[1/1] rng backend: open backend in blocking mode

Amit Shah <amit.shah@redhat.com> writes:

> Opening backends in non-blocking mode isn't necessary, we don't do
> anything while waiting for data.
>
> This also excuses us from checking for EAGAIN, which for the default
> random backend, is a very common return error type.

It's not common...  It really shouldn't happen however.

>  Starting the guest
> with '-device virtio-rng-pci', issuing a 'cat /dev/hwrng' in the guest
> while also doing 'cat /dev/random' on the host causes

You are essentially cat'ing the same device twice.  What's happening is
that there is entropy available in /dev/random so a select()
notification happens but before we are able to read() it, the cat of
/dev/hwrng ends up consuming that entropy.

This would never happen with a socket, for instance.  /dev/random is
special in there are multiple readers.

>
> backends/rng-random.c:44:entropy_available: assertion failed: (len != -1)
>
> without this fix.

This fix would cause QEMU to block indefinitely which I don't think is
very good behavior.  I think a better solution would be:


Since this simply ignores the extraneous select notification that occurs
because of the race above.

Regards,

Anthony Liguori

>
> Reported-by: yunpingzheng <yunzheng@redhat.com>
> Signed-off-by: Amit Shah <amit.shah@redhat.com>
> ---
>  backends/rng-random.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/backends/rng-random.c b/backends/rng-random.c
> index acd20af..252139b 100644
> --- a/backends/rng-random.c
> +++ b/backends/rng-random.c
> @@ -74,7 +74,7 @@ static void rng_random_opened(RngBackend *b, Error **errp)
>          error_set(errp, QERR_INVALID_PARAMETER_VALUE,
>                    "filename", "a valid filename");
>      } else {
> -        s->fd = qemu_open(s->filename, O_RDONLY | O_NONBLOCK);
> +        s->fd = qemu_open(s->filename, O_RDONLY);
>  
>          if (s->fd == -1) {
>              error_set(errp, QERR_OPEN_FILE_FAILED, s->filename);
> -- 
> 1.8.1.4

On (Mon) 01 Apr 2013 [09:02:46], Anthony Liguori wrote:
> Amit Shah <amit.shah@redhat.com> writes:
> 
> > Opening backends in non-blocking mode isn't necessary, we don't do
> > anything while waiting for data.
> >
> > This also excuses us from checking for EAGAIN, which for the default
> > random backend, is a very common return error type.
> 
> It's not common...  It really shouldn't happen however.

EAGAIN is common when a file is opened in non-blocking mode.  Needs to
be made verbose?

> >  Starting the guest
> > with '-device virtio-rng-pci', issuing a 'cat /dev/hwrng' in the guest
> > while also doing 'cat /dev/random' on the host causes
> 
> You are essentially cat'ing the same device twice.  What's happening is
> that there is entropy available in /dev/random so a select()
> notification happens but before we are able to read() it, the cat of
> /dev/hwrng ends up consuming that entropy.
> 
> This would never happen with a socket, for instance.  /dev/random is
> special in there are multiple readers.
> 
> >
> > backends/rng-random.c:44:entropy_available: assertion failed: (len != -1)
> >
> > without this fix.
> 
> This fix would cause QEMU to block indefinitely which I don't think is
> very good behavior.  I think a better solution would be:
> 
> diff --git a/backends/rng-random.c b/backends/rng-random.c
> index acd20af..9fde566 100644
> --- a/backends/rng-random.c
> +++ b/backends/rng-random.c
> @@ -41,6 +41,9 @@ static void entropy_available(void *opaque)
>      ssize_t len;
>  
>      len = read(s->fd, buffer, s->size);
> +    if (len == -1 && errno == EINTR) {
> +        return;
> +    }

This has to be an additional fix on top of this one.  EAGAIN has to be
handled if we want to allow nonblocking reads, and there doesn't seem
to be any reason to have these reads be non-blocking.

OTOH, I also think we could use the glib functions for file IO, since
handling EINTR in each open-coded read call isn't always fun.

		Amit

Amit Shah <amit.shah@redhat.com> writes:

> On (Mon) 01 Apr 2013 [09:02:46], Anthony Liguori wrote:
>> Amit Shah <amit.shah@redhat.com> writes:
>> 
>> > Opening backends in non-blocking mode isn't necessary, we don't do
>> > anything while waiting for data.
>> >
>> > This also excuses us from checking for EAGAIN, which for the default
>> > random backend, is a very common return error type.
>> 
>> It's not common...  It really shouldn't happen however.
>
> EAGAIN is common when a file is opened in non-blocking mode.  Needs to
> be made verbose?

EAGAIN doesn't just happen randomly.  It only happens when you read from
an fd when no data is present.  Normally, that is something that is
predictable.

