aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Maydell <peter.maydell@linaro.org>2019-05-23 12:57:17 +0100
committerPeter Maydell <peter.maydell@linaro.org>2019-05-23 12:57:17 +0100
commitd418238dca7b4e0b124135827ead3076233052b1 (patch)
tree5869c8301e18962d3ddb4e927e152220c21ce33f
parentc4600d5d417ea13e0f1cc047b227a2b5b0e694f5 (diff)
parent369fd5ca66810b2ddb16e23a497eabe59385eceb (diff)
Merge remote-tracking branch 'remotes/rth/tags/pull-rng-20190522' into staging
Introduce qemu_guest_getrandom. Use qemu_guest_getrandom in aspeed, nrf51, bcm2835, exynos4210 rng devices. Use qemu_guest_getrandom in target/ppc darn instruction. Support ARMv8.5-RNG extension. Support x86 RDRAND extension. Acked-by: Daniel P. Berrangé <berrange@redhat.com> Acked-by: Laurent Vivier <laurent@vivier.eu> # gpg: Signature made Wed 22 May 2019 19:36:43 BST # gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F # gpg: issuer "richard.henderson@linaro.org" # gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full] # Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A 05C0 64DF 38E8 AF7E 215F * remotes/rth/tags/pull-rng-20190522: (25 commits) target/i386: Implement CPUID_EXT_RDRAND target/ppc: Use qemu_guest_getrandom for DARN target/ppc: Use gen_io_start/end around DARN target/arm: Implement ARMv8.5-RNG target/arm: Put all PAC keys into a structure hw/misc/exynos4210_rng: Use qemu_guest_getrandom hw/misc/bcm2835_rng: Use qemu_guest_getrandom_nofail hw/misc/nrf51_rng: Use qemu_guest_getrandom_nofail aspeed/scu: Use qemu_guest_getrandom_nofail linux-user: Remove srand call linux-user/aarch64: Use qemu_guest_getrandom for PAUTH keys linux-user: Use qemu_guest_getrandom_nofail for AT_RANDOM linux-user: Call qcrypto_init if not using -seed linux-user: Initialize pseudo-random seeds for all guest cpus cpus: Initialize pseudo-random seeds for all guest cpus util: Add qemu_guest_getrandom and associated routines ui/vnc: Use gcrypto_random_bytes for start_auth_vnc ui/vnc: Split out authentication_failed crypto: Change the qcrypto_random_bytes buffer type to void* crypto: Use getrandom for qcrypto_random_bytes ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-rw-r--r--Makefile4
-rw-r--r--Makefile.objs2
-rw-r--r--Makefile.target4
-rwxr-xr-xconfigure87
-rw-r--r--cpus.c9
-rw-r--r--crypto/Makefile.objs11
-rw-r--r--crypto/random-gcrypt.c2
-rw-r--r--crypto/random-gnutls.c2
-rw-r--r--crypto/random-platform.c104
-rw-r--r--hw/misc/aspeed_scu.c10
-rw-r--r--hw/misc/bcm2835_rng.c34
-rw-r--r--hw/misc/exynos4210_rng.c11
-rw-r--r--hw/misc/nrf51_rng.c4
-rw-r--r--include/crypto/random.h2
-rw-r--r--include/qemu/guest-random.h68
-rw-r--r--include/qom/cpu.h1
-rw-r--r--linux-user/aarch64/cpu_loop.c25
-rw-r--r--linux-user/aarch64/target_syscall.h2
-rw-r--r--linux-user/elfload.c8
-rw-r--r--linux-user/main.c33
-rw-r--r--linux-user/syscall.c34
-rw-r--r--qemu-options.hx10
-rw-r--r--target/arm/cpu.h17
-rw-r--r--target/arm/cpu64.c1
-rw-r--r--target/arm/helper.c64
-rw-r--r--target/arm/pauth_helper.c18
-rw-r--r--target/i386/cpu.c5
-rw-r--r--target/i386/helper.h2
-rw-r--r--target/i386/int_helper.c21
-rw-r--r--target/i386/translate.c62
-rw-r--r--target/ppc/int_helper.c37
-rw-r--r--target/ppc/translate.c21
-rw-r--r--ui/vnc.c53
-rw-r--r--util/Makefile.objs1
-rw-r--r--util/guest-random.c93
-rw-r--r--vl.c4
36 files changed, 610 insertions, 256 deletions
diff --git a/Makefile b/Makefile
index 8598ab9ec4..e02b88bcb1 100644
--- a/Makefile
+++ b/Makefile
@@ -413,7 +413,7 @@ dummy := $(call unnest-vars,, \
block-obj-y \
block-obj-m \
crypto-obj-y \
- crypto-aes-obj-y \
+ crypto-user-obj-y \
qom-obj-y \
io-obj-y \
common-obj-y \
@@ -487,7 +487,7 @@ subdir-slirp: .git-submodule-status
$(call quiet-command,$(MAKE) -C $(SRC_PATH)/slirp BUILD_DIR="$(BUILD_DIR)/slirp" CC="$(CC)" AR="$(AR)" LD="$(LD)" RANLIB="$(RANLIB)" CFLAGS="$(QEMU_CFLAGS) $(CFLAGS)" LDFLAGS="$(LDFLAGS)")
$(SUBDIR_RULES): libqemuutil.a $(common-obj-y) \
- $(qom-obj-y) $(crypto-aes-obj-$(CONFIG_USER_ONLY))
+ $(qom-obj-y) $(crypto-user-obj-$(CONFIG_USER_ONLY))
ROMSUBDIR_RULES=$(patsubst %,romsubdir-%, $(ROMS))
# Only keep -O and -g cflags
diff --git a/Makefile.objs b/Makefile.objs
index 485f962419..d7491413c1 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -25,7 +25,7 @@ block-obj-m = block/
# crypto-obj-y is code used by both qemu system emulation and qemu-img
crypto-obj-y = crypto/
-crypto-aes-obj-y = crypto/
+crypto-user-obj-y = crypto/
#######################################################################
# qom-obj-y is code used by both qemu system emulation and qemu-img
diff --git a/Makefile.target b/Makefile.target
index fdbe7c89f4..4ef4ce5996 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -180,7 +180,7 @@ dummy := $(call unnest-vars,.., \
block-obj-m \
chardev-obj-y \
crypto-obj-y \
- crypto-aes-obj-y \
+ crypto-user-obj-y \
qom-obj-y \
io-obj-y \
common-obj-y \
@@ -189,7 +189,7 @@ all-obj-y += $(common-obj-y)
all-obj-y += $(qom-obj-y)
all-obj-$(CONFIG_SOFTMMU) += $(authz-obj-y)
all-obj-$(CONFIG_SOFTMMU) += $(block-obj-y) $(chardev-obj-y)
-all-obj-$(CONFIG_USER_ONLY) += $(crypto-aes-obj-y)
+all-obj-$(CONFIG_USER_ONLY) += $(crypto-user-obj-y)
all-obj-$(CONFIG_SOFTMMU) += $(crypto-obj-y)
all-obj-$(CONFIG_SOFTMMU) += $(io-obj-y)
diff --git a/configure b/configure
index cef51b2a0b..528b9ff705 100755
--- a/configure
+++ b/configure
@@ -2784,17 +2784,23 @@ fi
# GNUTLS probe
if test "$gnutls" != "no"; then
+ pass="no"
if $pkg_config --exists "gnutls >= 3.1.18"; then
gnutls_cflags=$($pkg_config --cflags gnutls)
gnutls_libs=$($pkg_config --libs gnutls)
- libs_softmmu="$gnutls_libs $libs_softmmu"
- libs_tools="$gnutls_libs $libs_tools"
- QEMU_CFLAGS="$QEMU_CFLAGS $gnutls_cflags"
- gnutls="yes"
- elif test "$gnutls" = "yes"; then
+ # Packaging for the static libraries is not always correct.
+ # At least ubuntu 18.04 ships only shared libraries.
+ write_c_skeleton
+ if compile_prog "" "$gnutls_libs" ; then
+ LIBS="$gnutls_libs $LIBS"
+ QEMU_CFLAGS="$QEMU_CFLAGS $gnutls_cflags"
+ pass="yes"
+ fi
+ fi
+ if test "$pass" = "no" && test "$gnutls" = "yes"; then
feature_not_found "gnutls" "Install gnutls devel >= 3.1.18"
else
- gnutls="no"
+ gnutls="$pass"
fi
fi
@@ -2849,43 +2855,52 @@ has_libgcrypt() {
if test "$nettle" != "no"; then
+ pass="no"
if $pkg_config --exists "nettle >= 2.7.1"; then
nettle_cflags=$($pkg_config --cflags nettle)
nettle_libs=$($pkg_config --libs nettle)
nettle_version=$($pkg_config --modversion nettle)
- libs_softmmu="$nettle_libs $libs_softmmu"
- libs_tools="$nettle_libs $libs_tools"
- QEMU_CFLAGS="$QEMU_CFLAGS $nettle_cflags"
- nettle="yes"
-
- if test -z "$gcrypt"; then
- gcrypt="no"
+ # Link test to make sure the given libraries work (e.g for static).
