Il 02/10/2013 16:36, Alexander Graf ha scritto: >> > >> > With Michael's earlier patch in this series, the hwrng is accessible by >> > host userspace via /dev/hwrng, no? > Yes, but there's not token from user space that gets passed into the > kernel to check whether access is ok or not. So while QEMU may not have > permission to open /dev/hwrng it could spawn a guest that opens it, > drains all entropy out of it and thus stall other processes which try to > fetch entropy, no? > > Maybe I haven't fully grasped the interface yet though :). Yes, that's right. I don't think it's a huge problem, but it's another point in favor of just doing the hypercall in userspace. Paolo -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html