Il 24/07/2014 06:57, Andy Lutomirski ha scritto:
> This adds a simple interface to allow a guest to request 64 bits of
> host nonblocking entropy. This is independent of virtio-rng for a
> couple of reasons:
>
> - It's intended to be usable during early boot, when a trivial
> synchronous interface is needed.
>
> - virtio-rng gives blocking entropy, and making guest boot wait for
> the host's /dev/random will cause problems.
>
> MSR_KVM_GET_RNG_SEED is intended to provide 64 bits of best-effort
> cryptographically secure data for use as a seed. It provides no
> guarantee that the result contains any actual entropy.
>
> Signed-off-by: Andy Lutomirski <luto@xxxxxxxxxxxxxx>
> ---
> Documentation/virtual/kvm/cpuid.txt | 3 +++
> arch/x86/include/uapi/asm/kvm_para.h | 2 ++
> arch/x86/kvm/cpuid.c | 3 ++-
> arch/x86/kvm/x86.c | 4 ++++
> 4 files changed, 11 insertions(+), 1 deletion(-)
>
> diff --git a/Documentation/virtual/kvm/cpuid.txt b/Documentation/virtual/kvm/cpuid.txt
> index 3c65feb..0ab043b 100644
> --- a/Documentation/virtual/kvm/cpuid.txt
> +++ b/Documentation/virtual/kvm/cpuid.txt
> @@ -54,6 +54,9 @@ KVM_FEATURE_PV_UNHALT || 7 || guest checks this feature bit
> || || before enabling paravirtualized
> || || spinlock support.
> ------------------------------------------------------------------------------
> +KVM_FEATURE_GET_RNG_SEED || 8 || host provides rng seed data via
> + || || MSR_KVM_GET_RNG_SEED.
> +------------------------------------------------------------------------------
> KVM_FEATURE_CLOCKSOURCE_STABLE_BIT || 24 || host will warn if no guest-side
> || || per-cpu warps are expected in
> || || kvmclock.
> diff --git a/arch/x86/include/uapi/asm/kvm_para.h b/arch/x86/include/uapi/asm/kvm_para.h
> index 94dc8ca..e2eaf93 100644
> --- a/arch/x86/include/uapi/asm/kvm_para.h
> +++ b/arch/x86/include/uapi/asm/kvm_para.h
> @@ -24,6 +24,7 @@
> #define KVM_FEATURE_STEAL_TIME 5
> #define KVM_FEATURE_PV_EOI 6
> #define KVM_FEATURE_PV_UNHALT 7
> +#define KVM_FEATURE_GET_RNG_SEED 8
>
> /* The last 8 bits are used to indicate how to interpret the flags field
> * in pvclock structure. If no bits are set, all flags are ignored.
> @@ -40,6 +41,7 @@
> #define MSR_KVM_ASYNC_PF_EN 0x4b564d02
> #define MSR_KVM_STEAL_TIME 0x4b564d03
> #define MSR_KVM_PV_EOI_EN 0x4b564d04
> +#define MSR_KVM_GET_RNG_SEED 0x4b564d05
>
> struct kvm_steal_time {
> __u64 steal;
> diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
> index 38a0afe..40d6763 100644
> --- a/arch/x86/kvm/cpuid.c
> +++ b/arch/x86/kvm/cpuid.c
> @@ -479,7 +479,8 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
> (1 << KVM_FEATURE_ASYNC_PF) |
> (1 << KVM_FEATURE_PV_EOI) |
> (1 << KVM_FEATURE_CLOCKSOURCE_STABLE_BIT) |
> - (1 << KVM_FEATURE_PV_UNHALT);
> + (1 << KVM_FEATURE_PV_UNHALT) |
> + (1 << KVM_FEATURE_GET_RNG_SEED);
>
> if (sched_info_on())
> entry->eax |= (1 << KVM_FEATURE_STEAL_TIME);
> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> index f644933..4e81853 100644
> --- a/arch/x86/kvm/x86.c
> +++ b/arch/x86/kvm/x86.c
> @@ -48,6 +48,7 @@
> #include <linux/pci.h>
> #include <linux/timekeeper_internal.h>
> #include <linux/pvclock_gtod.h>
> +#include <linux/random.h>
> #include <trace/events/kvm.h>
>
> #define CREATE_TRACE_POINTS
> @@ -2480,6 +2481,9 @@ int kvm_get_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata)
> case MSR_KVM_PV_EOI_EN:
> data = vcpu->arch.pv_eoi.msr_val;
> break;
> + case MSR_KVM_GET_RNG_SEED:
> + get_random_bytes(&data, sizeof(data));
> + break;
> case MSR_IA32_P5_MC_ADDR:
> case MSR_IA32_P5_MC_TYPE:
> case MSR_IA32_MCG_CAP:
>
Acked-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
