Introduce qemu_guest_getrandom.

Use qemu_guest_getrandom in aspeed, nrf51, bcm2835, exynos4210 rng devices.
 Use qemu_guest_getrandom in target/ppc darn instruction.
 Support ARMv8.5-RNG extension.
 Support x86 RDRAND extension.
 
 Acked-by: Daniel P. Berrangé <berrange@redhat.com>
 Acked-by: Laurent Vivier <laurent@vivier.eu>
 -----BEGIN PGP SIGNATURE-----
 
 iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAlzllrsdHHJpY2hhcmQu
 aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV9/qAgAuYpF/gHrkfT+IFrw
 OsgV1pPdhh+opxp44ayIQ6VC64voij0k/NnmC3/BxRv89yPqchvA6m0c2jzfGuwZ
 ICpDt7LvFTrG9k8X9vEXbOTfh5dS/5g1o0LXiGU9RmMaC/5z2ZIabxU8K1Ti3+X0
 P3B5s65rRQ8fPzOAMLEjeaHYQ/AOX/CNsmgFDve+d0b9tJY99UVO3Pb0h3+eR0s3
 /4AHWG+IACGX7MVgFIfkEbGVnwboNiT20MUq3Exn2yGgg0IbLfoUazOnbfRz9jkX
 kbN6nAZ+WDynf31SvvkEL/P6W5medf58ufJOiBB8opIp1E4WDdM30V8RkkPOyj4z
 YOBmSw==
 =2RnL
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/rth/tags/pull-rng-20190522' into staging

Introduce qemu_guest_getrandom.
Use qemu_guest_getrandom in aspeed, nrf51, bcm2835, exynos4210 rng devices.
Use qemu_guest_getrandom in target/ppc darn instruction.
Support ARMv8.5-RNG extension.
Support x86 RDRAND extension.

Acked-by: Daniel P. Berrangé <berrange@redhat.com>
Acked-by: Laurent Vivier <laurent@vivier.eu>

# gpg: Signature made Wed 22 May 2019 19:36:43 BST
# gpg:                using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg:                issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A  05C0 64DF 38E8 AF7E 215F

* remotes/rth/tags/pull-rng-20190522: (25 commits)
  target/i386: Implement CPUID_EXT_RDRAND
  target/ppc: Use qemu_guest_getrandom for DARN
  target/ppc: Use gen_io_start/end around DARN
  target/arm: Implement ARMv8.5-RNG
  target/arm: Put all PAC keys into a structure
  hw/misc/exynos4210_rng: Use qemu_guest_getrandom
  hw/misc/bcm2835_rng: Use qemu_guest_getrandom_nofail
  hw/misc/nrf51_rng: Use qemu_guest_getrandom_nofail
  aspeed/scu: Use qemu_guest_getrandom_nofail
  linux-user: Remove srand call
  linux-user/aarch64: Use qemu_guest_getrandom for PAUTH keys
  linux-user: Use qemu_guest_getrandom_nofail for AT_RANDOM
  linux-user: Call qcrypto_init if not using -seed
  linux-user: Initialize pseudo-random seeds for all guest cpus
  cpus: Initialize pseudo-random seeds for all guest cpus
  util: Add qemu_guest_getrandom and associated routines
  ui/vnc: Use gcrypto_random_bytes for start_auth_vnc
  ui/vnc: Split out authentication_failed
  crypto: Change the qcrypto_random_bytes buffer type to void*
  crypto: Use getrandom for qcrypto_random_bytes
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This commit is contained in:
Peter Maydell 2019-05-23 12:57:17 +01:00
commit d418238dca
36 changed files with 610 additions and 256 deletions

View File

@ -413,7 +413,7 @@ dummy := $(call unnest-vars,, \
block-obj-y \
block-obj-m \
crypto-obj-y \
crypto-aes-obj-y \
crypto-user-obj-y \
qom-obj-y \
io-obj-y \
common-obj-y \
@ -487,7 +487,7 @@ subdir-slirp: .git-submodule-status
$(call quiet-command,$(MAKE) -C $(SRC_PATH)/slirp BUILD_DIR="$(BUILD_DIR)/slirp" CC="$(CC)" AR="$(AR)" LD="$(LD)" RANLIB="$(RANLIB)" CFLAGS="$(QEMU_CFLAGS) $(CFLAGS)" LDFLAGS="$(LDFLAGS)")
$(SUBDIR_RULES): libqemuutil.a $(common-obj-y) \
$(qom-obj-y) $(crypto-aes-obj-$(CONFIG_USER_ONLY))
$(qom-obj-y) $(crypto-user-obj-$(CONFIG_USER_ONLY))
ROMSUBDIR_RULES=$(patsubst %,romsubdir-%, $(ROMS))
# Only keep -O and -g cflags

View File

@ -25,7 +25,7 @@ block-obj-m = block/
# crypto-obj-y is code used by both qemu system emulation and qemu-img
crypto-obj-y = crypto/
crypto-aes-obj-y = crypto/
crypto-user-obj-y = crypto/
#######################################################################
# qom-obj-y is code used by both qemu system emulation and qemu-img

View File

@ -180,7 +180,7 @@ dummy := $(call unnest-vars,.., \
block-obj-m \
chardev-obj-y \
crypto-obj-y \
crypto-aes-obj-y \
crypto-user-obj-y \
qom-obj-y \
io-obj-y \
common-obj-y \
@ -189,7 +189,7 @@ all-obj-y += $(common-obj-y)
all-obj-y += $(qom-obj-y)
all-obj-$(CONFIG_SOFTMMU) += $(authz-obj-y)
all-obj-$(CONFIG_SOFTMMU) += $(block-obj-y) $(chardev-obj-y)
all-obj-$(CONFIG_USER_ONLY) += $(crypto-aes-obj-y)
all-obj-$(CONFIG_USER_ONLY) += $(crypto-user-obj-y)
all-obj-$(CONFIG_SOFTMMU) += $(crypto-obj-y)
all-obj-$(CONFIG_SOFTMMU) += $(io-obj-y)

87
configure vendored
View File

@ -2784,17 +2784,23 @@ fi
# GNUTLS probe
if test "$gnutls" != "no"; then
pass="no"
if $pkg_config --exists "gnutls >= 3.1.18"; then
gnutls_cflags=$($pkg_config --cflags gnutls)
gnutls_libs=$($pkg_config --libs gnutls)
libs_softmmu="$gnutls_libs $libs_softmmu"
libs_tools="$gnutls_libs $libs_tools"
QEMU_CFLAGS="$QEMU_CFLAGS $gnutls_cflags"
gnutls="yes"
elif test "$gnutls" = "yes"; then
# Packaging for the static libraries is not always correct.
# At least ubuntu 18.04 ships only shared libraries.
write_c_skeleton
if compile_prog "" "$gnutls_libs" ; then
LIBS="$gnutls_libs $LIBS"
QEMU_CFLAGS="$QEMU_CFLAGS $gnutls_cflags"
pass="yes"
fi
fi
if test "$pass" = "no" && test "$gnutls" = "yes"; then
feature_not_found "gnutls" "Install gnutls devel >= 3.1.18"
else
gnutls="no"
gnutls="$pass"
fi
fi
@ -2849,43 +2855,52 @@ has_libgcrypt() {
if test "$nettle" != "no"; then
pass="no"
if $pkg_config --exists "nettle >= 2.7.1"; then
nettle_cflags=$($pkg_config --cflags nettle)
nettle_libs=$($pkg_config --libs nettle)
nettle_version=$($pkg_config --modversion nettle)
libs_softmmu="$nettle_libs $libs_softmmu"
libs_tools="$nettle_libs $libs_tools"
QEMU_CFLAGS="$QEMU_CFLAGS $nettle_cflags"
nettle="yes"
if test -z "$gcrypt"; then
gcrypt="no"
# Link test to make sure the given libraries work (e.g for static).
write_c_skeleton
if compile_prog "" "$nettle_libs" ; then
LIBS="$nettle_libs $LIBS"
QEMU_CFLAGS="$QEMU_CFLAGS $nettle_cflags"
if test -z "$gcrypt"; then
gcrypt="no"
fi
pass="yes"
fi
fi
if test "$pass" = "no" && test "$nettle" = "yes"; then
feature_not_found "nettle" "Install nettle devel >= 2.7.1"
else
if test "$nettle" = "yes"; then
feature_not_found "nettle" "Install nettle devel >= 2.7.1"
else
nettle="no"
fi
nettle="$pass"
fi
fi
if test "$gcrypt" != "no"; then
pass="no"
if has_libgcrypt; then
gcrypt_cflags=$(libgcrypt-config --cflags)
gcrypt_libs=$(libgcrypt-config --libs)
# Debian has remove -lgpg-error from libgcrypt-config
# Debian has removed -lgpg-error from libgcrypt-config
# as it "spreads unnecessary dependencies" which in
# turn breaks static builds...
if test "$static" = "yes"
then
gcrypt_libs="$gcrypt_libs -lgpg-error"
fi
libs_softmmu="$gcrypt_libs $libs_softmmu"
libs_tools="$gcrypt_libs $libs_tools"
QEMU_CFLAGS="$QEMU_CFLAGS $gcrypt_cflags"
gcrypt="yes"
# Link test to make sure the given libraries work (e.g for static).
write_c_skeleton
if compile_prog "" "$gcrypt_libs" ; then
LIBS="$gcrypt_libs $LIBS"
QEMU_CFLAGS="$QEMU_CFLAGS $gcrypt_cflags"
pass="yes"
fi
fi
if test "$pass" = "yes"; then
gcrypt="yes"
cat > $TMPC << EOF
#include <gcrypt.h>
int main(void) {
@ -2898,12 +2913,10 @@ EOF
if compile_prog "$gcrypt_cflags" "$gcrypt_libs" ; then
gcrypt_hmac=yes
fi
elif test "$gcrypt" = "yes"; then
feature_not_found "gcrypt" "Install gcrypt devel >= 1.5.0"
else
if test "$gcrypt" = "yes"; then
feature_not_found "gcrypt" "Install gcrypt devel >= 1.5.0"
else
gcrypt="no"
fi
gcrypt="no"
fi
fi
@ -5802,6 +5815,20 @@ if compile_prog "" "" ; then
have_utmpx=yes
fi
##########################################
# check for getrandom()
have_getrandom=no
cat > $TMPC << EOF
#include <sys/random.h>
int main(void) {
return getrandom(0, 0, GRND_NONBLOCK);
}
EOF
if compile_prog "" "" ; then
have_getrandom=yes
fi
##########################################
# checks for sanitizers
@ -7191,7 +7218,9 @@ fi
if test "$have_utmpx" = "yes" ; then
echo "HAVE_UTMPX=y" >> $config_host_mak
fi
if test "$have_getrandom" = "yes" ; then
echo "CONFIG_GETRANDOM=y" >> $config_host_mak
fi
if test "$ivshmem" = "yes" ; then
echo "CONFIG_IVSHMEM=y" >> $config_host_mak
fi

