If /dev/hwrng exists, but no actual generator is connected (or it is
disabled on the host), QEMU will happily start the VM but crash as soon
as the guest accesses the VirtIO RNG device.
To prevent this unfortunate behaviour, check if a useable hwrng is
connected to the host before allowing the VM to be started.
Signed-off-by: Stefan Reiter <s.rei...@proxmox.com>
---
On a side note, 'file_read_firstline' was already imported from PVE::Tools but
never used. Saves a line in this patch I supposed ;)
PVE/QemuServer.pm | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
index cb96b71..6faa9cf 100644
--- a/PVE/QemuServer.pm
+++ b/PVE/QemuServer.pm
@@ -3399,6 +3399,16 @@ sub config_to_command {
die "cannot create VirtIO RNG device: source file '$rng->{source}'
doesn't exist\n"
if ! -e $rng->{source};
+ my $rng_select_path = '/sys/devices/virtual/misc/hw_random/rng_current';
+ if ($rng->{source} eq '/dev/hwrng' &&
+ file_read_firstline($rng_select_path) eq 'none')
+ {
+ # needs to abort, otherwise QEMU crashes on first rng access
+ die "Cannot start VM with passed-through RNG device: '/dev/hwrng'"
+ . " exists, but '$rng_select_path' is set to 'none'. Ensure that"
+ . " a compatible hardware-RNG is attached to the host.\n";
+ }
+
my $rng_addr = print_pci_addr("rng0", $bridges, $arch, $machine_type);
push @$devices, '-object', "rng-random,filename=$rng->{source},id=rng0";
--
2.20.1
_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