+ write_c_skeleton
+ if compile_prog "" "$nettle_libs" ; then
+ LIBS="$nettle_libs $LIBS"
+ QEMU_CFLAGS="$QEMU_CFLAGS $nettle_cflags"
+ if test -z "$gcrypt"; then
+ gcrypt="no"
+ fi
+ pass="yes"
fi
+ fi
+ if test "$pass" = "no" && test "$nettle" = "yes"; then
+ feature_not_found "nettle" "Install nettle devel >= 2.7.1"
else
- if test "$nettle" = "yes"; then
- feature_not_found "nettle" "Install nettle devel >= 2.7.1"
- else
- nettle="no"
- fi
+ nettle="$pass"
fi
fi
if test "$gcrypt" != "no"; then
+ pass="no"
if has_libgcrypt; then
gcrypt_cflags=$(libgcrypt-config --cflags)
gcrypt_libs=$(libgcrypt-config --libs)
- # Debian has remove -lgpg-error from libgcrypt-config
+ # Debian has removed -lgpg-error from libgcrypt-config
# as it "spreads unnecessary dependencies" which in
# turn breaks static builds...
if test "$static" = "yes"
then
gcrypt_libs="$gcrypt_libs -lgpg-error"
fi
- libs_softmmu="$gcrypt_libs $libs_softmmu"
- libs_tools="$gcrypt_libs $libs_tools"
- QEMU_CFLAGS="$QEMU_CFLAGS $gcrypt_cflags"
- gcrypt="yes"
+ # Link test to make sure the given libraries work (e.g for static).
+ write_c_skeleton
+ if compile_prog "" "$gcrypt_libs" ; then
+ LIBS="$gcrypt_libs $LIBS"
+ QEMU_CFLAGS="$QEMU_CFLAGS $gcrypt_cflags"
+ pass="yes"
+ fi
+ fi
+ if test "$pass" = "yes"; then
+ gcrypt="yes"
cat > $TMPC << EOF
#include <gcrypt.h>
int main(void) {
@@ -2898,12 +2913,10 @@ EOF
if compile_prog "$gcrypt_cflags" "$gcrypt_libs" ; then
gcrypt_hmac=yes
fi
+ elif test "$gcrypt" = "yes"; then
+ feature_not_found "gcrypt" "Install gcrypt devel >= 1.5.0"
else
- if test "$gcrypt" = "yes"; then
- feature_not_found "gcrypt" "Install gcrypt devel >= 1.5.0"
- else
- gcrypt="no"
- fi
+ gcrypt="no"
fi
fi
@@ -5803,6 +5816,20 @@ if compile_prog "" "" ; then
fi
##########################################
+# check for getrandom()
+
+have_getrandom=no
+cat > $TMPC << EOF
+#include <sys/random.h>
+int main(void) {
+ return getrandom(0, 0, GRND_NONBLOCK);
+}
+EOF
+if compile_prog "" "" ; then
+ have_getrandom=yes
+fi
+
+##########################################
# checks for sanitizers
have_asan=no
@@ -7191,7 +7218,9 @@ fi
if test "$have_utmpx" = "yes" ; then
echo "HAVE_UTMPX=y" >> $config_host_mak
fi
-
+if test "$have_getrandom" = "yes" ; then
+ echo "CONFIG_GETRANDOM=y" >> $config_host_mak
+fi
if test "$ivshmem" = "yes" ; then
echo "CONFIG_IVSHMEM=y" >> $config_host_mak
fi
diff --git a/cpus.c b/cpus.c
index e58e7ab0f6..ffc57119ca 100644
--- a/cpus.c
+++ b/cpus.c
@@ -50,6 +50,7 @@
#include "qemu/option.h"
#include "qemu/bitmap.h"
#include "qemu/seqlock.h"
+#include "qemu/guest-random.h"
#include "tcg.h"
#include "hw/nmi.h"
#include "sysemu/replay.h"
@@ -1276,6 +1277,7 @@ static void *qemu_kvm_cpu_thread_fn(void *arg)
/* signal CPU creation */
cpu->created = true;
qemu_cond_signal(&qemu_cpu_cond);
+ qemu_guest_random_seed_thread_part2(cpu->random_seed);
do {
if (cpu_can_run(cpu)) {
@@ -1319,6 +1321,7 @@ static void *qemu_dummy_cpu_thread_fn(void *arg)
/* signal CPU creation */
cpu->created = true;
qemu_cond_signal(&qemu_cpu_cond);
+ qemu_guest_random_seed_thread_part2(cpu->random_seed);
do {
qemu_mutex_unlock_iothread();
@@ -1478,6 +1481,7 @@ static void *qemu_tcg_rr_cpu_thread_fn(void *arg)
cpu->created = true;
cpu->can_do_io = 1;
qemu_cond_signal(&qemu_cpu_cond);
+ qemu_guest_random_seed_thread_part2(cpu->random_seed);
/* wait for initial kick-off after machine start */
while (first_cpu->stopped) {
@@ -1592,6 +1596,7 @@ static void *qemu_hax_cpu_thread_fn(void *arg)
hax_init_vcpu(cpu);
qemu_cond_signal(&qemu_cpu_cond);
+ qemu_guest_random_seed_thread_part2(cpu->random_seed);
do {
if (cpu_can_run(cpu)) {
@@ -1631,6 +1636,7 @@ static void *qemu_hvf_cpu_thread_fn(void *arg)
/* signal CPU creation */
cpu->created = true;
qemu_cond_signal(&qemu_cpu_cond);
+ qemu_guest_random_seed_thread_part2(cpu->random_seed);
do {
if (cpu_can_run(cpu)) {
@@ -1671,6 +1677,7 @@ static void *qemu_whpx_cpu_thread_fn(void *arg)
/* signal CPU creation */
cpu->created = true;
qemu_cond_signal(&qemu_cpu_cond);
+ qemu_guest_random_seed_thread_part2(cpu->random_seed);
do {
if (cpu_can_run(cpu)) {
@@ -1724,6 +1731,7 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
cpu->can_do_io = 1;
current_cpu = cpu;
qemu_cond_signal(&qemu_cpu_cond);
+ qemu_guest_random_seed_thread_part2(cpu->random_seed);
/* process any pending work */
cpu->exit_request = 1;
@@ -2071,6 +2079,7 @@ void qemu_init_vcpu(CPUState *cpu)
cpu->nr_cores = smp_cores;
cpu->nr_threads = smp_threads;
cpu->stopped = true;
+ cpu->random_seed = qemu_guest_random_seed_thread_part1();
if (!cpu->as) {
/* If the target cpu hasn't set up any address spaces itself,
diff --git a/crypto/Makefile.objs b/crypto/Makefile.objs
index 256c9aca1f..7fe2fa9da2 100644
--- a/crypto/Makefile.objs
+++ b/crypto/Makefile.objs
@@ -19,9 +19,10 @@ crypto-obj-y += tlscredspsk.o
crypto-obj-y += tlscredsx509.o
crypto-obj-y += tlssession.o
crypto-obj-y += secret.o
-crypto-obj-$(CONFIG_GCRYPT) += random-gcrypt.o
-crypto-obj-$(if $(CONFIG_GCRYPT),n,$(CONFIG_GNUTLS)) += random-gnutls.o
-crypto-obj-$(if $(CONFIG_GCRYPT),n,$(if $(CONFIG_GNUTLS),n,y)) += random-platform.o
+crypto-rng-obj-$(CONFIG_GCRYPT) += random-gcrypt.o
+crypto-rng-obj-$(if $(CONFIG_GCRYPT),n,$(CONFIG_GNUTLS)) += random-gnutls.o
+crypto-rng-obj-$(if $(CONFIG_GCRYPT),n,$(if $(CONFIG_GNUTLS),n,y)) += random-platform.o
+crypto-obj-y += $(crypto-rng-obj-y)
crypto-obj-y += pbkdf.o
crypto-obj-$(CONFIG_NETTLE) += pbkdf-nettle.o
crypto-obj-$(if $(CONFIG_NETTLE),n,$(CONFIG_GCRYPT)) += pbkdf-gcrypt.o
@@ -35,7 +36,7 @@ crypto-obj-y += block.o
crypto-obj-y += block-qcow.o
crypto-obj-y += block-luks.o
-# Let the userspace emulators avoid linking gnutls/etc
-crypto-aes-obj-y = aes.o
+# Let the userspace emulators avoid linking stuff they won't use.