9
cpus.c
View File

@ -50,6 +50,7 @@
#include "qemu/option.h"
#include "qemu/bitmap.h"
#include "qemu/seqlock.h"
#include "qemu/guest-random.h"
#include "tcg.h"
#include "hw/nmi.h"
#include "sysemu/replay.h"
@ -1276,6 +1277,7 @@ static void *qemu_kvm_cpu_thread_fn(void *arg)
/* signal CPU creation */
cpu->created = true;
qemu_cond_signal(&qemu_cpu_cond);
qemu_guest_random_seed_thread_part2(cpu->random_seed);
do {
if (cpu_can_run(cpu)) {
@ -1319,6 +1321,7 @@ static void *qemu_dummy_cpu_thread_fn(void *arg)
/* signal CPU creation */
cpu->created = true;
qemu_cond_signal(&qemu_cpu_cond);
qemu_guest_random_seed_thread_part2(cpu->random_seed);
do {
qemu_mutex_unlock_iothread();
@ -1478,6 +1481,7 @@ static void *qemu_tcg_rr_cpu_thread_fn(void *arg)
cpu->created = true;
cpu->can_do_io = 1;
qemu_cond_signal(&qemu_cpu_cond);
qemu_guest_random_seed_thread_part2(cpu->random_seed);
/* wait for initial kick-off after machine start */
while (first_cpu->stopped) {
@ -1592,6 +1596,7 @@ static void *qemu_hax_cpu_thread_fn(void *arg)
hax_init_vcpu(cpu);
qemu_cond_signal(&qemu_cpu_cond);
qemu_guest_random_seed_thread_part2(cpu->random_seed);
do {
if (cpu_can_run(cpu)) {
@ -1631,6 +1636,7 @@ static void *qemu_hvf_cpu_thread_fn(void *arg)
/* signal CPU creation */
cpu->created = true;
qemu_cond_signal(&qemu_cpu_cond);
qemu_guest_random_seed_thread_part2(cpu->random_seed);
do {
if (cpu_can_run(cpu)) {
@ -1671,6 +1677,7 @@ static void *qemu_whpx_cpu_thread_fn(void *arg)
/* signal CPU creation */
cpu->created = true;
qemu_cond_signal(&qemu_cpu_cond);
qemu_guest_random_seed_thread_part2(cpu->random_seed);
do {
if (cpu_can_run(cpu)) {
@ -1724,6 +1731,7 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
cpu->can_do_io = 1;
current_cpu = cpu;
qemu_cond_signal(&qemu_cpu_cond);
qemu_guest_random_seed_thread_part2(cpu->random_seed);
/* process any pending work */
cpu->exit_request = 1;
@ -2071,6 +2079,7 @@ void qemu_init_vcpu(CPUState *cpu)
cpu->nr_cores = smp_cores;
cpu->nr_threads = smp_threads;
cpu->stopped = true;
cpu->random_seed = qemu_guest_random_seed_thread_part1();
if (!cpu->as) {
/* If the target cpu hasn't set up any address spaces itself,

View File

@ -19,9 +19,10 @@ crypto-obj-y += tlscredspsk.o
crypto-obj-y += tlscredsx509.o
crypto-obj-y += tlssession.o
crypto-obj-y += secret.o
crypto-obj-$(CONFIG_GCRYPT) += random-gcrypt.o
crypto-obj-$(if $(CONFIG_GCRYPT),n,$(CONFIG_GNUTLS)) += random-gnutls.o
crypto-obj-$(if $(CONFIG_GCRYPT),n,$(if $(CONFIG_GNUTLS),n,y)) += random-platform.o
crypto-rng-obj-$(CONFIG_GCRYPT) += random-gcrypt.o
crypto-rng-obj-$(if $(CONFIG_GCRYPT),n,$(CONFIG_GNUTLS)) += random-gnutls.o
crypto-rng-obj-$(if $(CONFIG_GCRYPT),n,$(if $(CONFIG_GNUTLS),n,y)) += random-platform.o
crypto-obj-y += $(crypto-rng-obj-y)
crypto-obj-y += pbkdf.o
crypto-obj-$(CONFIG_NETTLE) += pbkdf-nettle.o
crypto-obj-$(if $(CONFIG_NETTLE),n,$(CONFIG_GCRYPT)) += pbkdf-gcrypt.o
@ -35,7 +36,7 @@ crypto-obj-y += block.o
crypto-obj-y += block-qcow.o
crypto-obj-y += block-luks.o
# Let the userspace emulators avoid linking gnutls/etc
crypto-aes-obj-y = aes.o
# Let the userspace emulators avoid linking stuff they won't use.
crypto-user-obj-y = aes.o $(crypto-rng-obj-y) init.o
stub-obj-y += pbkdf-stub.o

View File

@ -24,7 +24,7 @@
#include <gcrypt.h>
int qcrypto_random_bytes(uint8_t *buf,
int qcrypto_random_bytes(void *buf,
size_t buflen,
Error **errp G_GNUC_UNUSED)
{

View File

@ -26,7 +26,7 @@
#include <gnutls/gnutls.h>
#include <gnutls/crypto.h>
int qcrypto_random_bytes(uint8_t *buf,
int qcrypto_random_bytes(void *buf,
size_t buflen,
Error **errp)
{

