Re: [PULL 9/9] hw/i386: pass RNG seed via setup_data entry

From: Xiaoyao Li <xiaoyao.li@intel.com>
To: Paolo Bonzini <pbonzini@redhat.com>, qemu-devel@nongnu.org
Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>,
	"Marcel Apfelbaum" <marcel.apfelbaum@gmail.com>,
	"Richard Henderson" <richard.henderson@linaro.org>,
	"Eduardo Habkost" <eduardo@habkost.net>,
	"Peter Maydell" <peter.maydell@linaro.org>,
	"Philippe Mathieu-DaudÃ©" <f4bug@amsat.org>,
	"Laurent Vivier" <laurent@vivier.eu>,
	"Michael S . Tsirkin" <mst@redhat.com>
Subject: Re: [PULL 9/9] hw/i386: pass RNG seed via setup_data entry
Date: Tue, 2 Aug 2022 11:28:15 +0800	[thread overview]
Message-ID: <dae86884-6cfa-a428-374c-60c42900aade@intel.com> (raw)
In-Reply-To: <20220721163621.761513-10-pbonzini@redhat.com>

On 7/22/2022 12:36 AM, Paolo Bonzini wrote:
> From: "Jason A. Donenfeld" <Jason@zx2c4.com>
> 
> Tiny machines optimized for fast boot time generally don't use EFI,
> which means a random seed has to be supplied some other way. For this
> purpose, Linux (â‰¥5.20) supports passing a seed in the setup_data table
> with SETUP_RNG_SEED, specially intended for hypervisors, kexec, and
> specialized bootloaders. The linked commit shows the upstream kernel
> implementation.
> 
> At Paolo's request, we don't pass these to versioned machine types â‰¤7.0.
> 
> Link: https://git.kernel.org/tip/tip/c/68b8e9713c8
> Cc: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
> Cc: Paolo Bonzini <pbonzini@redhat.com>
> Cc: Richard Henderson <richard.henderson@linaro.org>
> Cc: Eduardo Habkost <eduardo@habkost.net>
> Cc: Peter Maydell <peter.maydell@linaro.org>
> Cc: Philippe Mathieu-DaudÃ© <f4bug@amsat.org>
> Cc: Laurent Vivier <laurent@vivier.eu>
> Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
> Message-Id: <20220721125636.446842-1-Jason@zx2c4.com>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
>   hw/i386/microvm.c                            |  2 +-
>   hw/i386/pc.c                                 |  4 +--
>   hw/i386/pc_piix.c                            |  2 ++
>   hw/i386/pc_q35.c                             |  2 ++
>   hw/i386/x86.c                                | 26 +++++++++++++++++---
>   include/hw/i386/pc.h                         |  3 +++
>   include/hw/i386/x86.h                        |  3 ++-
>   include/standard-headers/asm-x86/bootparam.h |  1 +
>   8 files changed, 35 insertions(+), 8 deletions(-)
> 
> diff --git a/hw/i386/microvm.c b/hw/i386/microvm.c
> index dc929727dc..7fe8cce03e 100644
> --- a/hw/i386/microvm.c
> +++ b/hw/i386/microvm.c
> @@ -332,7 +332,7 @@ static void microvm_memory_init(MicrovmMachineState *mms)
>       rom_set_fw(fw_cfg);
>   
>       if (machine->kernel_filename != NULL) {
> -        x86_load_linux(x86ms, fw_cfg, 0, true);
> +        x86_load_linux(x86ms, fw_cfg, 0, true, false);
>       }
>   
>       if (mms->option_roms) {
> diff --git a/hw/i386/pc.c b/hw/i386/pc.c
> index 774cb2bf07..d2b5823ffb 100644
> --- a/hw/i386/pc.c
> +++ b/hw/i386/pc.c
> @@ -796,7 +796,7 @@ void xen_load_linux(PCMachineState *pcms)
>       rom_set_fw(fw_cfg);
>   
>       x86_load_linux(x86ms, fw_cfg, pcmc->acpi_data_size,
> -                   pcmc->pvh_enabled);
> +                   pcmc->pvh_enabled, pcmc->legacy_no_rng_seed);
>       for (i = 0; i < nb_option_roms; i++) {
>           assert(!strcmp(option_rom[i].name, "linuxboot.bin") ||
>                  !strcmp(option_rom[i].name, "linuxboot_dma.bin") ||
> @@ -992,7 +992,7 @@ void pc_memory_init(PCMachineState *pcms,
>   
>       if (linux_boot) {
>           x86_load_linux(x86ms, fw_cfg, pcmc->acpi_data_size,
> -                       pcmc->pvh_enabled);
> +                       pcmc->pvh_enabled, pcmc->legacy_no_rng_seed);
>       }
>   
>       for (i = 0; i < nb_option_roms; i++) {
> diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
> index a234989ac3..fbf9465318 100644
> --- a/hw/i386/pc_piix.c
> +++ b/hw/i386/pc_piix.c
> @@ -438,9 +438,11 @@ DEFINE_I440FX_MACHINE(v7_1, "pc-i440fx-7.1", NULL,
>   
>   static void pc_i440fx_7_0_machine_options(MachineClass *m)
>   {
> +    PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
>       pc_i440fx_7_1_machine_options(m);
>       m->alias = NULL;
>       m->is_default = false;
> +    pcmc->legacy_no_rng_seed = true;
>       compat_props_add(m->compat_props, hw_compat_7_0, hw_compat_7_0_len);
>       compat_props_add(m->compat_props, pc_compat_7_0, pc_compat_7_0_len);
>   }
> diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
> index f96cbd04e2..12cc76aaf8 100644
> --- a/hw/i386/pc_q35.c
> +++ b/hw/i386/pc_q35.c
> @@ -375,8 +375,10 @@ DEFINE_Q35_MACHINE(v7_1, "pc-q35-7.1", NULL,
>   
>   static void pc_q35_7_0_machine_options(MachineClass *m)
>   {
> +    PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
>       pc_q35_7_1_machine_options(m);
>       m->alias = NULL;
> +    pcmc->legacy_no_rng_seed = true;

Is making .legacy_no_rng_seed default false and opt-in it for old 
machines correct?

AFAICT, QEMU with machine-7.1 fails to boot with OVMF on my environment.