+crypto-user-obj-y = aes.o $(crypto-rng-obj-y) init.o
stub-obj-y += pbkdf-stub.o
diff --git a/crypto/random-gcrypt.c b/crypto/random-gcrypt.c
index 9f1c9ee60e..7aea4ac81f 100644
--- a/crypto/random-gcrypt.c
+++ b/crypto/random-gcrypt.c
@@ -24,7 +24,7 @@
#include <gcrypt.h>
-int qcrypto_random_bytes(uint8_t *buf,
+int qcrypto_random_bytes(void *buf,
size_t buflen,
Error **errp G_GNUC_UNUSED)
{
diff --git a/crypto/random-gnutls.c b/crypto/random-gnutls.c
index 445fd6a30b..ed6c9ca12f 100644
--- a/crypto/random-gnutls.c
+++ b/crypto/random-gnutls.c
@@ -26,7 +26,7 @@
#include <gnutls/gnutls.h>
#include <gnutls/crypto.h>
-int qcrypto_random_bytes(uint8_t *buf,
+int qcrypto_random_bytes(void *buf,
size_t buflen,
Error **errp)
{
diff --git a/crypto/random-platform.c b/crypto/random-platform.c
index 7541b4cae7..66624106fe 100644
--- a/crypto/random-platform.c
+++ b/crypto/random-platform.c
@@ -27,68 +27,88 @@
#include <wincrypt.h>
static HCRYPTPROV hCryptProv;
#else
-static int fd; /* a file handle to either /dev/urandom or /dev/random */
+# ifdef CONFIG_GETRANDOM
+# include <sys/random.h>
+# endif
+/* This is -1 for getrandom(), or a file handle for /dev/{u,}random. */
+static int fd;
#endif
int qcrypto_random_init(Error **errp)
{
-#ifndef _WIN32
- /* TBD perhaps also add support for BSD getentropy / Linux
- * getrandom syscalls directly */
- fd = open("/dev/urandom", O_RDONLY);
- if (fd == -1 && errno == ENOENT) {
- fd = open("/dev/random", O_RDONLY);
- }
-
- if (fd < 0) {
- error_setg(errp, "No /dev/urandom or /dev/random found");
- return -1;
- }
-#else
+#ifdef _WIN32
if (!CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL,
CRYPT_SILENT | CRYPT_VERIFYCONTEXT)) {
error_setg_win32(errp, GetLastError(),
"Unable to create cryptographic provider");
return -1;
}
+#else
+# ifdef CONFIG_GETRANDOM
+ if (getrandom(NULL, 0, 0) == 0) {
+ /* Use getrandom() */
+ fd = -1;
+ return 0;
+ }
+ /* Fall through to /dev/urandom case. */
+# endif
+ fd = open("/dev/urandom", O_RDONLY | O_CLOEXEC);
+ if (fd == -1 && errno == ENOENT) {
+ fd = open("/dev/random", O_RDONLY | O_CLOEXEC);
+ }
+ if (fd < 0) {
+ error_setg_errno(errp, errno, "No /dev/urandom or /dev/random");
+ return -1;
+ }
#endif
-
return 0;
}
-int qcrypto_random_bytes(uint8_t *buf G_GNUC_UNUSED,
- size_t buflen G_GNUC_UNUSED,
+int qcrypto_random_bytes(void *buf,
+ size_t buflen,
Error **errp)
{
-#ifndef _WIN32
- int ret = -1;
- int got;
-
- while (buflen > 0) {
- got = read(fd, buf, buflen);
- if (got < 0) {
- error_setg_errno(errp, errno,
- "Unable to read random bytes");
- goto cleanup;
- } else if (!got) {
- error_setg(errp,
- "Unexpected EOF reading random bytes");
- goto cleanup;
- }
- buflen -= got;
- buf += got;
- }
-
- ret = 0;
- cleanup:
- return ret;
-#else
+#ifdef _WIN32
if (!CryptGenRandom(hCryptProv, buflen, buf)) {
error_setg_win32(errp, GetLastError(),
"Unable to read random bytes");
return -1;
}
-
- return 0;
+#else
+# ifdef CONFIG_GETRANDOM
+ if (likely(fd < 0)) {
+ while (1) {
+ ssize_t got = getrandom(buf, buflen, 0);
+ if (likely(got == buflen)) {
+ return 0;
+ }
+ if (got >= 0) {
+ buflen -= got;
+ buf += got;
+ } else if (errno != EINTR) {
+ error_setg_errno(errp, errno, "getrandom");
+ return -1;
+ }
+ }
+ }
+ /* Fall through to /dev/urandom case. */
+# endif
+ while (1) {
+ ssize_t got = read(fd, buf, buflen);
+ if (likely(got == buflen)) {
+ return 0;
+ }
+ if (got > 0) {
+ buflen -= got;
+ buf += got;
+ } else if (got == 0) {
+ error_setg(errp, "Unexpected EOF reading random bytes");
+ return -1;
+ } else if (errno != EINTR) {
+ error_setg_errno(errp, errno, "Unable to read random bytes");
+ return -1;
+ }
+ }
#endif
+ return 0;
}
diff --git a/hw/misc/aspeed_scu.c b/hw/misc/aspeed_scu.c
index c8217740ef..ab1e18ed4b 100644
--- a/hw/misc/aspeed_scu.c
+++ b/hw/misc/aspeed_scu.c
@@ -16,7 +16,7 @@
#include "qapi/visitor.h"
#include "qemu/bitops.h"
#include "qemu/log.h"
-#include "crypto/random.h"
+#include "qemu/guest-random.h"
#include "trace.h"
#define TO_REG(offset) ((offset) >> 2)
@@ -157,14 +157,8 @@ static const uint32_t ast2500_a1_resets[ASPEED_SCU_NR_REGS] = {
static uint32_t aspeed_scu_get_random(void)
{
- Error *err = NULL;
uint32_t num;
-
- if (qcrypto_random_bytes((uint8_t *)&num, sizeof(num), &err)) {
- error_report_err(err);
- exit(1);
- }
-
+ qemu_guest_getrandom_nofail(&num, sizeof(num));
return num;
}
diff --git a/hw/misc/bcm2835_rng.c b/hw/misc/bcm2835_rng.c
index 4d62143b24..fe59c868f5 100644
--- a/hw/misc/bcm2835_rng.c
+++ b/hw/misc/bcm2835_rng.c
@@ -9,30 +9,26 @@
#include "qemu/osdep.h"
#include "qemu/log.h"
-#include "qapi/error.h"
-#include "crypto/random.h"
+#include "qemu/guest-random.h"
#include "hw/misc/bcm2835_rng.h"
static uint32_t get_random_bytes(void)
{
uint32_t res;
- Error *err = NULL;
-
- if (qcrypto_random_bytes((uint8_t *)&res, sizeof(res), &err) < 0) {
- /* On failure we don't want to return the guest a non-random
- * value in case they're really using it for cryptographic
- * purposes, so the best we can do is die here.
- * This shouldn't happen unless something's broken.
- * In theory we could implement this device's full FIFO
- * and interrupt semantics and then just stop filling the
- * FIFO. That's a lot of work, though, so we assume any
- * errors are systematic problems and trust that if we didn't
- * fail as the guest inited then we won't fail later on
- * mid-run.
- */
- error_report_err(err);
- exit(1);
- }
+
+ /*
+ * On failure we don't want to return the guest a non-random
+ * value in case they're really using it for cryptographic
+ * purposes, so the best we can do is die here.
+ * This shouldn't happen unless something's broken.
+ * In theory we could implement this device's full FIFO
+ * and interrupt semantics and then just stop filling the
+ * FIFO. That's a lot of work, though, so we assume any
+ * errors are systematic problems and trust that if we didn't
+ * fail as the guest inited then we won't fail later on
+ * mid-run.
