[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [Bug 1811758] Re: virtio-rng backend should use getentropy(
[Qemu-devel] [Bug 1811758] Re: virtio-rng backend should use getentropy() syscall when available
Tue, 15 Jan 2019 06:49:50 -0000
To be clear, the problem with using /dev/urandom as a backend is that
it's possible to feed data from an uninitialized pool into the guest.
and the problem with using /dev/random as a backend is that it's
possible for a guest to starve the other host (and other guests) of
entropy, since it pulls from the blocking pool.
getrandom() only blocks when the CSPRNG is not initialized, otherwise it
never blocks. this is the right behavior by default.
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
virtio-rng backend should use getentropy() syscall when available
Status in QEMU:
According to https://wiki.qemu.org/Features/VirtIORNG the default
backend for `virtio-rng-pci` is `/dev/random`. Alternately, the user
can point it to a different backend file, like `/dev/urandom`.
However, both of these files have suboptimal behavior in one way or
another, as documented in `random(7)`. Instead, the default behavior
should be to pull the requested octets from the `getrandom()` system
call, if available, called with no flags set.
To manage notifications about this bug go to: