From patchwork Wed Mar 13 06:26:25 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Henderson X-Patchwork-Id: 160198 Delivered-To: patch@linaro.org Received: by 2002:a02:5cc1:0:0:0:0:0 with SMTP id w62csp13951158jad; Tue, 12 Mar 2019 23:27:05 -0700 (PDT) X-Google-Smtp-Source: APXvYqxE+HxZGqfVa2mYJaMfPuxj8aJr4soSMS6Hwwty5FQeiKIUSNeWt66J/UN377wvI5bq5681 X-Received: by 2002:a81:3657:: with SMTP id d84mr32877836ywa.53.1552458425103; Tue, 12 Mar 2019 23:27:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1552458425; cv=none; d=google.com; s=arc-20160816; b=sjSGVnFSzuQXYTgHijdCOiG0VKkbIDgcwPDSYIJfcKXf5jOQCA4gaOBY5gVVe25mVH eDJHnrnfu2f81c+UuGdM/X/GY0RzML7ckdjxw5gIhvVnE9RCm4Ht/N4FxmQpvG8c0T/f reuYp93BVv5NV4Vf3et5QB2aQW+jm6R9nYiXUqcV8n8xgA4lHN1goKgY+PsHlrLhUHxj kydJxY9N0Oag0LKhi+TiMVQjwKa49Guup5rMhtNVwMQkg7OhUV1cepDBs2o3vceoJLYl DA3Gqk8n6AsX9NgyCCu/c7uyYRK/AQ5WxYSbgmGSVUVCYF72hXS7pQviYqi2LTsCsVzm jidw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:references:in-reply-to :message-id:date:to:from:dkim-signature; bh=2Mo+uQeJOvkzulvZHsMg8FatmP4cFOzNXezUkMKmYfY=; b=RHpoAFZtd8mOiQIBz7yDh1sbZRQu6oxlDmvwDw+ZqfdUygF8xC2Bcj5B3o04HCKRwn t31m7FIexX7if8TqYFWU4NTT4/GnwGttXJYAr0KVnB3w+Y4S6mqOxHTwM2/PEsEJdRbh wegRNkYaBIlkVHsEHRdyYrDSiLyKPy/KsgXhcHVQ9LQYdmdl1LxcxboLcoigE0CwvZ1f 7/p6hin8G/EpMkL29mZlfGChmLzqZKKTNHDKIIZNiil2sQX1JtxQqBRxgL6uv6FZoPzb KBuWMT7i7Sx5TTK9KLuHDDOob3MfQxus2WuunjmI/XmoWDJAO96VpCVvrLxf5y3W9YJX URxA== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@linaro.org header.s=google header.b=OSCXIJy6; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id l124si6087042ywb.40.2019.03.12.23.27.04 for (version=TLS1 cipher=AES128-SHA bits=128/128); Tue, 12 Mar 2019 23:27:05 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=fail header.i=@linaro.org header.s=google header.b=OSCXIJy6; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([127.0.0.1]:39164 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h3xM0-0000gc-LY for patch@linaro.org; Wed, 13 Mar 2019 02:27:04 -0400 Received: from eggs.gnu.org ([209.51.188.92]:53883) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h3xLg-0000f0-U4 for qemu-devel@nongnu.org; Wed, 13 Mar 2019 02:26:46 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1h3xLd-00020I-PD for qemu-devel@nongnu.org; Wed, 13 Mar 2019 02:26:44 -0400 Received: from mail-pf1-x443.google.com ([2607:f8b0:4864:20::443]:34005) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1h3xLb-0001zJ-2x for qemu-devel@nongnu.org; Wed, 13 Mar 2019 02:26:39 -0400 Received: by mail-pf1-x443.google.com with SMTP id v64so678760pfb.1 for ; Tue, 12 Mar 2019 23:26:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=2Mo+uQeJOvkzulvZHsMg8FatmP4cFOzNXezUkMKmYfY=; b=OSCXIJy6l0sZwBOpnRart2TJQvO2bTZbcqyYKZjcfbnQA1qFURevryu5JAdIjxNE/7 PCZeUzDKdg7dCCXcsajcanTFN3X6lzv6ZrHFgWDn+b4se8OmwmWYy8+qAl2c9HWvtuHb XvFTsTD/U+c4CJmNO+LdlGBqfDvAFMcS0vYEiwfwKRK1CUtkDJSb7eW941cBlOAeDqYx 