+ */
+ qemu_guest_getrandom_nofail(&res, sizeof(res));
return res;
}
diff --git a/hw/misc/exynos4210_rng.c b/hw/misc/exynos4210_rng.c
index 4ecbebd2d7..0e70ffb404 100644
--- a/hw/misc/exynos4210_rng.c
+++ b/hw/misc/exynos4210_rng.c
@@ -18,10 +18,10 @@
*/
#include "qemu/osdep.h"
-#include "crypto/random.h"
#include "hw/sysbus.h"
#include "qapi/error.h"
#include "qemu/log.h"
+#include "qemu/guest-random.h"
#define DEBUG_EXYNOS_RNG 0
@@ -109,7 +109,6 @@ static void exynos4210_rng_set_seed(Exynos4210RngState *s, unsigned int i,
static void exynos4210_rng_run_engine(Exynos4210RngState *s)
{
Error *err = NULL;
- int ret;
/* Seed set? */
if ((s->reg_status & EXYNOS4210_RNG_STATUS_SEED_SETTING_DONE) == 0) {
@@ -127,13 +126,11 @@ static void exynos4210_rng_run_engine(Exynos4210RngState *s)
}
/* Get randoms */
- ret = qcrypto_random_bytes((uint8_t *)s->randr_value,
- sizeof(s->randr_value), &err);
- if (!ret) {
+ if (qemu_guest_getrandom(s->randr_value, sizeof(s->randr_value), &err)) {
+ error_report_err(err);
+ } else {
/* Notify that PRNG is ready */
s->reg_status |= EXYNOS4210_RNG_STATUS_PRNG_DONE;
- } else {
- error_report_err(err);
}
out:
diff --git a/hw/misc/nrf51_rng.c b/hw/misc/nrf51_rng.c
index d188f044f4..3400e90a9b 100644
--- a/hw/misc/nrf51_rng.c
+++ b/hw/misc/nrf51_rng.c
@@ -14,7 +14,7 @@
#include "qapi/error.h"
#include "hw/arm/nrf51.h"
#include "hw/misc/nrf51_rng.h"
-#include "crypto/random.h"
+#include "qemu/guest-random.h"
static void update_irq(NRF51RNGState *s)
{
@@ -145,7 +145,7 @@ static void nrf51_rng_timer_expire(void *opaque)
{
NRF51RNGState *s = NRF51_RNG(opaque);
- qcrypto_random_bytes(&s->value, 1, &error_abort);
+ qemu_guest_getrandom_nofail(&s->value, 1);
s->event_valrdy = 1;
qemu_set_irq(s->eep_valrdy, 1);
diff --git a/include/crypto/random.h b/include/crypto/random.h
index 8764ca0562..fde592904e 100644
--- a/include/crypto/random.h
+++ b/include/crypto/random.h
@@ -34,7 +34,7 @@
*
* Returns 0 on success, -1 on error
*/
-int qcrypto_random_bytes(uint8_t *buf,
+int qcrypto_random_bytes(void *buf,
size_t buflen,
Error **errp);
diff --git a/include/qemu/guest-random.h b/include/qemu/guest-random.h
new file mode 100644
index 0000000000..09ff9c2236
--- /dev/null
+++ b/include/qemu/guest-random.h
@@ -0,0 +1,68 @@
+/*
+ * QEMU guest-visible random functions
+ *
+ * Copyright 2019 Linaro, Ltd.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ */
+
+#ifndef QEMU_GUEST_RANDOM_H
+#define QEMU_GUEST_RANDOM_H
+
+/**
+ * qemu_guest_random_seed_main(const char *optarg, Error **errp)
+ * @optarg: a non-NULL pointer to a C string
+ * @errp: an error indicator
+ *
+ * The @optarg value is that which accompanies the -seed argument.
+ * This forces qemu_guest_getrandom into deterministic mode.
+ *
+ * Returns 0 on success, < 0 on failure while setting *errp.
+ */
+int qemu_guest_random_seed_main(const char *optarg, Error **errp);
+
+/**
+ * qemu_guest_random_seed_thread_part1(void)
+ *
+ * If qemu_getrandom is in deterministic mode, returns an
+ * independent seed for the new thread. Otherwise returns 0.
+ */
+uint64_t qemu_guest_random_seed_thread_part1(void);
+
+/**
+ * qemu_guest_random_seed_thread_part2(uint64_t seed)
+ * @seed: a value for the new thread.
+ *
+ * If qemu_guest_getrandom is in deterministic mode, this stores an
+ * independent seed for the new thread. Otherwise a no-op.
+ */
+void qemu_guest_random_seed_thread_part2(uint64_t seed);
+
+/**
+ * qemu_guest_getrandom(void *buf, size_t len, Error **errp)
+ * @buf: a buffer of bytes to be written
+ * @len: the number of bytes in @buf
+ * @errp: an error indicator
+ *
+ * Fills len bytes in buf with random data. This should only be used
+ * for data presented to the guest. Host-side crypto services should
+ * use qcrypto_random_bytes.
+ *
+ * Returns 0 on success, < 0 on failure while setting *errp.
+ */
+int qemu_guest_getrandom(void *buf, size_t len, Error **errp);
+
+/**
+ * qemu_guest_getrandom_nofail(void *buf, size_t len)
+ * @buf: a buffer of bytes to be written
+ * @len: the number of bytes in @buf
+ *
+ * Like qemu_guest_getrandom, but will assert for failure.
+ * Use this when there is no reasonable recovery.
+ */
+void qemu_guest_getrandom_nofail(void *buf, size_t len);
+
+#endif /* QEMU_GUEST_RANDOM_H */
diff --git a/include/qom/cpu.h b/include/qom/cpu.h
index 32983f27c3..98e12d914c 100644
--- a/include/qom/cpu.h
+++ b/include/qom/cpu.h
@@ -375,6 +375,7 @@ struct CPUState {
int singlestep_enabled;
int64_t icount_budget;
int64_t icount_extra;
+ uint64_t random_seed;
sigjmp_buf jmp_env;
QemuMutex work_mutex;
diff --git a/linux-user/aarch64/cpu_loop.c b/linux-user/aarch64/cpu_loop.c
index d75fd9d3e2..2f2f63e3e8 100644
--- a/linux-user/aarch64/cpu_loop.c
+++ b/linux-user/aarch64/cpu_loop.c
@@ -20,6 +20,7 @@
#include "qemu/osdep.h"
#include "qemu.h"
#include "cpu_loop-common.h"
+#include "qemu/guest-random.h"
#define get_user_code_u32(x, gaddr, env) \
({ abi_long __r = get_user_u32((x), (gaddr)); \
@@ -147,24 +148,6 @@ void cpu_loop(CPUARMState *env)
}
}
-static uint64_t arm_rand64(void)
-{
- int shift = 64 - clz64(RAND_MAX);
- int i, n = 64 / shift + (64 % shift != 0);
- uint64_t ret = 0;
-
- for (i = 0; i < n; i++) {
- ret = (ret << shift) | rand();
- }
- return ret;
-}
-
-void arm_init_pauth_key(ARMPACKey *key)
-{
- key->lo = arm_rand64();
- key->hi = arm_rand64();
-}
-
void target_cpu_copy_regs(CPUArchState *env, struct target_pt_regs *regs)
{
ARMCPU *cpu = arm_env_get_cpu(env);
@@ -192,11 +175,7 @@ void target_cpu_copy_regs(CPUArchState *env, struct target_pt_regs *regs)
#endif
if (cpu_isar_feature(aa64_pauth, cpu)) {
- arm_init_pauth_key(&env->apia_key);
- arm_init_pauth_key(&env->apib_key);
- arm_init_pauth_key(&env->apda_key);
- arm_init_pauth_key(&env->apdb_key);
- arm_init_pauth_key(&env->apga_key);
+ qemu_guest_getrandom_nofail(&env->keys, sizeof(env->keys));
}
ts->stack_base = info->start_stack;
diff --git a/linux-user/aarch64/target_syscall.h b/linux-user/aarch64/target_syscall.h
index b595e5da82..995e475c73 100644
--- a/linux-user/aarch64/target_syscall.h
+++ b/linux-user/aarch64/target_syscall.h
@@ -29,6 +29,4 @@ struct target_pt_regs {
# define TARGET_PR_PAC_APDBKEY (1 << 3)
# define TARGET_PR_PAC_APGAKEY (1 << 4)
-void arm_init_pauth_key(ARMPACKey *key);
-
#endif /* AARCH64_TARGET_SYSCALL_H */
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index ef42e02d82..1e06b908b7 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -7,6 +7,7 @@
#include "qemu.h"
#include "disas/disas.h"
#include "qemu/path.h"
+#include "qemu/guest-random.h"
#ifdef _ARCH_PPC64
#undef ARCH_DLINFO
@@ -1883,12 +1884,9 @@ static abi_ulong create_elf_tables(abi_ulong p, int argc, int envc,
}
/*
- * Generate 16 random bytes for userspace PRNG seeding (not
- * cryptically secure but it's not the aim of QEMU).
+ * Generate 16 random bytes for userspace PRNG seeding.
