[pve-devel] [PATCH qemu-server v2 9/9] let VirtIO RNG devices source entropy from mapped HWRNGs
Filip Schauer
f.schauer at proxmox.com
Wed Jan 29 16:53:39 CET 2025
This allows a user with the Mapping.Modify privilege on /mapping/hwrng
to configure a hardware RNG mapping. A less privileged user with the
Mapping.Use privilege can then pass the mapped hardware RNG device as an
entropy source to a VirtIO RNG device.
Signed-off-by: Filip Schauer <f.schauer at proxmox.com>
---
PVE/API2/Qemu.pm | 5 +++++
PVE/QemuServer.pm | 5 +++++
PVE/QemuServer/RNG.pm | 25 +++++++++++++++++++++++--
3 files changed, 33 insertions(+), 2 deletions(-)
diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
index 8262c9d4..e8567ff3 100644
--- a/PVE/API2/Qemu.pm
+++ b/PVE/API2/Qemu.pm
@@ -808,9 +808,14 @@ my sub check_rng_perm {
my $device = PVE::JSONSchema::parse_property_string('pve-qm-rng', $value);
if ($device->{source}) {
+ # Backward compatibility for non-mapped /dev/hwrng
if ($device->{source} eq '/dev/hwrng') {
die "only root can set '$opt' config for a non-mapped Hardware RNG device\n";
}
+ } elsif ($device->{mapping}) {
+ $rpcenv->check_full($authuser, "/mapping/hwrng/$device->{mapping}", ['Mapping.Use']);
+ } else {
+ die "either 'source' or 'mapping' must be set.\n";
}
return 1;
diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
index 606f51fa..4a36e778 100644
--- a/PVE/QemuServer.pm
+++ b/PVE/QemuServer.pm
@@ -6606,10 +6606,15 @@ sub check_mapping_access {
my $device = PVE::JSONSchema::parse_property_string('pve-qm-rng', $conf->{$opt});
if ($device->{source}) {
+ # Backward compatibility for non-mapped /dev/hwrng
if ($device->{source} eq '/dev/hwrng') {
die "only root can set '$opt' config for a non-mapped Hardware RNG device\n"
if $user ne 'root at pam';
}
+ } elsif ($device->{mapping}) {
+ $rpcenv->check_full($user, "/mapping/hwrng/$device->{mapping}", ['Mapping.Use']);
+ } else {
+ die "either 'source' or 'mapping' must be set.\n";
}
}
}
diff --git a/PVE/QemuServer/RNG.pm b/PVE/QemuServer/RNG.pm
index f7a62f3b..ede5ffde 100644
--- a/PVE/QemuServer/RNG.pm
+++ b/PVE/QemuServer/RNG.pm
@@ -5,6 +5,7 @@ use warnings;
use PVE::QemuServer::PCI qw(print_pci_addr);
use PVE::JSONSchema;
+use PVE::Mapping::HWRNG;
use PVE::Tools qw(file_read_firstline);
use base 'Exporter';
@@ -25,8 +26,15 @@ our $rng_fmt = {
." should be preferred over '/dev/random' to avoid entropy-starvation issues on the"
." host. Using urandom does *not* decrease security in any meaningful way, as it's"
." still seeded from real entropy, and the bytes provided will most likely be mixed"
- ." with real entropy on the guest as well. '/dev/hwrng' can be used to pass through"
- ." a hardware RNG from the host.",
+ ." with real entropy on the guest as well.",
+ },
+ mapping => {
+ optional => 1,
+ type => 'string',
+ format_description => 'mapping-id',
+ format => 'pve-configid',
+ description => "The ID of a cluster wide mapping. When specified, entropy is gathered from"
+ ." a hardware RNG on the host. Either this or the default-key 'source' must be set.",
},
max_bytes => {
type => 'integer',
@@ -68,6 +76,9 @@ sub parse_rng {
warn $@ if $@;
my $source = $res->{source};
+ my $mapping = $res->{mapping};
+
+ return if $source && $mapping; # not a valid configuration
return $res;
}
@@ -93,9 +104,19 @@ sub get_rng_source_path {
my ($rng) = @_;
my $source = $rng->{source};
+ my $mapping = $rng->{mapping};
+
+ return if $source && $mapping; # not a valid configuration
if (defined($source)) {
return $source;
+ } elsif (defined($mapping)) {
+ my $devices = PVE::Mapping::HWRNG::find_on_current_node($mapping);
+ die "Hardware RNG mapping not found for '$mapping'\n" if !$devices || !scalar($devices->@*);
+ die "More than one Hardware RNG mapping per host not supported\n"
+ if scalar($devices->@*) > 1;
+
+ return $devices->[0]->{path};
}
return;
--
2.39.5
More information about the pve-devel
mailing list