qemu.

>   3) `qemu -device virtio-rng-pci` will Just Work but risks exhausting host
>      entropy.  This means we can't make it the default for machines.  But for
>      most command line users, I think this is the behavior they want.

It's a bit unfortunate, but I'm not going to push on that point.

Given the migration issue I'll write up an implementation of a DRNG 
(RDRAND/RDSEED) backend once this is upstream.  If RDRAND is disabled in 
the guest, but available in the host, this would be the one to use.  If 
RDRAND is available in the guest it should be used directly if rngd is 
new enough, but since virtio-rng has been in the kernel since 2008 there 
still might be some guests which could use such an implementation 
without having been RDRAND-enabled.

        -hpa


--
H. Peter Anvin, Intel Open Source Technology Center
I work for Intel.  I don't speak on their behalf.