aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRichard Henderson <richard.henderson@linaro.org>2019-03-14 13:02:09 -0700
committerRichard Henderson <richard.henderson@linaro.org>2019-05-22 12:38:54 -0400
commit8d8404f1564496f42b90497e7be635921c000e9d (patch)
tree0b25ec7d6d4454fc5218ac5684acfa70bdd7140e
parentf7b2502cdc2eeb458a4490c1b8f4a83c07d46219 (diff)
util: Add qemu_guest_getrandom and associated routines
This routine is intended to produce high-quality random numbers to the guest. Normally, such numbers are crypto quality from the host, but a command-line option can force the use of a fully deterministic sequence for use while debugging. Reviewed-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-rw-r--r--include/qemu/guest-random.h68
-rw-r--r--util/Makefile.objs1
-rw-r--r--util/guest-random.c93
3 files changed, 162 insertions, 0 deletions
diff --git a/include/qemu/guest-random.h b/include/qemu/guest-random.h
new file mode 100644
index 0000000000..09ff9c2236
--- /dev/null
+++ b/include/qemu/guest-random.h
@@ -0,0 +1,68 @@
+/*
+ * QEMU guest-visible random functions
+ *
+ * Copyright 2019 Linaro, Ltd.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ */
+
+#ifndef QEMU_GUEST_RANDOM_H
+#define QEMU_GUEST_RANDOM_H
+
+/**
+ * qemu_guest_random_seed_main(const char *optarg, Error **errp)
+ * @optarg: a non-NULL pointer to a C string
+ * @errp: an error indicator
+ *
+ * The @optarg value is that which accompanies the -seed argument.
+ * This forces qemu_guest_getrandom into deterministic mode.
+ *
+ * Returns 0 on success, < 0 on failure while setting *errp.
+ */
+int qemu_guest_random_seed_main(const char *optarg, Error **errp);
+
+/**
+ * qemu_guest_random_seed_thread_part1(void)
+ *
+ * If qemu_getrandom is in deterministic mode, returns an
+ * independent seed for the new thread. Otherwise returns 0.
+ */
+uint64_t qemu_guest_random_seed_thread_part1(void);
+
+/**
+ * qemu_guest_random_seed_thread_part2(uint64_t seed)
+ * @seed: a value for the new thread.
+ *
+ * If qemu_guest_getrandom is in deterministic mode, this stores an
+ * independent seed for the new thread. Otherwise a no-op.
+ */
+void qemu_guest_random_seed_thread_part2(uint64_t seed);
+
+/**
+ * qemu_guest_getrandom(void *buf, size_t len, Error **errp)
+ * @buf: a buffer of bytes to be written
+ * @len: the number of bytes in @buf
+ * @errp: an error indicator
+ *
+ * Fills len bytes in buf with random data. This should only be used
+ * for data presented to the guest. Host-side crypto services should
+ * use qcrypto_random_bytes.
+ *
+ * Returns 0 on success, < 0 on failure while setting *errp.
+ */
+int qemu_guest_getrandom(void *buf, size_t len, Error **errp);
+
+/**
+ * qemu_guest_getrandom_nofail(void *buf, size_t len)
+ * @buf: a buffer of bytes to be written
+ * @len: the number of bytes in @buf
+ *
+ * Like qemu_guest_getrandom, but will assert for failure.
+ * Use this when there is no reasonable recovery.
+ */
+void qemu_guest_getrandom_nofail(void *buf, size_t len);
+
+#endif /* QEMU_GUEST_RANDOM_H */
diff --git a/util/Makefile.objs b/util/Makefile.objs
index 9206878dec..c27a923dbe 100644
--- a/util/Makefile.objs
+++ b/util/Makefile.objs
@@ -54,5 +54,6 @@ util-obj-y += iova-tree.o
util-obj-$(CONFIG_INOTIFY1) += filemonitor-inotify.o
util-obj-$(CONFIG_LINUX) += vfio-helpers.o
util-obj-$(CONFIG_OPENGL) += drm.o
+util-obj-y += guest-random.o
stub-obj-y += filemonitor-stub.o
diff --git a/util/guest-random.c b/util/guest-random.c
new file mode 100644
index 0000000000..e8124a3cad
--- /dev/null
+++ b/util/guest-random.c
@@ -0,0 +1,93 @@
+/*
+ * QEMU guest-visible random functions
+ *
+ * Copyright 2019 Linaro, Ltd.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "qemu/cutils.h"
+#include "qapi/error.h"
+#include "qemu/guest-random.h"
+#include "crypto/random.h"
+
+
+static __thread GRand *thread_rand;
+static bool deterministic;
+
+
+static int glib_random_bytes(void *buf, size_t len)
+{
+ GRand *rand = thread_rand;
+ size_t i;
+ uint32_t x;
+
+ if (unlikely(rand == NULL)) {
+ /* Thread not initialized for a cpu, or main w/o -seed. */
+ thread_rand = rand = g_rand_new();
+ }
+
+ for (i = 0; i + 4 <= len; i += 4) {
+ x = g_rand_int(rand);
+ __builtin_memcpy(buf + i, &x, 4);
+ }
+ if (i < len) {
+ x = g_rand_int(rand);
+ __builtin_memcpy(buf + i, &x, i - len);
+ }
+ return 0;
+}
+
+int qemu_guest_getrandom(void *buf, size_t len, Error **errp)
+{
+ if (unlikely(deterministic)) {
+ /* Deterministic implementation using Glib's Mersenne Twister. */
+ return glib_random_bytes(buf, len);
+ } else {
+ /* Non-deterministic implementation using crypto routines. */
+ return qcrypto_random_bytes(buf, len, errp);
+ }
+}
+
+void qemu_guest_getrandom_nofail(void *buf, size_t len)
+{
+ qemu_guest_getrandom(buf, len, &error_fatal);
+}
+
+uint64_t qemu_guest_random_seed_thread_part1(void)
+{
+ if (deterministic) {
+ uint64_t ret;
+ glib_random_bytes(&ret, sizeof(ret));
+ return ret;
+ }
+ return 0;
+}
+
+void qemu_guest_random_seed_thread_part2(uint64_t seed)
+{
+ g_assert(thread_rand == NULL);
+ if (deterministic) {
+ thread_rand =
+ g_rand_new_with_seed_array((const guint32 *)&seed,
+ sizeof(seed) / sizeof(guint32));
+ }
+}
+
+int qemu_guest_random_seed_main(const char *optarg, Error **errp)
+{
+ unsigned long long seed;
+ if (parse_uint_full(optarg, &seed, 0)) {
+ error_setg(errp, "Invalid seed number: %s", optarg);
+ return -1;
+ } else {
+ deterministic = true;
+ qemu_guest_random_seed_thread_part2(seed);
+ return 0;
+ }
+}