From patchwork Wed Mar 13 06:26:23 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Richard Henderson <richard.henderson@linaro.org>
X-Patchwork-Id: 160199
Delivered-To: patch@linaro.org
Received: by 2002:a02:5cc1:0:0:0:0:0 with SMTP id w62csp13952538jad;
 Tue, 12 Mar 2019 23:29:03 -0700 (PDT)
X-Google-Smtp-Source: APXvYqywRg0MUTQSD3xn0MB+9GQpxQlkUycVP7ZLKr0QciFdLtP4cDNoXPBQ9SRutuGdyHrDUhFd
X-Received: by 2002:a0d:d144:: with SMTP id t65mr33031730ywd.78.1552458543608; 
 Tue, 12 Mar 2019 23:29:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1552458543; cv=none;
 d=google.com; s=arc-20160816;
 b=G2Acwefed/CNAxUk7hmF88/71hMDPhQa4UCP9N4BIQ1lk5uKTRtYfczUJ9Puy8WFuU
 JY++DHiaHMw+bzFV1XqmQGtz1rLwdqVjrWJRcTuV1Km4AwQpmJ0G7qGZtwYfxj0rfd/K
 B1jeaUNnbLN7hDICt+WqUV94KRY9je1tvVNReXPsY6CJggSfQCZWutnCZkytOPj94Io3
 xoG2ZX7XFQkzlohzdip6HUJ6nDWryqjHoQaRdZAeMx5imYJ7qvCGEJ9PApOFgO5yCMhV
 AHdDKeUYvebvb8dJUn/4/1LiqAIKBl8LOodiECIGbntoOS/byls4CabxmpKYyNC8fYdF
 H0nQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:subject:message-id:date:to:from
 :dkim-signature;
 bh=TbQQ4q04pTisiaGVoMqs8biG89vK/cT5Ps3Pw/Qc3OI=;
 b=PsZfJDd8akqEq5XqwtHn37YEEPiPplffZxuvINfrAb3xagvKABxMX9Hnvg7qH3udNv
 g4/KMPJYJ2XKXLe1TG/QxJPGDW9kyx+UaWZtzgpeP38/XUW1VOIeEvPGO3gbatcGNUdp
 hkWab6BYXO3H7Vkkh4XH5TbyhnGtYTPi0WmbTR86P15hhbz6mtu0hB+QQMMhMg1bKcHe
 wjN0PsEgUqoAXcZ17Jr4YL86rs+Wn7gyrIJHE1xvUG5nXZuvC0jHJ3DqtsFUnwd6Y4Sn
 XIOh3n1qWksSKCebuw1e/qlOBFBApfFsLBTdyCNoju7/2O7ZQbmBRRBl4HewDeCWkOuK
 WflQ==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=fail header.i=@linaro.org header.s=google header.b=wo3yeZzL;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 209.51.188.17 as permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17])
 by mx.google.com with ESMTPS id
 k64si6220592ybk.28.2019.03.12.23.29.03 for <patch@linaro.org>
 (version=TLS1 cipher=AES128-SHA bits=128/128);
 Tue, 12 Mar 2019 23:29:03 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 209.51.188.17 as permitted sender) client-ip=209.51.188.17; 
Authentication-Results: mx.google.com;
 dkim=fail header.i=@linaro.org header.s=google header.b=wo3yeZzL;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 209.51.188.17 as permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from localhost ([127.0.0.1]:39178 helo=lists.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <qemu-devel-bounces+patch=linaro.org@nongnu.org>)
 id 1h3xNv-0001w9-3z
 for patch@linaro.org; Wed, 13 Mar 2019 02:29:03 -0400
Received: from eggs.gnu.org ([209.51.188.92]:53919)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <richard.henderson@linaro.org>) id 1h3xLi-0000fk-4e
 for qemu-devel@nongnu.org; Wed, 13 Mar 2019 02:26:47 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <richard.henderson@linaro.org>) id 1h3xLg-00021D-VN
 for qemu-devel@nongnu.org; Wed, 13 Mar 2019 02:26:46 -0400
Received: from mail-pg1-x542.google.com ([2607:f8b0:4864:20::542]:40898)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <richard.henderson@linaro.org>)
 id 1h3xLd-0001yl-R0
 for qemu-devel@nongnu.org; Wed, 13 Mar 2019 02:26:44 -0400
Received: by mail-pg1-x542.google.com with SMTP id u9so788302pgo.7
 for <qemu-devel@nongnu.org>; Tue, 12 Mar 2019 23:26:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id;
 bh=TbQQ4q04pTisiaGVoMqs8biG89vK/cT5Ps3Pw/Qc3OI=;
 b=wo3yeZzLjfYn5W9k5s1JnoY2M7eveYis0HXMZsNXro6b9Ub+mu0Ah4ifoU20EKqF80
 phSKmRW+DPKzGYlfvJ0dTnGKU/bcILkekCT2xTL0LvlmVOVLwEllViOF0VhZD1S5fbKA
 MNSn1APxdyP/NzQ+9nSn+Z3Rn+RXU4rPwBV0MrBgXtjO9t/zjbXCkY5xjlnqT0vOjQUV
 MGQFIVyWgnBhCgL+PFcBD13UHEVOW+MZFamGA4RbZaFYvMhQMjyYHtvpzztlWqcDbvEn
 Jq94cRfAB2dl/yuGgmG02ATml+HMs5gJBmnjhON/Pp1knEOtXVRzKUaecxD9kG+y44Zn
 DU7A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id;
 bh=TbQQ4q04pTisiaGVoMqs8biG89vK/cT5Ps3Pw/Qc3OI=;
 b=FsbZG85BNMYQsnj4EkK2czk1AXCMBt7v30MPBP2P94aaXTowKHL8AkzOOm+9V+zApN
 XXcScGeI/zeSy6w3F5VJ3we90OsQt/acBzSx0TzXYw4b76qKWvkbmk7s1Q+0ZQEsazGB
 zFjgowXL7t82oy/SHtkvdwTojY9ATMfm3PicFskv38jb8coSpfMaIN+b5wqIVQ/GTc1f
 TidHBjaJyBMx1GFV5P4Ch18RcziL+6TsbpHJjXiU0qlMDmDHgrqAoGp4SDyUc2ZQa7FL
 77d+E17Q6RypK2QXWa8qBsmTk1riokZ+l+hNbNfGmL7p5HPbjtbHMSD7QbuaPIw7mPHJ
 2vHA==
X-Gm-Message-State: APjAAAWUK2sIPirwyJYslaOc16y7MKkFXDl4hD2EEm1ATICRww4eZJ4t
 hB6r6mtPSiRKDgKwYrcqK/XM2Sd8zog=
X-Received: by 2002:a62:449b:: with SMTP id m27mr42993197pfi.79.1552458392460; 
 Tue, 12 Mar 2019 23:26:32 -0700 (PDT)
Received: from localhost.localdomain (97-113-188-82.tukw.qwest.net.
 [97.113.188.82]) by smtp.gmail.com with ESMTPSA id
 m64sm25593889pfi.149.2019.03.12.23.26.31
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Tue, 12 Mar 2019 23:26:31 -0700 (PDT)
From: Richard Henderson <richard.henderson@linaro.org>
To: qemu-devel@nongnu.org
Date: Tue, 12 Mar 2019 23:26:23 -0700
Message-Id: <20190313062630.30568-1-richard.henderson@linaro.org>
X-Mailer: git-send-email 2.17.1
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
 recognized.
X-Received-From: 2607:f8b0:4864:20::542
Subject: [Qemu-devel] [PATCH for-4.1 0/7] Add qemu_getrandom and ARMv8.5-RNG
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: peter.maydell@linaro.org, david@redhat.com, laurent@vivier.eu,
 armbru@redhat.com, kraxel@redhat.com, pbonzini@redhat.com,
 david@gibson.dropbear.id.au
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+patch=linaro.org@nongnu.org>