View File

@ -27,68 +27,88 @@
#include <wincrypt.h>
static HCRYPTPROV hCryptProv;
#else
static int fd; /* a file handle to either /dev/urandom or /dev/random */
# ifdef CONFIG_GETRANDOM
# include <sys/random.h>
# endif
/* This is -1 for getrandom(), or a file handle for /dev/{u,}random. */
static int fd;
#endif
int qcrypto_random_init(Error **errp)
{
#ifndef _WIN32
/* TBD perhaps also add support for BSD getentropy / Linux
* getrandom syscalls directly */
fd = open("/dev/urandom", O_RDONLY);
if (fd == -1 && errno == ENOENT) {
fd = open("/dev/random", O_RDONLY);
}
if (fd < 0) {
error_setg(errp, "No /dev/urandom or /dev/random found");
return -1;
}
#else
#ifdef _WIN32
if (!CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL,
CRYPT_SILENT | CRYPT_VERIFYCONTEXT)) {
error_setg_win32(errp, GetLastError(),
"Unable to create cryptographic provider");
return -1;
}
#else
# ifdef CONFIG_GETRANDOM
if (getrandom(NULL, 0, 0) == 0) {
/* Use getrandom() */
fd = -1;
return 0;
}
/* Fall through to /dev/urandom case. */
# endif
fd = open("/dev/urandom", O_RDONLY | O_CLOEXEC);
if (fd == -1 && errno == ENOENT) {
fd = open("/dev/random", O_RDONLY | O_CLOEXEC);
}
if (fd < 0) {
error_setg_errno(errp, errno, "No /dev/urandom or /dev/random");
return -1;
}
#endif
return 0;
}
int qcrypto_random_bytes(uint8_t *buf G_GNUC_UNUSED,
size_t buflen G_GNUC_UNUSED,
int qcrypto_random_bytes(void *buf,
size_t buflen,
Error **errp)
{
#ifndef _WIN32
int ret = -1;
int got;
while (buflen > 0) {
got = read(fd, buf, buflen);
if (got < 0) {
error_setg_errno(errp, errno,
"Unable to read random bytes");
goto cleanup;
} else if (!got) {
error_setg(errp,
"Unexpected EOF reading random bytes");
goto cleanup;
}
buflen -= got;
buf += got;
}
ret = 0;
cleanup:
return ret;
#else
#ifdef _WIN32
if (!CryptGenRandom(hCryptProv, buflen, buf)) {
error_setg_win32(errp, GetLastError(),
"Unable to read random bytes");
return -1;
}
return 0;
#else
# ifdef CONFIG_GETRANDOM
if (likely(fd < 0)) {
while (1) {
ssize_t got = getrandom(buf, buflen, 0);
if (likely(got == buflen)) {
return 0;
}
if (got >= 0) {
buflen -= got;
buf += got;
} else if (errno != EINTR) {
error_setg_errno(errp, errno, "getrandom");
return -1;
}
}
}
/* Fall through to /dev/urandom case. */
# endif
while (1) {
ssize_t got = read(fd, buf, buflen);
if (likely(got == buflen)) {
return 0;
}
if (got > 0) {
buflen -= got;
buf += got;
} else if (got == 0) {
error_setg(errp, "Unexpected EOF reading random bytes");
return -1;
} else if (errno != EINTR) {
error_setg_errno(errp, errno, "Unable to read random bytes");
return -1;
}
}
#endif
return 0;
}

View File

@ -16,7 +16,7 @@
#include "qapi/visitor.h"
#include "qemu/bitops.h"
#include "qemu/log.h"
#include "crypto/random.h"
#include "qemu/guest-random.h"
#include "trace.h"
#define TO_REG(offset) ((offset) >> 2)
@ -157,14 +157,8 @@ static const uint32_t ast2500_a1_resets[ASPEED_SCU_NR_REGS] = {
static uint32_t aspeed_scu_get_random(void)
{
Error *err = NULL;
uint32_t num;
if (qcrypto_random_bytes((uint8_t *)&num, sizeof(num), &err)) {
error_report_err(err);
exit(1);
}
qemu_guest_getrandom_nofail(&num, sizeof(num));
return num;
}

View File

@ -9,30 +9,26 @@
#include "qemu/osdep.h"
#include "qemu/log.h"
#include "qapi/error.h"
#include "crypto/random.h"
#include "qemu/guest-random.h"
#include "hw/misc/bcm2835_rng.h"
static uint32_t get_random_bytes(void)
{
uint32_t res;
Error *err = NULL;
if (qcrypto_random_bytes((uint8_t *)&res, sizeof(res), &err) < 0) {
/* On failure we don't want to return the guest a non-random
* value in case they're really using it for cryptographic
* purposes, so the best we can do is die here.
* This shouldn't happen unless something's broken.
* In theory we could implement this device's full FIFO
* and interrupt semantics and then just stop filling the
* FIFO. That's a lot of work, though, so we assume any
* errors are systematic problems and trust that if we didn't
* fail as the guest inited then we won't fail later on
* mid-run.
*/
error_report_err(err);
exit(1);
}
/*
* On failure we don't want to return the guest a non-random
* value in case they're really using it for cryptographic
* purposes, so the best we can do is die here.
* This shouldn't happen unless something's broken.
* In theory we could implement this device's full FIFO
* and interrupt semantics and then just stop filling the
* FIFO. That's a lot of work, though, so we assume any
* errors are systematic problems and trust that if we didn't
* fail as the guest inited then we won't fail later on
* mid-run.
*/
qemu_guest_getrandom_nofail(&res, sizeof(res));
return res;
}

