In contrast to the original v0.9 virtio spec (which was rather vague), the virtio 1.0+ spec demands that a RNG request returns at least one byte: "The device MUST place one or more random bytes into the buffer, but it MAY use less than the entire buffer length." Our current implementation does not prevent returning zero bytes, which upsets an assert in EDK II. Since we open the fd with O_NONBLOCK, a return with not the whole buffer filled seems possible. Take care of that special case, by switching the /dev/urandom file descriptor into blocking mode when a 0-return happens, than wait for one byte to arrive. We then switch back to non-blocking mode, and try to read even more (in case multiple bytes became available at once). This makes sure we return at least one byte of entropy and become spec compliant. Signed-off-by: Andre Przywara <andre.przywara@xxxxxxx> Reported-by: Sami Mujawar <sami.mujawar@xxxxxxx> --- virtio/rng.c | 31 +++++++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/virtio/rng.c b/virtio/rng.c index eab8f3ac0..0a0b31a16 100644 --- a/virtio/rng.c +++ b/virtio/rng.c @@ -66,8 +66,35 @@ static bool virtio_rng_do_io_request(struct kvm *kvm, struct rng_dev *rdev, stru head = virt_queue__get_iov(queue, iov, &out, &in, kvm); len = readv(rdev->fd, iov, in); - if (len < 0 && errno == EAGAIN) - len = 0; + if (len < 0 && errno == EAGAIN) { + /* + * The virtio 1.0 spec demands at least one byte of entropy. + * Switch the /dev/urandom file descriptor to blocking mode, + * then wait for one byte to arrive. Switch it back to + * non-blocking mode, and try to read even more, if available. + */ + int flags = fcntl(rdev->fd, F_GETFL); + + if (flags < 0) + return false; + + fcntl(rdev->fd, F_SETFL, flags & ~O_NONBLOCK); + len = read(rdev->fd, iov[0].iov_base, 1); + if (len < 1) + return false; + fcntl(rdev->fd, F_SETFL, flags); + iov[0].iov_base++; + iov[0].iov_len--; + len = readv(rdev->fd, iov, in); + if (len < 0) { + if (errno == EAGAIN) /* no more bytes yet */ + len = 1; + else + return false; /* some error */ + } else { + len++; /* the one byte already read */ + } + } virt_queue__set_used_elem(queue, head, len); -- 2.25.1