From patchwork Fri Mar 15 03:26:15 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Richard Henderson X-Patchwork-Id: 160377 Delivered-To: patch@linaro.org Received: by 2002:a02:5cc1:0:0:0:0:0 with SMTP id w62csp16269589jad; Thu, 14 Mar 2019 20:44:02 -0700 (PDT) X-Google-Smtp-Source: APXvYqzG+uyX4YF3kKqirAyBekF4Dd3f5gERMDaSZTtnaw1TeNrc9y3q/O0XGvSahefA4qkRn1Bz X-Received: by 2002:adf:e28d:: with SMTP id v13mr731169wri.89.1552621442667; Thu, 14 Mar 2019 20:44:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1552621442; cv=none; d=google.com; s=arc-20160816; b=WQIT9n2EJKW7GpWylbJZ9fa2pLMeWfPUwi9yH0TotFcY9LQ0MOwE4I1h1HFa6CmsBe WW1t7ROkrv74puAO02DNC5pHYTSuFDU5Ven53Bf0IkMUkG5zmB8WEQ006pwcXoAcSyJ+ I9Ft0nZqmU2C7Wsi3/Au/rfv0ezqxdxHzsdM5PqxZQSfUvzGwLEdIq03ek26sPyoq9tZ gXCM69k7sLM1UWpjZLcjgg2Cxor0gg5HpI1WR50q7xhxAlcDkl+jL+awQCk3jmNKuLY9 +RF7eYAtuZJPOKIiYjtMlxjF5McKWnQOS0K/ZGaBBLetz1uymtA2o9TmHnPiU0VsjE/B 3WNw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject :content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:to:from:dkim-signature; bh=54uvFeZxLRAWgvSkjEfhPhjH4PTpHgBkNbG1KG9JKxk=; b=OQroVafGV+JQHmf0W3ShC2XTaBzApljlHeKDVvXaOZ28DBId/KLsID02HQj+AQvpsh r8WlztNThKh5da+9CUNOEjKrpI635r8WR43ORPb98FXyDTtAVgs/xLKX5ku6CRE5CIJ0 mEZ29kUREB6uEUPAjnH/kBpwgrK9zJdOnh6h9IQCxQDoliBMvAnxjWzcODzyv/kWU6Tw 1RL20znlZs3PR9ufC/Lsf/e5Rtyrkt3m87QCYZDRl3d2vUy3V8XkjXy6ki9hgME7ct1C Z21cTZYBhqlH6dCQ4/TZUPaxw1jJaehMGgVS/t3rsGgsEF2qS1Y8ZdHCDZWWVMrMo7F9 /L8g== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@linaro.org header.s=google header.b=ex1Th0Uq; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id 1si511420wro.275.2019.03.14.20.44.02 for (version=TLS1 cipher=AES128-SHA bits=128/128); Thu, 14 Mar 2019 20:44:02 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=fail header.i=@linaro.org header.s=google header.b=ex1Th0Uq; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([127.0.0.1]:48811 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h4dlJ-0004Rm-Cp for patch@linaro.org; Thu, 14 Mar 2019 23:44:01 -0400 Received: from eggs.gnu.org ([209.51.188.92]:43873) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h4dcK-0005C3-PT for qemu-devel@nongnu.org; Thu, 14 Mar 2019 23:34:46 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1h4dUb-0002sv-Lx for qemu-devel@nongnu.org; Thu, 14 Mar 2019 23:26:46 -0400 Received: from mail-pf1-x442.google.com ([2607:f8b0:4864:20::442]:39425) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1h4dUb-0002s4-CS for qemu-devel@nongnu.org; Thu, 14 Mar 2019 23:26:45 -0400 Received: by mail-pf1-x442.google.com with SMTP id i20so5283037pfo.6 for ; Thu, 14 Mar 2019 20:26:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=54uvFeZxLRAWgvSkjEfhPhjH4PTpHgBkNbG1KG9JKxk=; b=ex1Th0Uq7/DU8nGFjNS+zUhx52f4p1lKDIaXWYbUqWJcX8Kwxe5u5sQM2rsDXs7D+c WowP5BKzOBNtzRXXU+ogLEBZQCh3a/6y5IqRIq3cNlH7XL4QNJrAzdhAY1ChpmyykOHe iwpNw1lVnPTPmq2VCOPO4qxTPOGqXU3p48UtyS+vKx5Eu6wsCLKpHcJ75LNXfvoDuOH5 pymmwgiwsLkjj9cqmAhXYYwi44O7niQFrsaloMgAu46fzkYeuDYp24GYguAHJkGsmCK8 NTK33mKQrrDOCyb6RjQLpdvDA6h9dPwtgSXqQ2PKit7zpHz51celEk7CIx8G8WZCme9A 1Q2A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=54uvFeZxLRAWgvSkjEfhPhjH4PTpHgBkNbG1KG9JKxk=; b=ak5ZMz9X92YpM1qBzJ3VqjlmW3PXp6gknaUQkn90cnL5I/riqjNrOfsjimk4RFuJk6 /g2+cqvffOSkthK91iIbXunO7u9dO+22LV2/GI9/4XK8XQvFGRf7w2fS2EG6/rN/QaRv