On Wed, 24 May 2023 12:22:05 +0100, Andre Przywara wrote:
> At the moment kvmtool uses the /dev/random device to back the randomness
> provided by our virtio/rng implementation. We run it in non-blocking
> mode, so are not affected by the nasty "can block indefinitely"
> behaviour of that file. However:
> - If /dev/random WOULD block, it returns EAGAIN, and we reflect that by
> adding 0 bytes of entropy to the virtio queue. However the virtio 1.x
> spec clearly says this is not allowed, and that we should always provide
> at least one random byte.
> - If the guest is waiting for the random numbers, we still run into an
> effective blocking situation, because the buffer will only be filled
> very slowly, effectively stalling or blocking the guest. EDK II shows
> that behaviour, when servicing the EFI_RNG_PROTOCOL runtime service
> call, called by the kernel very early on boot.
>
> [...]
Applied to kvmtool (master), thanks!
[1/2] virtio/rng: switch to using /dev/urandom
https://git.kernel.org/will/kvmtool/c/62ba372b0e67
[2/2] virtio/rng: return at least one byte of entropy
https://git.kernel.org/will/kvmtool/c/bc23b9d9b152
Cheers,
--
Will
https://fixes.arm64.dev
https://next.arm64.dev
https://will.arm64.dev
