On 5/5/20 10:59 AM, Stefan Reiter wrote:
> If /dev/hwrng exists, but no actual generator is connected (or it is
> disabled on the host), QEMU will happily start the VM but crash as soon
> as the guest accesses the VirtIO RNG device.
>
> To prevent this unfortunate behaviour, check if a useable hwrng is
> connected to the host before allowing the VM to be started.
>
> Signed-off-by: Stefan Reiter <s.rei...@proxmox.com>
> ---
>
> On a side note, 'file_read_firstline' was already imported from PVE::Tools but
> never used. Saves a line in this patch I supposed ;)
>
> PVE/QemuServer.pm | 10 ++++++++++
> 1 file changed, 10 insertions(+)
>
> diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
> index cb96b71..6faa9cf 100644
> --- a/PVE/QemuServer.pm
> +++ b/PVE/QemuServer.pm
> @@ -3399,6 +3399,16 @@ sub config_to_command {
> die "cannot create VirtIO RNG device: source file '$rng->{source}'
> doesn't exist\n"
> if ! -e $rng->{source};
>
> + my $rng_select_path = '/sys/devices/virtual/misc/hw_random/rng_current';
> + if ($rng->{source} eq '/dev/hwrng' &&
> + file_read_firstline($rng_select_path) eq 'none')
> + {
> + # needs to abort, otherwise QEMU crashes on first rng access
> + die "Cannot start VM with passed-through RNG device: '/dev/hwrng'"
> + . " exists, but '$rng_select_path' is set to 'none'. Ensure that"
> + . " a compatible hardware-RNG is attached to the host.\n";
> + }
can we stop bloating config to command and move this to it's own sub, please...
> +
> my $rng_addr = print_pci_addr("rng0", $bridges, $arch, $machine_type);
>
> push @$devices, '-object', "rng-random,filename=$rng->{source},id=rng0";
>
_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
