[pve-devel] [PATCH v2 qemu-server] rng: die when trying to pass through disconnected hwrng

[Stefan Reiter]

If /dev/hwrng exists, but no actual generator is connected (or it is
disabled on the host), QEMU will happily start the VM but crash as soon
as the guest accesses the VirtIO RNG device.

To prevent this unfortunate behaviour, check if a useable hwrng is
connected to the host before allowing the VM to be started.

While at it, clean up config_to_command by moving new and existing rng
source checks to a seperate sub.

Signed-off-by: Stefan Reiter <s.reiter at proxmox.com>
---

v2: Move to sub, clean up, extend comment

 PVE/QemuServer.pm | 26 ++++++++++++++++++++------
 1 file changed, 20 insertions(+), 6 deletions(-)

diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
index cb96b71..e9b094b 100644
--- a/PVE/QemuServer.pm
+++ b/PVE/QemuServer.pm
@@ -3387,20 +3387,16 @@ sub config_to_command {
 
     my $rng = parse_rng($conf->{rng0}) if $conf->{rng0};
     if ($rng && &$version_guard(4, 1, 2)) {
+	check_rng_source($rng->{source});
+
 	my $max_bytes = $rng->{max_bytes} // $rng_fmt->{max_bytes}->{default};
 	my $period = $rng->{period} // $rng_fmt->{period}->{default};
-
 	my $limiter_str = "";
 	if ($max_bytes) {
 	    $limiter_str = ",max-bytes=$max_bytes,period=$period";
 	}
 
-	# mostly relevant for /dev/hwrng, but doesn't hurt to check others too
-	die "cannot create VirtIO RNG device: source file '$rng->{source}' doesn't exist\n"
-	    if ! -e $rng->{source};
-
 	my $rng_addr = print_pci_addr("rng0", $bridges, $arch, $machine_type);
-
 	push @$devices, '-object', "rng-random,filename=$rng->{source},id=rng0";
 	push @$devices, '-device', "virtio-rng-pci,rng=rng0$limiter_str$rng_addr";
     }
@@ -3634,6 +3630,24 @@ sub config_to_command {
     return wantarray ? ($cmd, $vollist, $spice_port) : $cmd;
 }
 
+sub check_rng_source {
+    my ($source) = @_;
+
+    # mostly relevant for /dev/hwrng, but doesn't hurt to check others too
+    die "cannot create VirtIO RNG device: source file '$source' doesn't exist\n"
+	if ! -e $source;
+
+    my $rng_current = '/sys/devices/virtual/misc/hw_random/rng_current';
+    if ($source eq '/dev/hwrng' && file_read_firstline($rng_current) eq 'none') {
+	# Needs to abort, otherwise QEMU crashes on first rng access.
+	# Note that rng_current cannot be changed to 'none' manually, so
+	# once the VM is past this point, it is no longer an issue.
+	die "Cannot start VM with passed-through RNG device: '/dev/hwrng'"
+	    . " exists, but '$rng_current' is set to 'none'. Ensure that"
+	    . " a compatible hardware-RNG is attached to the host.\n";
+    }
+}
+
 sub spice_port {
     my ($vmid) = @_;
 
-- 
2.20.1