rMPc65W50wH7rdXcUtSBoqoIJ06f3hZnBC8+a6TUU7fFLOXzB18SFbAu9BVqkaA6k1zD ki62MOKhrR0d8l1H0jnY3fDOVq0PV2qeqRXFk5Zs8Pik9GLPFcAIMZUi2kRSBvVA3cOg 3eMlI+YKTt8BTnuzvyXOcZfcDeib7X2kfcAhOsrIo30/ymkX1zf5JUy5x7E3Ekl1OBHg 5gxQ== X-Gm-Message-State: APjAAAX8susATHTuZLi/OXze8Vp+aZ08WFeS80yyyewUAAsxC9ASGsX4 5FkRR/thPVITJphfJ/MHSuEmuOBgT0M= X-Received: by 2002:a17:902:d715:: with SMTP id w21mr1805469ply.14.1552620403926; Thu, 14 Mar 2019 20:26:43 -0700 (PDT) Received: from cloudburst.twiddle.net (97-113-188-82.tukw.qwest.net. [97.113.188.82]) by smtp.gmail.com with ESMTPSA id d26sm690816pfn.86.2019.03.14.20.26.42 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 14 Mar 2019 20:26:43 -0700 (PDT) From: Richard Henderson To: qemu-devel@nongnu.org Date: Thu, 14 Mar 2019 20:26:15 -0700 Message-Id: <20190315032629.21234-10-richard.henderson@linaro.org> X-Mailer: git-send-email 2.17.2 In-Reply-To: <20190315032629.21234-1-richard.henderson@linaro.org> References: <20190315032629.21234-1-richard.henderson@linaro.org> MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2607:f8b0:4864:20::442 Subject: [Qemu-devel] [PATCH v3 09/23] util: Add qemu_guest_getrandom and associated routines X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" This routine is intended to produce high-quality random numbers to the guest. Normally, such numbers are crypto quality from the host, but a command-line option can force the use of a fully deterministic sequence for use while debugging. Cc: Daniel P. Berrangé Signed-off-by: Richard Henderson --- include/qemu/guest-random.h | 68 +++++++++++++++++++++++++++ util/guest-random.c | 93 +++++++++++++++++++++++++++++++++++++ util/Makefile.objs | 1 + 3 files changed, 162 insertions(+) create mode 100644 include/qemu/guest-random.h create mode 100644 util/guest-random.c -- 2.17.2 Reviewed-by: Daniel P. Berrangé Reviewed-by: Philippe Mathieu-Daudé diff --git a/include/qemu/guest-random.h b/include/qemu/guest-random.h new file mode 100644 index 0000000000..09ff9c2236 --- /dev/null +++ b/include/qemu/guest-random.h @@ -0,0 +1,68 @@ +/* + * QEMU guest-visible random functions + * + * Copyright 2019 Linaro, Ltd. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + */ + +#ifndef QEMU_GUEST_RANDOM_H +#define QEMU_GUEST_RANDOM_H + +/** + * qemu_guest_random_seed_main(const char *optarg, Error **errp) + * @optarg: a non-NULL pointer to a C string + * @errp: an error indicator + * + * The @optarg value is that which accompanies the -seed argument. + * This forces qemu_guest_getrandom into deterministic mode. + * + * Returns 0 on success, < 0 on failure while setting *errp. + */ +int qemu_guest_random_seed_main(const char *optarg, Error **errp); + +/** + * qemu_guest_random_seed_thread_part1(void) + * + * If qemu_getrandom is in deterministic mode, returns an + * independent seed for the new thread. Otherwise returns 0. + */ +uint64_t qemu_guest_random_seed_thread_part1(void); + +/** + * qemu_guest_random_seed_thread_part2(uint64_t seed) + * @seed: a value for the new thread. + * + * If qemu_guest_getrandom is in deterministic mode, this stores an + * independent seed for the new thread. Otherwise a no-op. + */ +void qemu_guest_random_seed_thread_part2(uint64_t seed); + +/** + * qemu_guest_getrandom(void *buf, size_t len, Error **errp) + * @buf: a buffer of bytes to be written + * @len: the number of bytes in @buf + * @errp: an error indicator + * + * Fills len bytes in buf with random data. This should only be used + * for data presented to the guest. Host-side crypto services should + * use qcrypto_random_bytes. + * + * Returns 0 on success, < 0 on failure while setting *errp. + */ +int qemu_guest_getrandom(void *buf, size_t len, Error **errp); + +/** + * qemu_guest_getrandom_nofail(void *buf, size_t len) + * @buf: a buffer of bytes to be written + * @len: the number of bytes in @buf + * + * Like qemu_guest_getrandom, but will assert for failure. + * Use this when there is no reasonable recovery. + */ +void qemu_guest_getrandom_nofail(void *buf, size_t len); + +#endif /* QEMU_GUEST_RANDOM_H */ diff --git a/util/guest-random.c b/util/guest-random.c new file mode 100644 index 0000000000..e8124a3cad --- /dev/null +++ b/util/guest-random.c @@ -0,0 +1,93 @@ +/* + * QEMU guest-visible random functions + * + * Copyright 2019 Linaro, Ltd. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + */ + +#include "qemu/osdep.h" +#include "qemu-common.h" +#include "qemu/cutils.h" +#include "qapi/error.h" +#include "qemu/guest-random.h" +#include "crypto/random.h" + + +static __thread GRand *thread_rand; +static bool deterministic; + + +static int glib_random_bytes(void *buf, size_t len) +{ + GRand *rand = thread_rand; + size_t i; + uint32_t x; + + if (unlikely(rand == NULL)) { + /* Thread not initialized for a cpu, or main w/o -seed. */ + thread_rand = rand = g_rand_new(); + } + + for (i = 0; i + 4 <= len; i += 4) { + x = g_rand_int(rand); + __builtin_memcpy(buf + i, &x, 4); + } + if (i < len) { + x = g_rand_int(rand); + __builtin_memcpy(buf + i, &x, i - len); + } + return 0; +} + +int qemu_guest_getrandom(void *buf, size_t len, Error **errp) +{ + if (unlikely(deterministic)) { + /* Deterministic implementation using Glib's Mersenne Twister. */ + return glib_random_bytes(buf, len); + } else { + /* Non-deterministic implementation using crypto routines. */ + return qcrypto_random_bytes(buf, len, errp); + } +} + +void qemu_guest_getrandom_nofail(void *buf, size_t len) +{ + qemu_guest_getrandom(buf, len, &error_fatal); +} + +uint64_t qemu_guest_random_seed_thread_part1(void) +{ + if (deterministic) { + uint64_t ret; + glib_random_bytes(&ret, sizeof(ret)); + return ret; + } + return 0; +} + +void qemu_guest_random_seed_thread_part2(uint64_t seed) +{ + g_assert(thread_rand == NULL); + if (deterministic) { + thread_rand = + g_rand_new_with_seed_array((const guint32 *)&seed, + sizeof(seed) / sizeof(guint32)); + } +} + +int qemu_guest_random_seed_main(const char *optarg, Error **errp) +{ + unsigned long long seed; + if (parse_uint_full(optarg, &seed, 0)) { + error_setg(errp, "Invalid seed number: %s", optarg); + return -1; + } else { + deterministic = true; + qemu_guest_random_seed_thread_part2(seed); + return 0; + } +} diff --git a/util/Makefile.objs b/util/Makefile.objs index 835fcd69e2..4d4db653cc 100644 --- a/util/Makefile.objs +++ b/util/Makefile.objs @@ -53,5 +53,6 @@ util-obj-y += iova-tree.o util-obj-$(CONFIG_INOTIFY1) += filemonitor-inotify.o util-obj-$(CONFIG_LINUX) += vfio-helpers.o util-obj-$(CONFIG_OPENGL) += drm.o +util-obj-y += guest-random.o stub-obj-y += filemonitor-stub.o