>> >  Starting the guest
>> > with '-device virtio-rng-pci', issuing a 'cat /dev/hwrng' in the guest
>> > while also doing 'cat /dev/random' on the host causes
>> 
>> You are essentially cat'ing the same device twice.  What's happening is
>> that there is entropy available in /dev/random so a select()
>> notification happens but before we are able to read() it, the cat of
>> /dev/hwrng ends up consuming that entropy.
>> 
>> This would never happen with a socket, for instance.  /dev/random is
>> special in there are multiple readers.
>> 
>> >
>> > backends/rng-random.c:44:entropy_available: assertion failed: (len != -1)
>> >
>> > without this fix.
>> 
>> This fix would cause QEMU to block indefinitely which I don't think is
>> very good behavior.  I think a better solution would be:
>> 
>> diff --git a/backends/rng-random.c b/backends/rng-random.c
>> index acd20af..9fde566 100644
>> --- a/backends/rng-random.c
>> +++ b/backends/rng-random.c
>> @@ -41,6 +41,9 @@ static void entropy_available(void *opaque)
>>      ssize_t len;
>>  
>>      len = read(s->fd, buffer, s->size);
>> +    if (len == -1 && errno == EINTR) {
>> +        return;
>> +    }


That's a typo.  I meant s/EINTR/EAGAIN/g

Regards,

Anthony Liguori

>
> This has to be an additional fix on top of this one.  EAGAIN has to be
> handled if we want to allow nonblocking reads, and there doesn't seem
> to be any reason to have these reads be non-blocking.
>
> OTOH, I also think we could use the glib functions for file IO, since
> handling EINTR in each open-coded read call isn't always fun.
>
> 		Amit

On (Tue) 02 Apr 2013 [07:52:19], Anthony Liguori wrote:
> Amit Shah <amit.shah@redhat.com> writes:
> 
> > On (Mon) 01 Apr 2013 [09:02:46], Anthony Liguori wrote:
> >> Amit Shah <amit.shah@redhat.com> writes:
> >> 
> >> > Opening backends in non-blocking mode isn't necessary, we don't do
> >> > anything while waiting for data.
> >> >
> >> > This also excuses us from checking for EAGAIN, which for the default
> >> > random backend, is a very common return error type.
> >> 
> >> It's not common...  It really shouldn't happen however.
> >
> > EAGAIN is common when a file is opened in non-blocking mode.  Needs to
> > be made verbose?
> 
> EAGAIN doesn't just happen randomly.  It only happens when you read from
> an fd when no data is present.  Normally, that is something that is
> predictable.

When we open /dev/random as the default backend, we should expect more
EAGAINs than data :-)  i.e. /dev/random blocks, we know it.

> >> > backends/rng-random.c:44:entropy_available: assertion failed: (len != -1)
> >> >
> >> > without this fix.
> >> 
> >> This fix would cause QEMU to block indefinitely which I don't think is
> >> very good behavior.  I think a better solution would be:

How about relegating it to glib functions, and hooking it up so that
/dev/random is polled for data, and this function gets called when
/dev/random has data to give out?  Sure, when a read is attempted,
there might be no data available again, but we could then go back to
polling.


		Amit

Amit Shah <amit.shah@redhat.com> writes:

> On (Tue) 02 Apr 2013 [07:52:19], Anthony Liguori wrote:
>> Amit Shah <amit.shah@redhat.com> writes:
>> 
>> >> > backends/rng-random.c:44:entropy_available: assertion failed: (len != -1)
>> >> >
>> >> > without this fix.
>> >> 
>> >> This fix would cause QEMU to block indefinitely which I don't think is
>> >> very good behavior.  I think a better solution would be:
>
> How about relegating it to glib functions, and hooking it up so that
> /dev/random is polled for data, and this function gets called when
> /dev/random has data to give out?  Sure, when a read is attempted,
> there might be no data available again, but we could then go back to
> polling.

The fix I posted minus the needed s/EINTR/EAGAIN/g is pretty straight
forward and IMHO the proper way to handle this.

Is there something you think is broken with it?  I guess I should turn
it into a real patch but I was hoping you would so I didn't have to
recreate the original problem :-)

Regards,

Anthony Liguori

>
>
> 		Amit

On (Wed) 03 Apr 2013 [15:08:40], Anthony Liguori wrote:
> Amit Shah <amit.shah@redhat.com> writes:
> 
> > On (Tue) 02 Apr 2013 [07:52:19], Anthony Liguori wrote:
> >> Amit Shah <amit.shah@redhat.com> writes:
> >> 
> >> >> > backends/rng-random.c:44:entropy_available: assertion failed: (len != -1)
> >> >> >
> >> >> > without this fix.
> >> >> 
> >> >> This fix would cause QEMU to block indefinitely which I don't think is
> >> >> very good behavior.  I think a better solution would be:
> >
> > How about relegating it to glib functions, and hooking it up so that
> > /dev/random is polled for data, and this function gets called when
> > /dev/random has data to give out?  Sure, when a read is attempted,
> > there might be no data available again, but we could then go back to
> > polling.
> 
> The fix I posted minus the needed s/EINTR/EAGAIN/g is pretty straight
> forward and IMHO the proper way to handle this.
> 
> Is there something you think is broken with it?  I guess I should turn
> it into a real patch but I was hoping you would so I didn't have to
> recreate the original problem :-)

Oh yes, I'll do that and test, and will submit a patch.  My concern is
just that we'll forget checking for EINTR and fall into these traps
with open-coded read() calls instead of using wrappers.

		Amit