While the comment for AT_RANDOM is still apropos, "not cryptically
secure but it's not the aim of QEMU", I think we can still do better
than N calls to rand(3).

The first patch sets up an interface that allows deterministic random
numbers across different threads, using jrand48.  This function is:
(1) in POSIX, so is easy to assume,
(2) produces full 32-bit random numbers, as opposed to RAND_MAX,
    making it easier to fill N bytes,
(3) has a much larger periodicity,
(4) is thread-safe (with restricted usage).

The second patch allows the use of getrandom(2), if available.
But if the -seed command-line option is used, we continue to
use the deterministic algorithm.

I leave the task of adding support for Windows BCryptGenRandom,
and BSD getentropy, to someone else.  I didn't think it was worth it
to do anything with /dev/urandom, in case getrandom isn't present.

I replaced the existing major users of rand(3).  There are a few left,
mostly within hw/.  I'm really not sure whether it's worth changing
those, or what to do about them.

This could quickly be used to implement Power9's helper_darn{32,64},
or for implementing RDRAND for x86_64.  I'm less sure about S390's
PRNO instruction; that seems to expose a lot of the DRNG at an
architectural level.


r~


Richard Henderson (7):
  util: Add qemu_getrandom and support functions
  util: Use getrandom for qemu_getrandom if available
  linux-user: Use qemu_getrandom for AT_RANDOM
  linux-user/aarch64: Use qemu_getrandom for arm_init_pauth_key
  linux-user: Remove srand call
  ui/vnc: Use qemu_getrandom for make_challenge
  target/arm: Implement ARMv8.5-RNG

 include/qemu/random.h         |  58 ++++++++++++++
 include/qom/cpu.h             |   1 +
 target/arm/cpu.h              |   5 ++
 cpus.c                        |   9 +++
 linux-user/aarch64/cpu_loop.c |  16 +---
 linux-user/elfload.c          |   8 +-
 linux-user/main.c             |  11 +--
 linux-user/syscall.c          |   3 +
 target/arm/cpu64.c            |   1 +
 target/arm/helper.c           |  32 ++++++++
 ui/vnc.c                      |   8 +-
 util/random.c                 | 140 ++++++++++++++++++++++++++++++++++
 vl.c                          |   4 +
 configure                     |  18 ++++-
 qemu-options.hx               |  10 +++
 util/Makefile.objs            |   1 +
 16 files changed, 290 insertions(+), 35 deletions(-)
 create mode 100644 include/qemu/random.h
 create mode 100644 util/random.c

-- 
2.17.1