| Message ID | 20230413165757.1728800-2-andre.przywara@arm.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Fix virtio/rng handling in low entropy situations | expand |
On Thu, Apr 13, 2023 at 05:57:56PM +0100, Andre Przywara wrote: > At the moment we use /dev/random as the backing device to provide random > numbers to our virtio-rng implementation. The downside of doing so is > that it may block indefinitely - or return EAGAIN repeatedly in our case. > On one headless systbem without ample noise sources (no keyboard, mouse, system > or network traffic) I measured 30 seconds to gain one byte of randomness. > At the moment EDK II insists in waiting for all of the requsted random > bytes (for its EFI_RNG_PROTOCOL runtime service) to arrive, that held up > a Linux kernel boot for more than 10 minutes(!). > > According to the Internet(TM), on Linux /dev/urandom provides the same > quality random numbers as /dev/random, it just does not block when the > entropy estimation algorithm suggests so. For all practical purposes the > recommendation is to just use /dev/urandom, QEMU did the switch as well > in 2019 [1]. > > Use /dev/urandom instead of /dev/random when opening the file descriptor > providing the randomness source for the virtio/rng implementation. > > [1] https://gitlab.com/qemu-project/qemu/-/commit/a2230bd778d8 > > Signed-off-by: Andre Przywara <andre.przywara@arm.com> Reviewed-by: Jean-Philippe Brucker <jean-philippe@linaro.org> > --- > virtio/rng.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/virtio/rng.c b/virtio/rng.c > index 8f85d5ec1..eab8f3ac0 100644 > --- a/virtio/rng.c > +++ b/virtio/rng.c > @@ -166,7 +166,7 @@ int virtio_rng__init(struct kvm *kvm) > if (rdev == NULL) > return -ENOMEM; > > - rdev->fd = open("/dev/random", O_RDONLY | O_NONBLOCK); > + rdev->fd = open("/dev/urandom", O_RDONLY | O_NONBLOCK); > if (rdev->fd < 0) { > r = rdev->fd; > goto cleanup; > -- > 2.25.1 >
diff --git a/virtio/rng.c b/virtio/rng.c index 8f85d5ec1..eab8f3ac0 100644 --- a/virtio/rng.c +++ b/virtio/rng.c @@ -166,7 +166,7 @@ int virtio_rng__init(struct kvm *kvm) if (rdev == NULL) return -ENOMEM; - rdev->fd = open("/dev/random", O_RDONLY | O_NONBLOCK); + rdev->fd = open("/dev/urandom", O_RDONLY | O_NONBLOCK); if (rdev->fd < 0) { r = rdev->fd; goto cleanup;
At the moment we use /dev/random as the backing device to provide random numbers to our virtio-rng implementation. The downside of doing so is that it may block indefinitely - or return EAGAIN repeatedly in our case. On one headless systbem without ample noise sources (no keyboard, mouse, or network traffic) I measured 30 seconds to gain one byte of randomness. At the moment EDK II insists in waiting for all of the requsted random bytes (for its EFI_RNG_PROTOCOL runtime service) to arrive, that held up a Linux kernel boot for more than 10 minutes(!). According to the Internet(TM), on Linux /dev/urandom provides the same quality random numbers as /dev/random, it just does not block when the entropy estimation algorithm suggests so. For all practical purposes the recommendation is to just use /dev/urandom, QEMU did the switch as well in 2019 [1]. Use /dev/urandom instead of /dev/random when opening the file descriptor providing the randomness source for the virtio/rng implementation. [1] https://gitlab.com/qemu-project/qemu/-/commit/a2230bd778d8 Signed-off-by: Andre Przywara <andre.przywara@arm.com> --- virtio/rng.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)