*/
- for (i = 0; i < 16; i++) {
- k_rand_bytes[i] = rand();
- }
+ qemu_guest_getrandom_nofail(k_rand_bytes, sizeof(k_rand_bytes));
if (STACK_GROWS_DOWN) {
sp -= 16;
u_rand_bytes = sp;
diff --git a/linux-user/main.c b/linux-user/main.c
index 3d2230320b..689bcf436d 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -34,10 +34,12 @@
#include "tcg.h"
#include "qemu/timer.h"
#include "qemu/envlist.h"
+#include "qemu/guest-random.h"
#include "elf.h"
#include "trace/control.h"
#include "target_elf.h"
#include "cpu_loop-common.h"
+#include "crypto/init.h"
char *exec_path;
@@ -48,6 +50,7 @@ static int gdbstub_port;
static envlist_t *envlist;
static const char *cpu_model;
static const char *cpu_type;
+static const char *seed_optarg;
unsigned long mmap_min_addr;
unsigned long guest_base;
int have_guest_base;
@@ -290,15 +293,9 @@ static void handle_arg_pagesize(const char *arg)
}
}
-static void handle_arg_randseed(const char *arg)
+static void handle_arg_seed(const char *arg)
{
- unsigned long long seed;
-
- if (parse_uint_full(arg, &seed, 0) != 0 || seed > UINT_MAX) {
- fprintf(stderr, "Invalid seed number: %s\n", arg);
- exit(EXIT_FAILURE);
- }
- srand(seed);
+ seed_optarg = arg;
}
static void handle_arg_gdb(const char *arg)
@@ -433,7 +430,7 @@ static const struct qemu_argument arg_table[] = {
"", "run in singlestep mode"},
{"strace", "QEMU_STRACE", false, handle_arg_strace,
"", "log system calls"},
- {"seed", "QEMU_RAND_SEED", true, handle_arg_randseed,
+ {"seed", "QEMU_RAND_SEED", true, handle_arg_seed,
"", "Seed for pseudo-random number generator"},
{"trace", "QEMU_TRACE", true, handle_arg_trace,
"", "[[enable=]<pattern>][,events=<file>][,file=<file>]"},
@@ -626,8 +623,6 @@ int main(int argc, char **argv, char **envp)
cpu_model = NULL;
- srand(time(NULL));
-
qemu_add_opts(&qemu_trace_opts);
optind = parse_args(argc, argv);
@@ -689,8 +684,20 @@ int main(int argc, char **argv, char **envp)
do_strace = 1;
}
- if (getenv("QEMU_RAND_SEED")) {
- handle_arg_randseed(getenv("QEMU_RAND_SEED"));
+ if (seed_optarg == NULL) {
+ seed_optarg = getenv("QEMU_RAND_SEED");
+ }
+ {
+ Error *err = NULL;
+ if (seed_optarg != NULL) {
+ qemu_guest_random_seed_main(seed_optarg, &err);
+ } else {
+ qcrypto_init(&err);
+ }
+ if (err) {
+ error_reportf_err(err, "cannot initialize crypto: ");
+ exit(1);
+ }
}
target_environ = envlist_to_environ(envlist, NULL);
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index efa3ec2837..3de792a04c 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -107,6 +107,8 @@
#include "uname.h"
#include "qemu.h"
+#include "qemu/guest-random.h"
+#include "qapi/error.h"
#include "fd-trans.h"
#ifndef CLONE_IO
@@ -5482,6 +5484,7 @@ static void *clone_func(void *arg)
put_user_u32(info->tid, info->child_tidptr);
if (info->parent_tidptr)
put_user_u32(info->tid, info->parent_tidptr);
+ qemu_guest_random_seed_thread_part2(cpu->random_seed);
/* Enable signals. */
sigprocmask(SIG_SETMASK, &info->sigmask, NULL);
/* Signal to the parent that we're ready. */
@@ -5568,6 +5571,7 @@ static int do_fork(CPUArchState *env, unsigned int flags, abi_ulong newsp,
initializing, so temporarily block all signals. */
sigfillset(&sigmask);
sigprocmask(SIG_BLOCK, &sigmask, &info.sigmask);
+ cpu->random_seed = qemu_guest_random_seed_thread_part1();
/* If this is our first additional thread, we need to ensure we
* generate code for parallel execution and flush old translations.
@@ -9762,25 +9766,45 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1,
int all = (TARGET_PR_PAC_APIAKEY | TARGET_PR_PAC_APIBKEY |
TARGET_PR_PAC_APDAKEY | TARGET_PR_PAC_APDBKEY |
TARGET_PR_PAC_APGAKEY);
+ int ret = 0;
+ Error *err = NULL;
+
if (arg2 == 0) {
arg2 = all;
} else if (arg2 & ~all) {
return -TARGET_EINVAL;
}
if (arg2 & TARGET_PR_PAC_APIAKEY) {
- arm_init_pauth_key(&env->apia_key);
+ ret |= qemu_guest_getrandom(&env->keys.apia,
+ sizeof(ARMPACKey), &err);
}
if (arg2 & TARGET_PR_PAC_APIBKEY) {
- arm_init_pauth_key(&env->apib_key);
+ ret |= qemu_guest_getrandom(&env->keys.apib,
+ sizeof(ARMPACKey), &err);
}
if (arg2 & TARGET_PR_PAC_APDAKEY) {
- arm_init_pauth_key(&env->apda_key);
+ ret |= qemu_guest_getrandom(&env->keys.apda,
+ sizeof(ARMPACKey), &err);
}
if (arg2 & TARGET_PR_PAC_APDBKEY) {
- arm_init_pauth_key(&env->apdb_key);
+ ret |= qemu_guest_getrandom(&env->keys.apdb,
+ sizeof(ARMPACKey), &err);
}
if (arg2 & TARGET_PR_PAC_APGAKEY) {
- arm_init_pauth_key(&env->apga_key);
+ ret |= qemu_guest_getrandom(&env->keys.apga,
+ sizeof(ARMPACKey), &err);
+ }
+ if (ret != 0) {
+ /*
+ * Some unknown failure in the crypto. The best
+ * we can do is log it and fail the syscall.
+ * The real syscall cannot fail this way.
+ */
+ qemu_log_mask(LOG_UNIMP,
+ "PR_PAC_RESET_KEYS: Crypto failure: %s",
+ error_get_pretty(err));
+ error_free(err);
+ return -TARGET_EIO;
}
return 0;
}
diff --git a/qemu-options.hx b/qemu-options.hx
index 5daa5a8fb0..7ae3373a00 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -3641,6 +3641,16 @@ the 0x200 sized block starting at 0xffffffc000080000 and another 0x1000 sized
block starting at 0xffffffc00005f000.
ETEXI
+DEF("seed", HAS_ARG, QEMU_OPTION_seed, \
+ "-seed number seed the pseudo-random number generator\n",
+ QEMU_ARCH_ALL)
+STEXI
+@item -seed @var{number}
+@findex -seed
+Force the guest to use a deterministic pseudo-random number generator, seeded
+with @var{number}. This does not affect crypto routines within the host.
+ETEXI
+
DEF("L", HAS_ARG, QEMU_OPTION_L, \
"-L path set the directory for the BIOS, VGA BIOS and keymaps\n",
QEMU_ARCH_ALL)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 733b840a71..c34207611b 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -636,11 +636,13 @@ typedef struct CPUARMState {
} iwmmxt;
#ifdef TARGET_AARCH64
- ARMPACKey apia_key;
- ARMPACKey apib_key;
- ARMPACKey apda_key;
- ARMPACKey apdb_key;
- ARMPACKey apga_key;
+ struct {
+ ARMPACKey apia;
+ ARMPACKey apib;
+ ARMPACKey apda;
+ ARMPACKey apdb;
+ ARMPACKey apga;
+ } keys;
#endif
#if defined(CONFIG_USER_ONLY)
@@ -3519,6 +3521,11 @@ static inline bool isar_feature_aa64_condm_5(const ARMISARegisters *id)
return FIELD_EX64(id->id_aa64isar0, ID_AA64ISAR0, TS) >= 2;
}
+static inline bool isar_feature_aa64_rndr(const ARMISARegisters *id)
+{
+ return FIELD_EX64(id->id_aa64isar0, ID_AA64ISAR0, RNDR) != 0;
+}
+
static inline bool isar_feature_aa64_jscvt(const ARMISARegisters *id)
{
return FIELD_EX64(id->id_aa64isar1, ID_AA64ISAR1, JSCVT) != 0;
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
index 228906f267..835f73cceb 100644
--- a/target/arm/cpu64.c