View File

@ -18,10 +18,10 @@
*/
#include "qemu/osdep.h"
#include "crypto/random.h"
#include "hw/sysbus.h"
#include "qapi/error.h"
#include "qemu/log.h"
#include "qemu/guest-random.h"
#define DEBUG_EXYNOS_RNG 0
@ -109,7 +109,6 @@ static void exynos4210_rng_set_seed(Exynos4210RngState *s, unsigned int i,
static void exynos4210_rng_run_engine(Exynos4210RngState *s)
{
Error *err = NULL;
int ret;
/* Seed set? */
if ((s->reg_status & EXYNOS4210_RNG_STATUS_SEED_SETTING_DONE) == 0) {
@ -127,13 +126,11 @@ static void exynos4210_rng_run_engine(Exynos4210RngState *s)
}
/* Get randoms */
ret = qcrypto_random_bytes((uint8_t *)s->randr_value,
sizeof(s->randr_value), &err);
if (!ret) {
if (qemu_guest_getrandom(s->randr_value, sizeof(s->randr_value), &err)) {
error_report_err(err);
} else {
/* Notify that PRNG is ready */
s->reg_status |= EXYNOS4210_RNG_STATUS_PRNG_DONE;
} else {
error_report_err(err);
}
out:

View File

@ -14,7 +14,7 @@
#include "qapi/error.h"
#include "hw/arm/nrf51.h"
#include "hw/misc/nrf51_rng.h"
#include "crypto/random.h"
#include "qemu/guest-random.h"
static void update_irq(NRF51RNGState *s)
{
@ -145,7 +145,7 @@ static void nrf51_rng_timer_expire(void *opaque)
{
NRF51RNGState *s = NRF51_RNG(opaque);
qcrypto_random_bytes(&s->value, 1, &error_abort);
qemu_guest_getrandom_nofail(&s->value, 1);
s->event_valrdy = 1;
qemu_set_irq(s->eep_valrdy, 1);

View File

@ -34,7 +34,7 @@
*
* Returns 0 on success, -1 on error
*/
int qcrypto_random_bytes(uint8_t *buf,
int qcrypto_random_bytes(void *buf,
size_t buflen,
Error **errp);

View File

@ -0,0 +1,68 @@
/*
* QEMU guest-visible random functions
*
* Copyright 2019 Linaro, Ltd.
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation; either version 2 of the License, or (at your option)
* any later version.
*/
#ifndef QEMU_GUEST_RANDOM_H
#define QEMU_GUEST_RANDOM_H
/**
* qemu_guest_random_seed_main(const char *optarg, Error **errp)
* @optarg: a non-NULL pointer to a C string
* @errp: an error indicator
*
* The @optarg value is that which accompanies the -seed argument.
* This forces qemu_guest_getrandom into deterministic mode.
*
* Returns 0 on success, < 0 on failure while setting *errp.
*/
int qemu_guest_random_seed_main(const char *optarg, Error **errp);
/**
* qemu_guest_random_seed_thread_part1(void)
*
* If qemu_getrandom is in deterministic mode, returns an
* independent seed for the new thread. Otherwise returns 0.
*/
uint64_t qemu_guest_random_seed_thread_part1(void);
/**
* qemu_guest_random_seed_thread_part2(uint64_t seed)
* @seed: a value for the new thread.
*
* If qemu_guest_getrandom is in deterministic mode, this stores an
* independent seed for the new thread. Otherwise a no-op.
*/
void qemu_guest_random_seed_thread_part2(uint64_t seed);
/**
* qemu_guest_getrandom(void *buf, size_t len, Error **errp)
* @buf: a buffer of bytes to be written
* @len: the number of bytes in @buf
* @errp: an error indicator
*
* Fills len bytes in buf with random data. This should only be used
* for data presented to the guest. Host-side crypto services should
* use qcrypto_random_bytes.
*
* Returns 0 on success, < 0 on failure while setting *errp.
*/
int qemu_guest_getrandom(void *buf, size_t len, Error **errp);
/**
* qemu_guest_getrandom_nofail(void *buf, size_t len)
* @buf: a buffer of bytes to be written
* @len: the number of bytes in @buf
*
* Like qemu_guest_getrandom, but will assert for failure.
* Use this when there is no reasonable recovery.
*/
void qemu_guest_getrandom_nofail(void *buf, size_t len);
#endif /* QEMU_GUEST_RANDOM_H */

View File

@ -375,6 +375,7 @@ struct CPUState {
int singlestep_enabled;
int64_t icount_budget;
int64_t icount_extra;
uint64_t random_seed;
sigjmp_buf jmp_env;
QemuMutex work_mutex;

View File

@ -20,6 +20,7 @@
#include "qemu/osdep.h"
#include "qemu.h"
#include "cpu_loop-common.h"
#include "qemu/guest-random.h"
#define get_user_code_u32(x, gaddr, env) \
({ abi_long __r = get_user_u32((x), (gaddr)); \
@ -147,24 +148,6 @@ void cpu_loop(CPUARMState *env)
}
}
static uint64_t arm_rand64(void)
{
int shift = 64 - clz64(RAND_MAX);
int i, n = 64 / shift + (64 % shift != 0);
uint64_t ret = 0;
for (i = 0; i < n; i++) {
ret = (ret << shift) | rand();
}
return ret;
}
void arm_init_pauth_key(ARMPACKey *key)
{
key->lo = arm_rand64();
key->hi = arm_rand64();
}
void target_cpu_copy_regs(CPUArchState *env, struct target_pt_regs *regs)
{
ARMCPU *cpu = arm_env_get_cpu(env);
@ -192,11 +175,7 @@ void target_cpu_copy_regs(CPUArchState *env, struct target_pt_regs *regs)
#endif
if (cpu_isar_feature(aa64_pauth, cpu)) {
arm_init_pauth_key(&env->apia_key);
arm_init_pauth_key(&env->apib_key);
arm_init_pauth_key(&env->apda_key);
arm_init_pauth_key(&env->apdb_key);
arm_init_pauth_key(&env->apga_key);
qemu_guest_getrandom_nofail(&env->keys, sizeof(env->keys));
}
ts->stack_base = info->start_stack;