3I8KsdSFHF+/sa5s153XgU46pdMGNohAwFVkz4lXQKNOwYlcLb2q/wF/WeieZlOeU0tR UQnL6SjaudAARg1aX+LxvvJn2zB2np/2Mvjt+Rj9pAFAbDsNriMZJkHERQUJ0QlDe8K+ Fsig== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=2Mo+uQeJOvkzulvZHsMg8FatmP4cFOzNXezUkMKmYfY=; b=luvxV+8dd6jQOvTR+WdMlr1OBvA1Px6wSfljSF2XI9NkG/REQwl0HfBSPsmILddICG XEOaqOZgzCkY/6bpVd75evVyCznwH5zF7fr5WKr0vzeo7jidHYTj4OTp6wnOJ4e1m/MU KYkdf4+h0XchCg+xy6Q4+i3N3GyFKzJC1Y9gf9WvSD9kSZsbz+DkpsqBckFhGiM7YKn6 vbXBvmJPBgeNTxz9DNVjZc1eG0V++8DdQ11xJy9uBGjLPxjp9xD1x8gRq3tQCl0EN9E6 QdMvxVxJ07O5v2b3eI2H/5IC5Fjs+L4pkzyXjfij+OrxBV4q/lCgUMzT8pT1P8o533aX R5wQ== X-Gm-Message-State: APjAAAX3o09JuF+1vZrw3ElBZWiLncghZmbemaLMe852FCI3rrHLZGn/ SNT/+csDJNtX4/MTDk/BoT9r7izBqBo= X-Received: by 2002:a17:902:8d89:: with SMTP id v9mr44599962plo.254.1552458395122; Tue, 12 Mar 2019 23:26:35 -0700 (PDT) Received: from localhost.localdomain (97-113-188-82.tukw.qwest.net. [97.113.188.82]) by smtp.gmail.com with ESMTPSA id m64sm25593889pfi.149.2019.03.12.23.26.33 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 12 Mar 2019 23:26:34 -0700 (PDT) From: Richard Henderson To: qemu-devel@nongnu.org Date: Tue, 12 Mar 2019 23:26:25 -0700 Message-Id: <20190313062630.30568-3-richard.henderson@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20190313062630.30568-1-richard.henderson@linaro.org> References: <20190313062630.30568-1-richard.henderson@linaro.org> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2607:f8b0:4864:20::443 Subject: [Qemu-devel] [PATCH for-4.1 2/7] util: Use getrandom for qemu_getrandom if available X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: peter.maydell@linaro.org, david@redhat.com, laurent@vivier.eu, armbru@redhat.com, kraxel@redhat.com, pbonzini@redhat.com, david@gibson.dropbear.id.au Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" We only allow access to the "urandom" side of the interface, and using -seed forces the use of the deterministic algorithm. Signed-off-by: Richard Henderson --- util/random.c | 78 ++++++++++++++++++++++++++++++++++++++++++++++----- configure | 18 +++++++++++- 2 files changed, 88 insertions(+), 8 deletions(-) -- 2.17.1 diff --git a/util/random.c b/util/random.c index ded8725a3b..833169fad5 100644 --- a/util/random.c +++ b/util/random.c @@ -15,6 +15,13 @@ #include "qapi/error.h" #include "qemu/random.h" +#ifdef CONFIG_GETRANDOM +# include +static bool deterministic; +#else +#define deterministic true +#endif + /* * While jrand48 is not technically thread safe, jrand48_r is glibc specific. @@ -25,13 +32,11 @@ static __thread uint16_t xsubi[3]; /* Deterministic implementation using libc functions. */ -bool qemu_getrandom(void *buf, size_t len, bool nonblock) +static bool do_jrand48(void *buf, size_t len, bool nonblock) { size_t i; uint32_t val; - g_assert_cmpuint(len, <=, 256); - for (i = 0; i + 4 <= len; i += 4) { val = jrand48(xsubi); __builtin_memcpy(buf + i, &val, 4); @@ -44,18 +49,63 @@ bool qemu_getrandom(void *buf, size_t len, bool nonblock) return true; } +#ifdef CONFIG_GETRANDOM +static bool do_getrandom(void *buf, size_t len, bool nonblock) +{ + while (len != 0) { + ssize_t ret = getrandom(buf, len, nonblock ? GRND_NONBLOCK : 0); + if (unlikely(ret < 0)) { + switch (errno) { + case EAGAIN: + /* Only returned for GRND_NONBLOCK. */ + return false; + case EINTR: + /* Signal. Just try again. */ + break; + default: + /* EFAULT or EINVAL; either a bug in the user or here. */ + g_assert_not_reached(); + } + } else { + len -= ret; + buf += ret; + } + } + return true; +} +#endif + +bool qemu_getrandom(void *buf, size_t len, bool nonblock) +{ + /* Assert the interface contract is honored. */ + g_assert_cmpuint(len, <=, 256); + + if (!deterministic) { +#ifdef CONFIG_GETRANDOM + return do_getrandom(buf, len, nonblock); +#endif + } + return do_jrand48(buf, len, nonblock); +} + uint64_t qemu_seedrandom_thread_part1(void) { uint64_t ret; - qemu_getrandom(&ret, sizeof(ret), false); + if (deterministic) { + qemu_getrandom(&ret, sizeof(ret), false); + } else { + ret = 0; + } return ret; } void qemu_seedrandom_thread_part2(uint64_t seed) { - xsubi[0] = seed; - xsubi[1] = seed >> 16; - xsubi[2] = seed >> 32; + if (deterministic) { + xsubi[0] = seed; + xsubi[1] = seed >> 16; + xsubi[2] = seed >> 32; + } } void qemu_seedrandom_main(const char *optarg, Error **errp) @@ -64,6 +114,9 @@ void qemu_seedrandom_main(const char *optarg, Error **errp) if (parse_uint_full(optarg, &seed, 0)) { error_setg(errp, "Invalid seed number: %s", optarg); } else { +#ifndef deterministic + deterministic = true; +#endif qemu_seedrandom_thread_part2(seed); } } @@ -72,5 +125,16 @@ static void __attribute__((constructor)) initialize(void) { /* Make sure A and C parameters are initialized. */ srand48(0); + +#ifdef CONFIG_GETRANDOM + /* Make sure support exists within the running kernel. */ + errno = 0; + if (getrandom(NULL, 0, 0) == 0) { + return; + } + g_assert_cmpint(errno, ==, ENOSYS); + deterministic = true; +#endif + qemu_seedrandom_thread_part2(time(NULL) + getpid() * 1500450271ull); } diff --git a/configure b/configure index cab830a4c9..22c7944e38 100755 --- a/configure +++ b/configure @@ -5700,6 +5700,20 @@ if compile_prog "" "" ; then have_utmpx=yes fi +########################################## +# check for getrandom() + +have_getrandom=no +cat > $TMPC << EOF +#include +int main(void) { + return getrandom(0, 0, GRND_NONBLOCK); +} +EOF +if compile_prog "" "" ; then + have_getrandom=yes +fi + ########################################## # checks for sanitizers @@ -7073,7 +7087,9 @@ fi if test "$have_utmpx" = "yes" ; then echo "HAVE_UTMPX=y" >> $config_host_mak fi - +if test "$have_getrandom" = "yes" ; then + echo "CONFIG_GETRANDOM=y" >> $config_host_mak +fi if test "$ivshmem" = "yes" ; then echo "CONFIG_IVSHMEM=y" >> $config_host_mak fi