+++ b/target/arm/cpu64.c
@@ -310,6 +310,7 @@ static void aarch64_max_initfn(Object *obj)
t = FIELD_DP64(t, ID_AA64ISAR0, DP, 1);
t = FIELD_DP64(t, ID_AA64ISAR0, FHM, 1);
t = FIELD_DP64(t, ID_AA64ISAR0, TS, 2); /* v8.5-CondM */
+ t = FIELD_DP64(t, ID_AA64ISAR0, RNDR, 1);
cpu->isar.id_aa64isar0 = t;
t = cpu->isar.id_aa64isar1;
diff --git a/target/arm/helper.c b/target/arm/helper.c
index e2d5c8e34f..acd23c53ca 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -22,6 +22,8 @@
#include "fpu/softfloat.h"
#include "qemu/range.h"
#include "qapi/qapi-commands-target.h"
+#include "qapi/error.h"
+#include "qemu/guest-random.h"
#define ARM_CPU_FREQ 1000000000 /* FIXME: 1 GHz, should be configurable */
@@ -5707,43 +5709,82 @@ static const ARMCPRegInfo pauth_reginfo[] = {
{ .name = "APDAKEYLO_EL1", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 0, .crn = 2, .crm = 2, .opc2 = 0,
.access = PL1_RW, .accessfn = access_pauth,
- .fieldoffset = offsetof(CPUARMState, apda_key.lo) },
+ .fieldoffset = offsetof(CPUARMState, keys.apda.lo) },
{ .name = "APDAKEYHI_EL1", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 0, .crn = 2, .crm = 2, .opc2 = 1,
.access = PL1_RW, .accessfn = access_pauth,
- .fieldoffset = offsetof(CPUARMState, apda_key.hi) },
+ .fieldoffset = offsetof(CPUARMState, keys.apda.hi) },
{ .name = "APDBKEYLO_EL1", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 0, .crn = 2, .crm = 2, .opc2 = 2,
.access = PL1_RW, .accessfn = access_pauth,
- .fieldoffset = offsetof(CPUARMState, apdb_key.lo) },
+ .fieldoffset = offsetof(CPUARMState, keys.apdb.lo) },
{ .name = "APDBKEYHI_EL1", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 0, .crn = 2, .crm = 2, .opc2 = 3,
.access = PL1_RW, .accessfn = access_pauth,
- .fieldoffset = offsetof(CPUARMState, apdb_key.hi) },
+ .fieldoffset = offsetof(CPUARMState, keys.apdb.hi) },
{ .name = "APGAKEYLO_EL1", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 0, .crn = 2, .crm = 3, .opc2 = 0,
.access = PL1_RW, .accessfn = access_pauth,
- .fieldoffset = offsetof(CPUARMState, apga_key.lo) },
+ .fieldoffset = offsetof(CPUARMState, keys.apga.lo) },
{ .name = "APGAKEYHI_EL1", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 0, .crn = 2, .crm = 3, .opc2 = 1,
.access = PL1_RW, .accessfn = access_pauth,
- .fieldoffset = offsetof(CPUARMState, apga_key.hi) },
+ .fieldoffset = offsetof(CPUARMState, keys.apga.hi) },
{ .name = "APIAKEYLO_EL1", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 0, .crn = 2, .crm = 1, .opc2 = 0,
.access = PL1_RW, .accessfn = access_pauth,
- .fieldoffset = offsetof(CPUARMState, apia_key.lo) },
+ .fieldoffset = offsetof(CPUARMState, keys.apia.lo) },
{ .name = "APIAKEYHI_EL1", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 0, .crn = 2, .crm = 1, .opc2 = 1,
.access = PL1_RW, .accessfn = access_pauth,
- .fieldoffset = offsetof(CPUARMState, apia_key.hi) },
+ .fieldoffset = offsetof(CPUARMState, keys.apia.hi) },
{ .name = "APIBKEYLO_EL1", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 0, .crn = 2, .crm = 1, .opc2 = 2,
.access = PL1_RW, .accessfn = access_pauth,
- .fieldoffset = offsetof(CPUARMState, apib_key.lo) },
+ .fieldoffset = offsetof(CPUARMState, keys.apib.lo) },
{ .name = "APIBKEYHI_EL1", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 0, .crn = 2, .crm = 1, .opc2 = 3,
.access = PL1_RW, .accessfn = access_pauth,
- .fieldoffset = offsetof(CPUARMState, apib_key.hi) },
+ .fieldoffset = offsetof(CPUARMState, keys.apib.hi) },
+ REGINFO_SENTINEL
+};
+
+static uint64_t rndr_readfn(CPUARMState *env, const ARMCPRegInfo *ri)
+{
+ Error *err = NULL;
+ uint64_t ret;
+
+ /* Success sets NZCV = 0000. */
+ env->NF = env->CF = env->VF = 0, env->ZF = 1;
+
+ if (qemu_guest_getrandom(&ret, sizeof(ret), &err) < 0) {
+ /*
+ * ??? Failed, for unknown reasons in the crypto subsystem.
+ * The best we can do is log the reason and return the
+ * timed-out indication to the guest. There is no reason
+ * we know to expect this failure to be transitory, so the
+ * guest may well hang retrying the operation.
+ */
+ qemu_log_mask(LOG_UNIMP, "%s: Crypto failure: %s",
+ ri->name, error_get_pretty(err));
+ error_free(err);
+
+ env->ZF = 0; /* NZCF = 0100 */
+ return 0;
+ }
+ return ret;
+}
+
+/* We do not support re-seeding, so the two registers operate the same. */
+static const ARMCPRegInfo rndr_reginfo[] = {
+ { .name = "RNDR", .state = ARM_CP_STATE_AA64,
+ .type = ARM_CP_NO_RAW | ARM_CP_SUPPRESS_TB_END | ARM_CP_IO,
+ .opc0 = 3, .opc1 = 3, .crn = 2, .crm = 4, .opc2 = 0,
+ .access = PL0_R, .readfn = rndr_readfn },
+ { .name = "RNDRRS", .state = ARM_CP_STATE_AA64,
+ .type = ARM_CP_NO_RAW | ARM_CP_SUPPRESS_TB_END | ARM_CP_IO,
+ .opc0 = 3, .opc1 = 3, .crn = 2, .crm = 4, .opc2 = 1,
+ .access = PL0_R, .readfn = rndr_readfn },
REGINFO_SENTINEL
};
#endif
@@ -6690,6 +6731,9 @@ void register_cp_regs_for_features(ARMCPU *cpu)
if (cpu_isar_feature(aa64_pauth, cpu)) {
define_arm_cp_regs(cpu, pauth_reginfo);
}
+ if (cpu_isar_feature(aa64_rndr, cpu)) {
+ define_arm_cp_regs(cpu, rndr_reginfo);
+ }
#endif
/*
diff --git a/target/arm/pauth_helper.c b/target/arm/pauth_helper.c
index d750f96edf..7f30ae7395 100644
--- a/target/arm/pauth_helper.c
+++ b/target/arm/pauth_helper.c
@@ -403,7 +403,7 @@ uint64_t HELPER(pacia)(CPUARMState *env, uint64_t x, uint64_t y)
return x;
}
pauth_check_trap(env, el, GETPC());
- return pauth_addpac(env, x, y, &env->apia_key, false);
+ return pauth_addpac(env, x, y, &env->keys.apia, false);
}
uint64_t HELPER(pacib)(CPUARMState *env, uint64_t x, uint64_t y)
@@ -413,7 +413,7 @@ uint64_t HELPER(pacib)(CPUARMState *env, uint64_t x, uint64_t y)
return x;
}
pauth_check_trap(env, el, GETPC());
- return pauth_addpac(env, x, y, &env->apib_key, false);
+ return pauth_addpac(env, x, y, &env->keys.apib, false);
}
uint64_t HELPER(pacda)(CPUARMState *env, uint64_t x, uint64_t y)
@@ -423,7 +423,7 @@ uint64_t HELPER(pacda)(CPUARMState *env, uint64_t x, uint64_t y)
return x;
}
pauth_check_trap(env, el, GETPC());
- return pauth_addpac(env, x, y, &env->apda_key, true);
+ return pauth_addpac(env, x, y, &env->keys.apda, true);
}
uint64_t HELPER(pacdb)(CPUARMState *env, uint64_t x, uint64_t y)
@@ -433,7 +433,7 @@ uint64_t HELPER(pacdb)(CPUARMState *env, uint64_t x, uint64_t y)
return x;
}
pauth_check_trap(env, el, GETPC());
- return pauth_addpac(env, x, y, &env->apdb_key, true);
+ return pauth_addpac(env, x, y, &env->keys.apdb, true);
}
uint64_t HELPER(pacga)(CPUARMState *env, uint64_t x, uint64_t y)
@@ -441,7 +441,7 @@ uint64_t HELPER(pacga)(CPUARMState *env, uint64_t x, uint64_t y)
uint64_t pac;
