From nobody Wed May 14 06:49:42 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1527582342161234.57107964062936; Tue, 29 May 2018 01:25:42 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id B1D3C30D10F7; Tue, 29 May 2018 08:25:40 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 842FD30A6A8E; Tue, 29 May 2018 08:25:40 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 2508C1800FD6; Tue, 29 May 2018 08:25:40 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w4T8PIet005803 for ; Tue, 29 May 2018 04:25:18 -0400 Received: by smtp.corp.redhat.com (Postfix) id 8D58463536; Tue, 29 May 2018 08:25:17 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1428C63F7E; Tue, 29 May 2018 08:25:16 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Tue, 29 May 2018 10:24:44 +0200 Message-Id: <843dc484513e94d390e844b0737ed07bc3b6487e.1527581861.git.mprivozn@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 08/10] virrandom: Make virRandomBits better X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.26 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.47]); Tue, 29 May 2018 08:25:41 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Now that we have strong PRNG generator implemented in virRandomBytes() let's use that instead of gnulib's random_r. Problem with the latter is in way we seed it: current UNIX time and libvirtd's PID are not that random as one might think. Imagine two hosts booting at the same time. There's a fair chance that those hosts spawn libvirtds at the same time and with the same PID. This will result in both daemons generating the same sequence of say MAC addresses [1]. 1: https://www.redhat.com/archives/libvirt-users/2018-May/msg00097.html Signed-off-by: Michal Privoznik --- src/util/virrandom.c | 63 ++----------------------------------------------= ---- 1 file changed, 2 insertions(+), 61 deletions(-) diff --git a/src/util/virrandom.c b/src/util/virrandom.c index 444b0f9802..01cc82a052 100644 --- a/src/util/virrandom.c +++ b/src/util/virrandom.c @@ -49,53 +49,6 @@ VIR_LOG_INIT("util.random"); =20 #define RANDOM_SOURCE "/dev/urandom" =20 -/* The algorithm of virRandomBits relies on gnulib's guarantee that - * 'random_r' matches the POSIX requirements on 'random' of being - * evenly distributed among exactly [0, 2**31) (that is, we always get - * exactly 31 bits). While this happens to be the value of RAND_MAX - * on glibc, note that POSIX only requires RAND_MAX to be tied to the - * weaker 'rand', so there are platforms where RAND_MAX is smaller - * than the range of 'random_r'. For the results to be evenly - * distributed among up to 64 bits, we also rely on the period of - * 'random_r' to be at least 2**64, which POSIX only guarantees for - * 'random' if you use 256 bytes of state. */ -enum { - RANDOM_BITS_PER_ITER =3D 31, - RANDOM_BITS_MASK =3D (1U << RANDOM_BITS_PER_ITER) - 1, - RANDOM_STATE_SIZE =3D 256, -}; - -static char randomState[RANDOM_STATE_SIZE]; -static struct random_data randomData; -static virMutex randomLock =3D VIR_MUTEX_INITIALIZER; - - -static int -virRandomOnceInit(void) -{ - unsigned int seed =3D time(NULL) ^ getpid(); - -#if 0 - /* Normally we want a decent seed. But if reproducible debugging - * of a fixed pseudo-random sequence is ever required, uncomment - * this block to let an environment variable force the seed. */ - const char *debug =3D virGetEnvBlockSUID("VIR_DEBUG_RANDOM_SEED"); - - if (debug && virStrToLong_ui(debug, NULL, 0, &seed) < 0) - return -1; -#endif - - if (initstate_r(seed, - randomState, - sizeof(randomState), - &randomData) < 0) - return -1; - - return 0; -} - -VIR_ONCE_GLOBAL_INIT(virRandom) - /** * virRandomBits: * @nbits: Number of bits of randommess required @@ -108,26 +61,14 @@ VIR_ONCE_GLOBAL_INIT(virRandom) uint64_t virRandomBits(int nbits) { uint64_t ret =3D 0; - int32_t bits; =20 - if (virRandomInitialize() < 0) { + if (virRandomBytes((unsigned char *) &ret, sizeof(ret)) < 0) { /* You're already hosed, so this particular non-random value * isn't any worse. */ return 0; } =20 - virMutexLock(&randomLock); - - while (nbits > RANDOM_BITS_PER_ITER) { - random_r(&randomData, &bits); - ret =3D (ret << RANDOM_BITS_PER_ITER) | (bits & RANDOM_BITS_MASK); - nbits -=3D RANDOM_BITS_PER_ITER; - } - - random_r(&randomData, &bits); - ret =3D (ret << nbits) | (bits & ((1 << nbits) - 1)); - - virMutexUnlock(&randomLock); + ret &=3D (1U << nbits) - 1; return ret; } =20 --=20 2.16.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list