| Message ID | 20190503154613.4192-2-kchamart@redhat.com |
|---|---|
| State | New |
| Headers | show |
| Series | VirtIO-RNG: Update default entropy source to `/dev/urandom` | expand |
On Fri, May 03, 2019 at 05:46:13PM +0200, Kashyap Chamarthy wrote: > When QEMU exposes a VirtIO-RNG device to the guest, that device needs a > source of entropy, and that source needs to be "non-blocking", like > `/dev/urandom`. However, currently QEMU defaults to the problematic > `/dev/random`, which is "blocking" (as in, it waits until sufficient > entropy is available). > > So change the entropy source to the recommended `/dev/urandom`. > > Related discussion in these[1][2] past threads. > > [1] https://lists.nongnu.org/archive/html/qemu-devel/2018-06/msg08335.html > -- "RNG: Any reason QEMU doesn't default to `/dev/urandom`?" > [2] https://lists.nongnu.org/archive/html/qemu-devel/2018-09/msg02724.html > -- "[RFC] Virtio RNG: Consider changing the default entropy source to > /dev/urandom" > > Signed-off-by: Kashyap Chamarthy <kchamart@redhat.com> > --- > backends/rng-random.c | 2 +- > qemu-options.hx | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Regards, Daniel
On Fri, May 03, 2019 at 05:46:13PM +0200, Kashyap Chamarthy wrote: > When QEMU exposes a VirtIO-RNG device to the guest, that device needs a > source of entropy, and that source needs to be "non-blocking", like > `/dev/urandom`. However, currently QEMU defaults to the problematic > `/dev/random`, which is "blocking" (as in, it waits until sufficient > entropy is available). > > So change the entropy source to the recommended `/dev/urandom`. > > Related discussion in these[1][2] past threads. > > [1] https://lists.nongnu.org/archive/html/qemu-devel/2018-06/msg08335.html > -- "RNG: Any reason QEMU doesn't default to `/dev/urandom`?" > [2] https://lists.nongnu.org/archive/html/qemu-devel/2018-09/msg02724.html > -- "[RFC] Virtio RNG: Consider changing the default entropy source to > /dev/urandom" > > Signed-off-by: Kashyap Chamarthy <kchamart@redhat.com> > --- > backends/rng-random.c | 2 +- > qemu-options.hx | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) > > diff --git a/backends/rng-random.c b/backends/rng-random.c > index e2a49b0571..eff36ef140 100644 > --- a/backends/rng-random.c > +++ b/backends/rng-random.c > @@ -112,7 +112,7 @@ static void rng_random_init(Object *obj) > rng_random_set_filename, > NULL); > > - s->filename = g_strdup("/dev/random"); > + s->filename = g_strdup("/dev/urandom"); > s->fd = -1; > } > > diff --git a/qemu-options.hx b/qemu-options.hx > index 51802cbb26..a525609149 100644 > --- a/qemu-options.hx > +++ b/qemu-options.hx > @@ -4276,7 +4276,7 @@ Creates a random number generator backend which obtains entropy from > a device on the host. The @option{id} parameter is a unique ID that > will be used to reference this entropy backend from the @option{virtio-rng} > device. The @option{filename} parameter specifies which file to obtain > -entropy from and if omitted defaults to @option{/dev/random}. > +entropy from and if omitted defaults to @option{/dev/urandom}. > > @item -object rng-egd,id=@var{id},chardev=@var{chardevid} I think this is a very sensible change, removing a bit of superstition about randomness. Reviewed-by: Richard W.M. Jones <rjones@redhat.com> Rich.
