[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 0/8] add paravirtualization hwrng support (v2)
|
From: |
Aurelien Jarno |
|
Subject: |
Re: [Qemu-devel] [PATCH 0/8] add paravirtualization hwrng support (v2) |
|
Date: |
Wed, 31 Oct 2012 08:12:39 +0100 |
|
User-agent: |
Mutt/1.5.21 (2010-09-15) |
On Tue, Oct 30, 2012 at 06:24:27PM -0700, H. Peter Anvin wrote:
> On 10/30/2012 04:02 PM, Anthony Liguori wrote:
> >
> >My take away from all of the various discussions on what the Right Way to
> >use virtio-rng is:
> >
> > 1) /dev/random should always be used as the entropy source (I've left it
> > configurable though)
> >
> > 2) I think the Right Way to configure virtio-rng is to figure out what the
> > available entropy is on the host, and then decide how to allocate that
> > to each guest. As such, I've implemented rate limiting.
> >
> > I think QEMU is the right place to do this because this is a property of
> > specific virtual machines. I can imagine a cloud provider wanting to
> > guarantee a certain level of entropy for different classes of VMs. Even
> > if rngd could be used to do this, configuring it differently for
> > different
> > guests would be cumbersome.
> >
>
> rngd is not where this should happen, it should be in the
> /dev/random implementation in the (host) kernel. That way it is
> applicable to all types of clients, not just Qemu.
>
> > 3) `qemu -device virtio-rng-pci` will Just Work but risks exhausting host
> > entropy. This means we can't make it the default for machines. But for
> > most command line users, I think this is the behavior they want.
>
> It's a bit unfortunate, but I'm not going to push on that point.
>
> Given the migration issue I'll write up an implementation of a DRNG
> (RDRAND/RDSEED) backend once this is upstream. If RDRAND is
> disabled in the guest, but available in the host, this would be the
> one to use. If RDRAND is available in the guest it should be used
> directly if rngd is new enough, but since virtio-rng has been in the
> kernel since 2008 there still might be some guests which could use
> such an implementation without having been RDRAND-enabled.
>
That is also a good idea for emulation, and especially to provide
non-x86 guests with entropy.
--
Aurelien Jarno GPG: 1024D/F1BCDB73
address@hidden http://www.aurel32.net
- [Qemu-devel] [PATCH 4/8] rng-random: add an RNG backend that uses /dev/random (v2), (continued)
- [Qemu-devel] [PATCH 4/8] rng-random: add an RNG backend that uses /dev/random (v2), Anthony Liguori, 2012/10/30
- [Qemu-devel] [PATCH 3/8] rng: add RndBackend abstract object class, Anthony Liguori, 2012/10/30
- [Qemu-devel] [PATCH 7/8] virtio-rng: add rate limiting support, Anthony Liguori, 2012/10/30
- [Qemu-devel] [PATCH 6/8] virtio-rng: hardware random number generator device, Anthony Liguori, 2012/10/30
- [Qemu-devel] [PATCH 1/8] vl: add -object option to create QOM objects from the command line, Anthony Liguori, 2012/10/30
- [Qemu-devel] [PATCH 8/8] virtio-rng-pci: create a default backend if none exists, Anthony Liguori, 2012/10/30
- [Qemu-devel] [PATCH 2/8] object: add object_property_add_bool (v2), Anthony Liguori, 2012/10/30
- Re: [Qemu-devel] [PATCH 0/8] add paravirtualization hwrng support (v2), H. Peter Anvin, 2012/10/30