View File

@ -29,6 +29,4 @@ struct target_pt_regs {
# define TARGET_PR_PAC_APDBKEY (1 << 3)
# define TARGET_PR_PAC_APGAKEY (1 << 4)
void arm_init_pauth_key(ARMPACKey *key);
#endif /* AARCH64_TARGET_SYSCALL_H */

View File

@ -7,6 +7,7 @@
#include "qemu.h"
#include "disas/disas.h"
#include "qemu/path.h"
#include "qemu/guest-random.h"
#ifdef _ARCH_PPC64
#undef ARCH_DLINFO
@ -1883,12 +1884,9 @@ static abi_ulong create_elf_tables(abi_ulong p, int argc, int envc,
}
/*
* Generate 16 random bytes for userspace PRNG seeding (not
* cryptically secure but it's not the aim of QEMU).
* Generate 16 random bytes for userspace PRNG seeding.
*/
for (i = 0; i < 16; i++) {
k_rand_bytes[i] = rand();
}
qemu_guest_getrandom_nofail(k_rand_bytes, sizeof(k_rand_bytes));
if (STACK_GROWS_DOWN) {
sp -= 16;
u_rand_bytes = sp;

View File

@ -34,10 +34,12 @@
#include "tcg.h"
#include "qemu/timer.h"
#include "qemu/envlist.h"
#include "qemu/guest-random.h"
#include "elf.h"
#include "trace/control.h"
#include "target_elf.h"
#include "cpu_loop-common.h"
#include "crypto/init.h"
char *exec_path;
@ -48,6 +50,7 @@ static int gdbstub_port;
static envlist_t *envlist;
static const char *cpu_model;
static const char *cpu_type;
static const char *seed_optarg;
unsigned long mmap_min_addr;
unsigned long guest_base;
int have_guest_base;
@ -290,15 +293,9 @@ static void handle_arg_pagesize(const char *arg)
}
}
static void handle_arg_randseed(const char *arg)
static void handle_arg_seed(const char *arg)
{
unsigned long long seed;
if (parse_uint_full(arg, &seed, 0) != 0 || seed > UINT_MAX) {
fprintf(stderr, "Invalid seed number: %s\n", arg);
exit(EXIT_FAILURE);
}
srand(seed);
seed_optarg = arg;
}
static void handle_arg_gdb(const char *arg)
@ -433,7 +430,7 @@ static const struct qemu_argument arg_table[] = {
"", "run in singlestep mode"},
{"strace", "QEMU_STRACE", false, handle_arg_strace,
"", "log system calls"},
{"seed", "QEMU_RAND_SEED", true, handle_arg_randseed,
{"seed", "QEMU_RAND_SEED", true, handle_arg_seed,
"", "Seed for pseudo-random number generator"},
{"trace", "QEMU_TRACE", true, handle_arg_trace,
"", "[[enable=]<pattern>][,events=<file>][,file=<file>]"},
@ -626,8 +623,6 @@ int main(int argc, char **argv, char **envp)
cpu_model = NULL;
srand(time(NULL));
qemu_add_opts(&qemu_trace_opts);
optind = parse_args(argc, argv);
@ -689,8 +684,20 @@ int main(int argc, char **argv, char **envp)
do_strace = 1;
}
if (getenv("QEMU_RAND_SEED")) {
handle_arg_randseed(getenv("QEMU_RAND_SEED"));
if (seed_optarg == NULL) {
seed_optarg = getenv("QEMU_RAND_SEED");
}
{
Error *err = NULL;
if (seed_optarg != NULL) {
qemu_guest_random_seed_main(seed_optarg, &err);
} else {
qcrypto_init(&err);
}
if (err) {
error_reportf_err(err, "cannot initialize crypto: ");
exit(1);
}
}
target_environ = envlist_to_environ(envlist, NULL);