pauth_check_trap(env, arm_current_el(env), GETPC());
- pac = pauth_computepac(x, y, env->apga_key);
+ pac = pauth_computepac(x, y, env->keys.apga);
return pac & 0xffffffff00000000ull;
}
@@ -453,7 +453,7 @@ uint64_t HELPER(autia)(CPUARMState *env, uint64_t x, uint64_t y)
return x;
}
pauth_check_trap(env, el, GETPC());
- return pauth_auth(env, x, y, &env->apia_key, false, 0);
+ return pauth_auth(env, x, y, &env->keys.apia, false, 0);
}
uint64_t HELPER(autib)(CPUARMState *env, uint64_t x, uint64_t y)
@@ -463,7 +463,7 @@ uint64_t HELPER(autib)(CPUARMState *env, uint64_t x, uint64_t y)
return x;
}
pauth_check_trap(env, el, GETPC());
- return pauth_auth(env, x, y, &env->apib_key, false, 1);
+ return pauth_auth(env, x, y, &env->keys.apib, false, 1);
}
uint64_t HELPER(autda)(CPUARMState *env, uint64_t x, uint64_t y)
@@ -473,7 +473,7 @@ uint64_t HELPER(autda)(CPUARMState *env, uint64_t x, uint64_t y)
return x;
}
pauth_check_trap(env, el, GETPC());
- return pauth_auth(env, x, y, &env->apda_key, true, 0);
+ return pauth_auth(env, x, y, &env->keys.apda, true, 0);
}
uint64_t HELPER(autdb)(CPUARMState *env, uint64_t x, uint64_t y)
@@ -483,7 +483,7 @@ uint64_t HELPER(autdb)(CPUARMState *env, uint64_t x, uint64_t y)
return x;
}
pauth_check_trap(env, el, GETPC());
- return pauth_auth(env, x, y, &env->apdb_key, true, 1);
+ return pauth_auth(env, x, y, &env->keys.apdb, true, 1);
}
uint64_t HELPER(xpaci)(CPUARMState *env, uint64_t a)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 2f151dad8c..536d7d1520 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -730,13 +730,14 @@ static void x86_cpu_vendor_words2str(char *dst, uint32_t vendor1,
CPUID_EXT_MONITOR | CPUID_EXT_SSSE3 | CPUID_EXT_CX16 | \
CPUID_EXT_SSE41 | CPUID_EXT_SSE42 | CPUID_EXT_POPCNT | \
CPUID_EXT_XSAVE | /* CPUID_EXT_OSXSAVE is dynamic */ \
- CPUID_EXT_MOVBE | CPUID_EXT_AES | CPUID_EXT_HYPERVISOR)
+ CPUID_EXT_MOVBE | CPUID_EXT_AES | CPUID_EXT_HYPERVISOR | \
+ CPUID_EXT_RDRAND)
/* missing:
CPUID_EXT_DTES64, CPUID_EXT_DSCPL, CPUID_EXT_VMX, CPUID_EXT_SMX,
CPUID_EXT_EST, CPUID_EXT_TM2, CPUID_EXT_CID, CPUID_EXT_FMA,
CPUID_EXT_XTPR, CPUID_EXT_PDCM, CPUID_EXT_PCID, CPUID_EXT_DCA,
CPUID_EXT_X2APIC, CPUID_EXT_TSC_DEADLINE_TIMER, CPUID_EXT_AVX,
- CPUID_EXT_F16C, CPUID_EXT_RDRAND */
+ CPUID_EXT_F16C */
#ifdef TARGET_X86_64
#define TCG_EXT2_X86_64_FEATURES (CPUID_EXT2_SYSCALL | CPUID_EXT2_LM)
diff --git a/target/i386/helper.h b/target/i386/helper.h
index 6fb8fb9b74..8f9e1905c3 100644
--- a/target/i386/helper.h
+++ b/target/i386/helper.h
@@ -226,3 +226,5 @@ DEF_HELPER_3(rcrl, tl, env, tl, tl)
DEF_HELPER_3(rclq, tl, env, tl, tl)
DEF_HELPER_3(rcrq, tl, env, tl, tl)
#endif
+
+DEF_HELPER_1(rdrand, tl, env)
diff --git a/target/i386/int_helper.c b/target/i386/int_helper.c
index 4dc5c65991..334469ca8c 100644
--- a/target/i386/int_helper.c
+++ b/target/i386/int_helper.c
@@ -22,6 +22,8 @@
#include "exec/exec-all.h"
#include "qemu/host-utils.h"
#include "exec/helper-proto.h"
+#include "qapi/error.h"
+#include "qemu/guest-random.h"
//#define DEBUG_MULDIV
@@ -470,3 +472,22 @@ void helper_cr4_testbit(CPUX86State *env, uint32_t bit)
raise_exception_ra(env, EXCP06_ILLOP, GETPC());
}
}
+
+target_ulong HELPER(rdrand)(CPUX86State *env)
+{
+ Error *err = NULL;
+ target_ulong ret;
+
+ if (qemu_guest_getrandom(&ret, sizeof(ret), &err) < 0) {
+ qemu_log_mask(LOG_UNIMP, "rdrand: Crypto failure: %s",
+ error_get_pretty(err));
+ error_free(err);
+ /* Failure clears CF and all other flags, and returns 0. */
+ env->cc_src = 0;
+ return 0;
+ }
+
+ /* Success sets CF and clears all others. */
+ env->cc_src = CC_C;
+ return ret;
+}
diff --git a/target/i386/translate.c b/target/i386/translate.c
index 77d6b73e42..03150a86e2 100644
--- a/target/i386/translate.c
+++ b/target/i386/translate.c
@@ -5332,31 +5332,63 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu)
case 0x1c7: /* cmpxchg8b */
modrm = x86_ldub_code(env, s);
mod = (modrm >> 6) & 3;
- if ((mod == 3) || ((modrm & 0x38) != 0x8))
- goto illegal_op;
-#ifdef TARGET_X86_64
- if (dflag == MO_64) {
- if (!(s->cpuid_ext_features & CPUID_EXT_CX16))
+ switch ((modrm >> 3) & 7) {
+ case 1: /* CMPXCHG8, CMPXCHG16 */
+ if (mod == 3) {
goto illegal_op;
- gen_lea_modrm(env, s, modrm);
- if ((s->prefix & PREFIX_LOCK) && (tb_cflags(s->base.tb) & CF_PARALLEL)) {
- gen_helper_cmpxchg16b(cpu_env, s->A0);
- } else {
- gen_helper_cmpxchg16b_unlocked(cpu_env, s->A0);
}
- } else
+#ifdef TARGET_X86_64
+ if (dflag == MO_64) {
+ if (!(s->cpuid_ext_features & CPUID_EXT_CX16)) {
+ goto illegal_op;
+ }
+ gen_lea_modrm(env, s, modrm);
+ if ((s->prefix & PREFIX_LOCK) &&
+ (tb_cflags(s->base.tb) & CF_PARALLEL)) {
+ gen_helper_cmpxchg16b(cpu_env, s->A0);
+ } else {
+ gen_helper_cmpxchg16b_unlocked(cpu_env, s->A0);
+ }
+ set_cc_op(s, CC_OP_EFLAGS);
+ break;
+ }
#endif
- {
- if (!(s->cpuid_features & CPUID_CX8))
+ if (!(s->cpuid_features & CPUID_CX8)) {
goto illegal_op;
+ }
gen_lea_modrm(env, s, modrm);
- if ((s->prefix & PREFIX_LOCK) && (tb_cflags(s->base.tb) & CF_PARALLEL)) {
+ if ((s->prefix & PREFIX_LOCK) &&
+ (tb_cflags(s->base.tb) & CF_PARALLEL)) {
gen_helper_cmpxchg8b(cpu_env, s->A0);
} else {
gen_helper_cmpxchg8b_unlocked(cpu_env, s->A0);
}
+ set_cc_op(s, CC_OP_EFLAGS);
+ break;
+
+ case 7: /* RDSEED */
+ case 6: /* RDRAND */
+ if (mod != 3 ||
+ (s->prefix & (PREFIX_LOCK | PREFIX_REPZ | PREFIX_REPNZ)) ||
+ !(s->cpuid_ext_features & CPUID_EXT_RDRAND)) {
+ goto illegal_op;
+ }
+ if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
+ gen_io_start();
+ }
+ gen_helper_rdrand(s->T0, cpu_env);
+ rm = (modrm & 7) | REX_B(s);
+ gen_op_mov_reg_v(s, dflag, rm, s->T0);
+ set_cc_op(s, CC_OP_EFLAGS);
+ if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
+ gen_io_end();
+ gen_jmp(s, s->pc - s->cs_base);
+ }
+ break;
+
+ default:
+ goto illegal_op;
}
- set_cc_op(s, CC_OP_EFLAGS);
break;
/**************************/
diff --git a/target/ppc/int_helper.c b/target/ppc/int_helper.c
index f6a088ac08..9af779ad38 100644
--- a/target/ppc/int_helper.c
+++ b/target/ppc/int_helper.c
@@ -23,6 +23,8 @@
#include "exec/helper-proto.h"
#include "crypto/aes.h"
#include "fpu/softfloat.h"
+#include "qapi/error.h"
+#include "qemu/guest-random.h"
#include "helper_regs.h"
/*****************************************************************************/
@@ -158,24 +160,37 @@ uint32_t helper_cmpeqb(target_ulong ra, target_ulong rb)
#undef hasvalue
/*
- * Return invalid random number.
- *
- * FIXME: Add rng backend or other mechanism to get cryptographically suitable
- * random number
+ * Return a random number.