On Fri, May 03, 2019 at 04:49:05PM +0100, Daniel P. Berrangé wrote: > On Fri, May 03, 2019 at 05:46:13PM +0200, Kashyap Chamarthy wrote: > > When QEMU exposes a VirtIO-RNG device to the guest, that device needs a > > source of entropy, and that source needs to be "non-blocking", like > > `/dev/urandom`. However, currently QEMU defaults to the problematic > > `/dev/random`, which is "blocking" (as in, it waits until sufficient > > entropy is available). > > > > So change the entropy source to the recommended `/dev/urandom`. > > > > Related discussion in these[1][2] past threads. > > > > [1] https://lists.nongnu.org/archive/html/qemu-devel/2018-06/msg08335.html > > -- "RNG: Any reason QEMU doesn't default to `/dev/urandom`?" > > [2] https://lists.nongnu.org/archive/html/qemu-devel/2018-09/msg02724.html > > -- "[RFC] Virtio RNG: Consider changing the default entropy source to > > /dev/urandom" > > > > Signed-off-by: Kashyap Chamarthy <kchamart@redhat.com> > > --- > > backends/rng-random.c | 2 +- > > qemu-options.hx | 2 +- > > 2 files changed, 2 insertions(+), 2 deletions(-) > > Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> I'm wondering if this needs to be mentioned on a Release Notes wiki somewhere -- because we're changing the default.
On Fri, May 03, 2019 at 10:47:57PM +0200, Kashyap Chamarthy wrote: > On Fri, May 03, 2019 at 04:49:05PM +0100, Daniel P. Berrangé wrote: > > On Fri, May 03, 2019 at 05:46:13PM +0200, Kashyap Chamarthy wrote: > > > When QEMU exposes a VirtIO-RNG device to the guest, that device needs a > > > source of entropy, and that source needs to be "non-blocking", like > > > `/dev/urandom`. However, currently QEMU defaults to the problematic > > > `/dev/random`, which is "blocking" (as in, it waits until sufficient > > > entropy is available). > > > > > > So change the entropy source to the recommended `/dev/urandom`. > > > > > > Related discussion in these[1][2] past threads. > > > > > > [1] https://lists.nongnu.org/archive/html/qemu-devel/2018-06/msg08335.html > > > -- "RNG: Any reason QEMU doesn't default to `/dev/urandom`?" > > > [2] https://lists.nongnu.org/archive/html/qemu-devel/2018-09/msg02724.html > > > -- "[RFC] Virtio RNG: Consider changing the default entropy source to > > > /dev/urandom" > > > > > > Signed-off-by: Kashyap Chamarthy <kchamart@redhat.com> > > > --- > > > backends/rng-random.c | 2 +- > > > qemu-options.hx | 2 +- > > > 2 files changed, 2 insertions(+), 2 deletions(-) > > > > Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> > > I'm wondering if this needs to be mentioned on a Release Notes wiki > somewhere -- because we're changing the default. Release notes need to get updated when pull requests merge to mention any user relevant changes. Regards, Daniel
diff --git a/backends/rng-random.c b/backends/rng-random.c index e2a49b0571..eff36ef140 100644 --- a/backends/rng-random.c +++ b/backends/rng-random.c @@ -112,7 +112,7 @@ static void rng_random_init(Object *obj) rng_random_set_filename, NULL); - s->filename = g_strdup("/dev/random"); + s->filename = g_strdup("/dev/urandom"); s->fd = -1; } diff --git a/qemu-options.hx b/qemu-options.hx index 51802cbb26..a525609149 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -4276,7 +4276,7 @@ Creates a random number generator backend which obtains entropy from a device on the host. The @option{id} parameter is a unique ID that will be used to reference this entropy backend from the @option{virtio-rng} device. The @option{filename} parameter specifies which file to obtain -entropy from and if omitted defaults to @option{/dev/random}. +entropy from and if omitted defaults to @option{/dev/urandom}. @item -object rng-egd,id=@var{id},chardev=@var{chardevid}
When QEMU exposes a VirtIO-RNG device to the guest, that device needs a source of entropy, and that source needs to be "non-blocking", like `/dev/urandom`. However, currently QEMU defaults to the problematic `/dev/random`, which is "blocking" (as in, it waits until sufficient entropy is available). So change the entropy source to the recommended `/dev/urandom`. Related discussion in these[1][2] past threads. [1] https://lists.nongnu.org/archive/html/qemu-devel/2018-06/msg08335.html -- "RNG: Any reason QEMU doesn't default to `/dev/urandom`?" [2] https://lists.nongnu.org/archive/html/qemu-devel/2018-09/msg02724.html -- "[RFC] Virtio RNG: Consider changing the default entropy source to /dev/urandom" Signed-off-by: Kashyap Chamarthy <kchamart@redhat.com> --- backends/rng-random.c | 2 +- qemu-options.hx | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)