- 
                Notifications
    You must be signed in to change notification settings 
- Fork 63
Implement VirtIO RNG device #70
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
| Can you upload the newly built rootfs.cpio here for quick testing? Thanks! | 
| 
 You could try this: rootfs.cpio.zip | 
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Improve the descriptions in git commit messages by quoting the man page for entropy. Also, always use Close #68 instead of Closed #68 to emphasize the intention.
| I try on machine x86-64, compiled with gcc 12.3.0. Procedure: 
 Result: Nothing is output (blocked), is it normal? I think the  | 
| 
 It should not be blocked, could you check the following commands?  | 
b5c6511    to
    c2f267d      
    Compare
  
            
          
                virtio-rng.c
              
                Outdated
          
        
      |  | ||
| void virtio_rng_init(void) | ||
| { | ||
| rng_fd = open("/dev/urandom", O_RDONLY); | 
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/dev/random is probably going to be sufficient. What are the considerations to use /dev/urandom?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I used /dev/urandom because it does not block. However, this concern may not arise on the host, and adopting /dev/random is indeed more secure.
This commit introduces the VirtIO entropy device (also know as virtio-rng in QEMU and the Linux kernel) to resolve the blocking issue of arc4random_buf() [1] caused by insufficient entropy of /dev/random. According to the man page (`man 7 random`): The kernel random-number generator relies on entropy gathered from device drivers and other sources of environmental noise to seed a cryptographically secure pseudorandom number generator (CSPRNG). Interface Pool: /dev/random Pool: Blocking pool Blocking behavior: If entropy too low, blocks until there is enough entropy Behavior when pool is not yet ready: Blocks until enough entropy gathered Quaoted from https://en.wikipedia.org/wiki//dev/random With Linux kernel 3.16 and newer, the kernel itself mixes data from hardware random number generators into /dev/random on a sliding scale based on the definable entropy estimation quality of the HWRNG. This means that no userspace daemon, such as rngd from rng-tools, is needed to do that job. With Linux kernel 3.17+, the VirtIO RNG was modified to have a default quality defined above 0, and as such, is currently the only HWRNG mixed into /dev/random by default. [1] https://elixir.bootlin.com/glibc/glibc-2.36/source/stdlib/arc4random.c Close sysprog21#68.
c2f267d    to
    9b3b4aa      
    Compare
  
    | 
 I get the following output: I noticed that the Linux kernel needs to enable the virtio-rng driver to facilitate communication in this scenario (enabled in the proposed changes of Linux configuration). Could you also upload the virtio-rng enabled Linux kernel image along with the rootfs.cpio? | 
| 
 Here you go: Image.zip | 
| Using newly built Linux kernel, the  | 
| BTW, I used the newly built rootfs.cpio within rv32emu which does not implement the VirtIO RNG device and it does not block the  | 
| /* Write entropy buffer */ | ||
| void *entropy_buf = | ||
| (void *) ((uintptr_t) vrng->ram + (uintptr_t) vq_desc.addr); | ||
| ssize_t total = read(rng_fd, entropy_buf, vq_desc.len); | 
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
read could fail. Please handle the return value.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
According to man 4 random:
When the entropy pool is empty, reads from /dev/random will block until additional environmental noise is gathered.
Calling read() function on /dev/random can only return -1 (i.e., failed) if O_NONBLOCK flag is set when opening the device. Specifically:
If open(2) is called for /dev/random with the O_NONBLOCK flag, a subsequent read(2) will not block if the requested number of bytes is not available. Instead, the available bytes are returned. If no byte is available, read(2) will return -1 and errno will be set to EAGAIN.
| 
 Entropy collection can be influenced by the speed of the hardware or the emulated environment. | 
| Thank @shengwen-tw for contributing! | 
Overview
This commit introduces the VirtIO entropy device (also know as virtio-rng in QEMU and the Linux kernel) to resolve the blocking issue of
arc4random_buf()[1] caused by insufficient entropy of/dev/random.According to the man page (
man 7 random):Quaoted from https://en.wikipedia.org/wiki//dev/random
[1] https://elixir.bootlin.com/glibc/glibc-2.36/source/stdlib/arc4random.c
Close #68.
Prerequisites
CONFIG_ODin BusyBox$ cd buildroot/output/build/busybox-1.36.1/ $ make menuconfigrootfs.cpio$ cd semu $ cp -f buildroot/output/images/rootfs.cpio ./Test procedures
semu:cd semu/ make checkvirtio-rngis used/dev/randomwithodcommandWithout
virtio-rng, theodcommand will just hang due to the aforementioned issue.