View File

@ -107,6 +107,8 @@
#include "uname.h"
#include "qemu.h"
#include "qemu/guest-random.h"
#include "qapi/error.h"
#include "fd-trans.h"
#ifndef CLONE_IO
@ -5482,6 +5484,7 @@ static void *clone_func(void *arg)
put_user_u32(info->tid, info->child_tidptr);
if (info->parent_tidptr)
put_user_u32(info->tid, info->parent_tidptr);
qemu_guest_random_seed_thread_part2(cpu->random_seed);
/* Enable signals. */
sigprocmask(SIG_SETMASK, &info->sigmask, NULL);
/* Signal to the parent that we're ready. */
@ -5568,6 +5571,7 @@ static int do_fork(CPUArchState *env, unsigned int flags, abi_ulong newsp,
initializing, so temporarily block all signals. */
sigfillset(&sigmask);
sigprocmask(SIG_BLOCK, &sigmask, &info.sigmask);
cpu->random_seed = qemu_guest_random_seed_thread_part1();
/* If this is our first additional thread, we need to ensure we
* generate code for parallel execution and flush old translations.
@ -9762,25 +9766,45 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1,
int all = (TARGET_PR_PAC_APIAKEY | TARGET_PR_PAC_APIBKEY |
TARGET_PR_PAC_APDAKEY | TARGET_PR_PAC_APDBKEY |
TARGET_PR_PAC_APGAKEY);
int ret = 0;
Error *err = NULL;
if (arg2 == 0) {
arg2 = all;
} else if (arg2 & ~all) {
return -TARGET_EINVAL;
}
if (arg2 & TARGET_PR_PAC_APIAKEY) {
arm_init_pauth_key(&env->apia_key);
ret |= qemu_guest_getrandom(&env->keys.apia,
sizeof(ARMPACKey), &err);
}
if (arg2 & TARGET_PR_PAC_APIBKEY) {
arm_init_pauth_key(&env->apib_key);
ret |= qemu_guest_getrandom(&env->keys.apib,
sizeof(ARMPACKey), &err);
}
if (arg2 & TARGET_PR_PAC_APDAKEY) {
arm_init_pauth_key(&env->apda_key);
ret |= qemu_guest_getrandom(&env->keys.apda,
sizeof(ARMPACKey), &err);
}
if (arg2 & TARGET_PR_PAC_APDBKEY) {
arm_init_pauth_key(&env->apdb_key);
ret |= qemu_guest_getrandom(&env->keys.apdb,
sizeof(ARMPACKey), &err);
}
if (arg2 & TARGET_PR_PAC_APGAKEY) {
arm_init_pauth_key(&env->apga_key);
ret |= qemu_guest_getrandom(&env->keys.apga,
sizeof(ARMPACKey), &err);
}
if (ret != 0) {
/*
* Some unknown failure in the crypto. The best
* we can do is log it and fail the syscall.
* The real syscall cannot fail this way.
*/
qemu_log_mask(LOG_UNIMP,
"PR_PAC_RESET_KEYS: Crypto failure: %s",
error_get_pretty(err));
error_free(err);
return -TARGET_EIO;
}
return 0;
}

View File

@ -3641,6 +3641,16 @@ the 0x200 sized block starting at 0xffffffc000080000 and another 0x1000 sized
block starting at 0xffffffc00005f000.
ETEXI
DEF("seed", HAS_ARG, QEMU_OPTION_seed, \
"-seed number seed the pseudo-random number generator\n",
QEMU_ARCH_ALL)
STEXI
@item -seed @var{number}
@findex -seed
Force the guest to use a deterministic pseudo-random number generator, seeded
with @var{number}. This does not affect crypto routines within the host.
ETEXI
DEF("L", HAS_ARG, QEMU_OPTION_L, \
"-L path set the directory for the BIOS, VGA BIOS and keymaps\n",
QEMU_ARCH_ALL)

View File

@ -636,11 +636,13 @@ typedef struct CPUARMState {
} iwmmxt;
#ifdef TARGET_AARCH64
ARMPACKey apia_key;
ARMPACKey apib_key;
ARMPACKey apda_key;
ARMPACKey apdb_key;
ARMPACKey apga_key;
struct {
ARMPACKey apia;
ARMPACKey apib;
ARMPACKey apda;
ARMPACKey apdb;
ARMPACKey apga;
} keys;
#endif
#if defined(CONFIG_USER_ONLY)
@ -3519,6 +3521,11 @@ static inline bool isar_feature_aa64_condm_5(const ARMISARegisters *id)
return FIELD_EX64(id->id_aa64isar0, ID_AA64ISAR0, TS) >= 2;
}
static inline bool isar_feature_aa64_rndr(const ARMISARegisters *id)
{
return FIELD_EX64(id->id_aa64isar0, ID_AA64ISAR0, RNDR) != 0;
}
static inline bool isar_feature_aa64_jscvt(const ARMISARegisters *id)
{
return FIELD_EX64(id->id_aa64isar1, ID_AA64ISAR1, JSCVT) != 0;

View File

@ -310,6 +310,7 @@ static void aarch64_max_initfn(Object *obj)
t = FIELD_DP64(t, ID_AA64ISAR0, DP, 1);
t = FIELD_DP64(t, ID_AA64ISAR0, FHM, 1);
t = FIELD_DP64(t, ID_AA64ISAR0, TS, 2); /* v8.5-CondM */
t = FIELD_DP64(t, ID_AA64ISAR0, RNDR, 1);
cpu->isar.id_aa64isar0 = t;
t = cpu->isar.id_aa64isar1;