*/
-target_ulong helper_darn32(void)
+uint64_t helper_darn32(void)
{
- return -1;
+ Error *err = NULL;
+ uint32_t ret;
+
+ if (qemu_guest_getrandom(&ret, sizeof(ret), &err) < 0) {
+ qemu_log_mask(LOG_UNIMP, "darn: Crypto failure: %s",
+ error_get_pretty(err));
+ error_free(err);
+ return -1;
+ }
+
+ return ret;
}
-target_ulong helper_darn64(void)
+uint64_t helper_darn64(void)
{
- return -1;
-}
+ Error *err = NULL;
+ uint64_t ret;
-#endif
+ if (qemu_guest_getrandom(&ret, sizeof(ret), &err) < 0) {
+ qemu_log_mask(LOG_UNIMP, "darn: Crypto failure: %s",
+ error_get_pretty(err));
+ error_free(err);
+ return -1;
+ }
-#if defined(TARGET_PPC64)
+ return ret;
+}
uint64_t helper_bpermd(uint64_t rs, uint64_t rb)
{
diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index b5217f632f..4a5de28036 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -1847,13 +1847,22 @@ static void gen_darn(DisasContext *ctx)
{
int l = L(ctx->opcode);
- if (l == 0) {
- gen_helper_darn32(cpu_gpr[rD(ctx->opcode)]);
- } else if (l <= 2) {
- /* Return 64-bit random for both CRN and RRN */
- gen_helper_darn64(cpu_gpr[rD(ctx->opcode)]);
- } else {
+ if (l > 2) {
tcg_gen_movi_i64(cpu_gpr[rD(ctx->opcode)], -1);
+ } else {
+ if (tb_cflags(ctx->base.tb) & CF_USE_ICOUNT) {
+ gen_io_start();
+ }
+ if (l == 0) {
+ gen_helper_darn32(cpu_gpr[rD(ctx->opcode)]);
+ } else {
+ /* Return 64-bit random for both CRN and RRN */
+ gen_helper_darn64(cpu_gpr[rD(ctx->opcode)]);
+ }
+ if (tb_cflags(ctx->base.tb) & CF_USE_ICOUNT) {
+ gen_io_end();
+ gen_stop_exception(ctx);
+ }
}
}
#endif
diff --git a/ui/vnc.c b/ui/vnc.c
index 1871422e1d..d83f4a6ff9 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -43,6 +43,7 @@
#include "crypto/hash.h"
#include "crypto/tlscredsanon.h"
#include "crypto/tlscredsx509.h"
+#include "crypto/random.h"
#include "qom/object_interfaces.h"
#include "qemu/cutils.h"
#include "io/dns-resolver.h"
@@ -2535,14 +2536,16 @@ void start_client_init(VncState *vs)
vnc_read_when(vs, protocol_client_init, 1);
}
-static void make_challenge(VncState *vs)
+static void authentication_failed(VncState *vs)
{
- int i;
-
- srand(time(NULL)+getpid()+getpid()*987654+rand());
-
- for (i = 0 ; i < sizeof(vs->challenge) ; i++)
- vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
+ vnc_write_u32(vs, 1); /* Reject auth */
+ if (vs->minor >= 8) {
+ static const char err[] = "Authentication failed";
+ vnc_write_u32(vs, sizeof(err));
+ vnc_write(vs, err, sizeof(err));
+ }
+ vnc_flush(vs);
+ vnc_client_error(vs);
}
static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
@@ -2609,21 +2612,23 @@ static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
return 0;
reject:
- vnc_write_u32(vs, 1); /* Reject auth */
- if (vs->minor >= 8) {
- static const char err[] = "Authentication failed";
- vnc_write_u32(vs, sizeof(err));
- vnc_write(vs, err, sizeof(err));
- }
- vnc_flush(vs);
- vnc_client_error(vs);
+ authentication_failed(vs);
qcrypto_cipher_free(cipher);
return 0;
}
void start_auth_vnc(VncState *vs)
{
- make_challenge(vs);
+ Error *err = NULL;
+
+ if (qcrypto_random_bytes(vs->challenge, sizeof(vs->challenge), &err)) {
+ trace_vnc_auth_fail(vs, vs->auth, "cannot get random bytes",
+ error_get_pretty(err));
+ error_free(err);
+ authentication_failed(vs);
+ return;
+ }
+
/* Send client a 'random' challenge */
vnc_write(vs, vs->challenge, sizeof(vs->challenge));
vnc_flush(vs);
@@ -2638,13 +2643,7 @@ static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
* must pick the one we sent. Verify this */
if (data[0] != vs->auth) { /* Reject auth */
trace_vnc_auth_reject(vs, vs->auth, (int)data[0]);
- vnc_write_u32(vs, 1);
- if (vs->minor >= 8) {
- static const char err[] = "Authentication failed";
- vnc_write_u32(vs, sizeof(err));
- vnc_write(vs, err, sizeof(err));
- }
- vnc_client_error(vs);
+ authentication_failed(vs);
} else { /* Accept requested auth */
trace_vnc_auth_start(vs, vs->auth);
switch (vs->auth) {
@@ -2673,13 +2672,7 @@ static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
default: /* Should not be possible, but just in case */
trace_vnc_auth_fail(vs, vs->auth, "Unhandled auth method", "");
- vnc_write_u8(vs, 1);
- if (vs->minor >= 8) {
- static const char err[] = "Authentication failed";
- vnc_write_u32(vs, sizeof(err));
- vnc_write(vs, err, sizeof(err));
- }
- vnc_client_error(vs);
+ authentication_failed(vs);
}
}
return 0;
diff --git a/util/Makefile.objs b/util/Makefile.objs
index 9206878dec..c27a923dbe 100644
--- a/util/Makefile.objs
+++ b/util/Makefile.objs
@@ -54,5 +54,6 @@ util-obj-y += iova-tree.o
util-obj-$(CONFIG_INOTIFY1) += filemonitor-inotify.o
util-obj-$(CONFIG_LINUX) += vfio-helpers.o
util-obj-$(CONFIG_OPENGL) += drm.o
+util-obj-y += guest-random.o
stub-obj-y += filemonitor-stub.o
diff --git a/util/guest-random.c b/util/guest-random.c
new file mode 100644
index 0000000000..e8124a3cad
--- /dev/null
+++ b/util/guest-random.c
@@ -0,0 +1,93 @@
+/*
+ * QEMU guest-visible random functions
+ *
+ * Copyright 2019 Linaro, Ltd.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "qemu/cutils.h"
+#include "qapi/error.h"
+#include "qemu/guest-random.h"
+#include "crypto/random.h"
+
+
+static __thread GRand *thread_rand;
+static bool deterministic;
+
+
+static int glib_random_bytes(void *buf, size_t len)
+{
+ GRand *rand = thread_rand;
+ size_t i;
+ uint32_t x;
+
+ if (unlikely(rand == NULL)) {
+ /* Thread not initialized for a cpu, or main w/o -seed. */
+ thread_rand = rand = g_rand_new();
+ }
+
+ for (i = 0; i + 4 <= len; i += 4) {
+ x = g_rand_int(rand);
+ __builtin_memcpy(buf + i, &x, 4);
+ }
+ if (i < len) {
+ x = g_rand_int(rand);
+ __builtin_memcpy(buf + i, &x, i - len);
+ }
+ return 0;
+}
+
+int qemu_guest_getrandom(void *buf, size_t len, Error **errp)
+{
+ if (unlikely(deterministic)) {
+ /* Deterministic implementation using Glib's Mersenne Twister. */
+ return glib_random_bytes(buf, len);
+ } else {
+ /* Non-deterministic implementation using crypto routines. */
+ return qcrypto_random_bytes(buf, len, errp);
+ }
+}
+
+void qemu_guest_getrandom_nofail(void *buf, size_t len)
+{
+ qemu_guest_getrandom(buf, len, &error_fatal);
+}
+
+uint64_t qemu_guest_random_seed_thread_part1(void)
+{
+ if (deterministic) {
+ uint64_t ret;
+ glib_random_bytes(&ret, sizeof(ret));
+ return ret;
+ }
+ return 0;
+}
+
+void qemu_guest_random_seed_thread_part2(uint64_t seed)
+{
+ g_assert(thread_rand == NULL);
+ if (deterministic) {
+ thread_rand =
+ g_rand_new_with_seed_array((const guint32 *)&seed,
+ sizeof(seed) / sizeof(guint32));
+ }
+}
+
+int qemu_guest_random_seed_main(const char *optarg, Error **errp)
+{
+ unsigned long long seed;
+ if (parse_uint_full(optarg, &seed, 0)) {
+ error_setg(errp, "Invalid seed number: %s", optarg);
+ return -1;
+ } else {
+ deterministic = true;
+ qemu_guest_random_seed_thread_part2(seed);
+ return 0;
+ }
+}
diff --git a/vl.c b/vl.c
index 201144b162..5550bd7693 100644
--- a/vl.c
+++ b/vl.c
@@ -128,6 +128,7 @@ int main(int argc, char **argv)
#include "qapi/qapi-commands-ui.h"
#include "qapi/qmp/qerror.h"
#include "sysemu/iothread.h"
+#include "qemu/guest-random.h"
#define MAX_VIRTIO_CONSOLES 1
@@ -3349,6 +3350,9 @@ int main(int argc, char **argv, char **envp)
case QEMU_OPTION_DFILTER:
qemu_set_dfilter_ranges(optarg, &error_fatal);
break;
+ case QEMU_OPTION_seed:
+ qemu_guest_random_seed_main(optarg, &error_fatal);
+ break;
case QEMU_OPTION_s:
add_device_config(DEV_GDB, "tcp::" DEFAULT_GDBSTUB_PORT);
break;