qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] virtio-rng and fd passing

From: Stefan Berger
Subject: Re: [Qemu-devel] virtio-rng and fd passing
Date: Fri, 01 Mar 2013 15:13:10 -0500
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:15.0) Gecko/20120911 Thunderbird/15.0.1 
On 03/01/2013 02:37 PM, H. Peter Anvin wrote:

On 02/28/2013 04:36 PM, Eric Blake wrote:

Stefan Berger and I discovered on IRC that virtio-rng is unable to
support fd passing.  We attempted:

qemu-system-x86_64 ... -add-fd
set=4,fd=34,opaque=RDONLY:/dev/urandom

                             ^^^^^^^^^^^^

-object rng-random,id=rng0,filename=/dev/fdset/4 -device
virtio-rng-pci,rng=rng0,bus=pci.0,addr=0x6


Unrelated, but you really, really, really don't want to pass
/dev/urandom there, use /dev/random.
From what I am reading about /dev/random is that it will start blocking once not enough entropy is available anymore. Sounds like this could be abused if multiple VMs were using this device and one drains the entropy.. An alternative may be to pick go through a crypto library that seeds itself with entropy and implements random number generators following NIST 800-90 for example. Freebl would offer at least one such implementation:
http://dxr.mozilla.org/mozilla-central/security/nss/lib/freebl/drbg.c.html - search for 'NIST' there 

    Stefan
reply via email to
[Prev in Thread] Current Thread [Next in Thread]