View File

@ -22,6 +22,8 @@
#include "fpu/softfloat.h"
#include "qemu/range.h"
#include "qapi/qapi-commands-target.h"
#include "qapi/error.h"
#include "qemu/guest-random.h"
#define ARM_CPU_FREQ 1000000000 /* FIXME: 1 GHz, should be configurable */
@ -5707,43 +5709,82 @@ static const ARMCPRegInfo pauth_reginfo[] = {
{ .name = "APDAKEYLO_EL1", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 0, .crn = 2, .crm = 2, .opc2 = 0,
.access = PL1_RW, .accessfn = access_pauth,
.fieldoffset = offsetof(CPUARMState, apda_key.lo) },
.fieldoffset = offsetof(CPUARMState, keys.apda.lo) },
{ .name = "APDAKEYHI_EL1", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 0, .crn = 2, .crm = 2, .opc2 = 1,
.access = PL1_RW, .accessfn = access_pauth,
.fieldoffset = offsetof(CPUARMState, apda_key.hi) },
.fieldoffset = offsetof(CPUARMState, keys.apda.hi) },
{ .name = "APDBKEYLO_EL1", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 0, .crn = 2, .crm = 2, .opc2 = 2,
.access = PL1_RW, .accessfn = access_pauth,
.fieldoffset = offsetof(CPUARMState, apdb_key.lo) },
.fieldoffset = offsetof(CPUARMState, keys.apdb.lo) },
{ .name = "APDBKEYHI_EL1", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 0, .crn = 2, .crm = 2, .opc2 = 3,
.access = PL1_RW, .accessfn = access_pauth,
.fieldoffset = offsetof(CPUARMState, apdb_key.hi) },
.fieldoffset = offsetof(CPUARMState, keys.apdb.hi) },
{ .name = "APGAKEYLO_EL1", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 0, .crn = 2, .crm = 3, .opc2 = 0,
.access = PL1_RW, .accessfn = access_pauth,
.fieldoffset = offsetof(CPUARMState, apga_key.lo) },
.fieldoffset = offsetof(CPUARMState, keys.apga.lo) },
{ .name = "APGAKEYHI_EL1", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 0, .crn = 2, .crm = 3, .opc2 = 1,
.access = PL1_RW, .accessfn = access_pauth,
.fieldoffset = offsetof(CPUARMState, apga_key.hi) },
.fieldoffset = offsetof(CPUARMState, keys.apga.hi) },
{ .name = "APIAKEYLO_EL1", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 0, .crn = 2, .crm = 1, .opc2 = 0,
.access = PL1_RW, .accessfn = access_pauth,
.fieldoffset = offsetof(CPUARMState, apia_key.lo) },
.fieldoffset = offsetof(CPUARMState, keys.apia.lo) },
{ .name = "APIAKEYHI_EL1", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 0, .crn = 2, .crm = 1, .opc2 = 1,
.access = PL1_RW, .accessfn = access_pauth,
.fieldoffset = offsetof(CPUARMState, apia_key.hi) },
.fieldoffset = offsetof(CPUARMState, keys.apia.hi) },
{ .name = "APIBKEYLO_EL1", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 0, .crn = 2, .crm = 1, .opc2 = 2,
.access = PL1_RW, .accessfn = access_pauth,
.fieldoffset = offsetof(CPUARMState, apib_key.lo) },
.fieldoffset = offsetof(CPUARMState, keys.apib.lo) },
{ .name = "APIBKEYHI_EL1", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 0, .crn = 2, .crm = 1, .opc2 = 3,
.access = PL1_RW, .accessfn = access_pauth,
.fieldoffset = offsetof(CPUARMState, apib_key.hi) },
.fieldoffset = offsetof(CPUARMState, keys.apib.hi) },
REGINFO_SENTINEL
};
static uint64_t rndr_readfn(CPUARMState *env, const ARMCPRegInfo *ri)
{
Error *err = NULL;
uint64_t ret;
/* Success sets NZCV = 0000. */
env->NF = env->CF = env->VF = 0, env->ZF = 1;
if (qemu_guest_getrandom(&ret, sizeof(ret), &err) < 0) {
/*
* ??? Failed, for unknown reasons in the crypto subsystem.
* The best we can do is log the reason and return the
* timed-out indication to the guest. There is no reason
* we know to expect this failure to be transitory, so the
* guest may well hang retrying the operation.
*/
qemu_log_mask(LOG_UNIMP, "%s: Crypto failure: %s",
ri->name, error_get_pretty(err));
error_free(err);
env->ZF = 0; /* NZCF = 0100 */
return 0;
}
return ret;
}
/* We do not support re-seeding, so the two registers operate the same. */
static const ARMCPRegInfo rndr_reginfo[] = {
{ .name = "RNDR", .state = ARM_CP_STATE_AA64,
.type = ARM_CP_NO_RAW | ARM_CP_SUPPRESS_TB_END | ARM_CP_IO,
.opc0 = 3, .opc1 = 3, .crn = 2, .crm = 4, .opc2 = 0,
.access = PL0_R, .readfn = rndr_readfn },
{ .name = "RNDRRS", .state = ARM_CP_STATE_AA64,
.type = ARM_CP_NO_RAW | ARM_CP_SUPPRESS_TB_END | ARM_CP_IO,
.opc0 = 3, .opc1 = 3, .crn = 2, .crm = 4, .opc2 = 1,
.access = PL0_R, .readfn = rndr_readfn },
REGINFO_SENTINEL
};
#endif
@ -6690,6 +6731,9 @@ void register_cp_regs_for_features(ARMCPU *cpu)
if (cpu_isar_feature(aa64_pauth, cpu)) {
define_arm_cp_regs(cpu, pauth_reginfo);
}
if (cpu_isar_feature(aa64_rndr, cpu)) {
define_arm_cp_regs(cpu, rndr_reginfo);
}
#endif
/*

View File

@ -403,7 +403,7 @@ uint64_t HELPER(pacia)(CPUARMState *env, uint64_t x, uint64_t y)
return x;
}
pauth_check_trap(env, el, GETPC());
return pauth_addpac(env, x, y, &env->apia_key, false);
return pauth_addpac(env, x, y, &env->keys.apia, false);
}
uint64_t HELPER(pacib)(CPUARMState *env, uint64_t x, uint64_t y)
@ -413,7 +413,7 @@ uint64_t HELPER(pacib)(CPUARMState *env, uint64_t x, uint64_t y)
return x;
}
pauth_check_trap(env, el, GETPC());
return pauth_addpac(env, x, y, &env->apib_key, false);
return pauth_addpac(env, x, y, &env->keys.apib, false);
}
uint64_t HELPER(pacda)(CPUARMState *env, uint64_t x, uint64_t y)
@ -423,7 +423,7 @@ uint64_t HELPER(pacda)(CPUARMState *env, uint64_t x, uint64_t y)
return x;
}
pauth_check_trap(env, el, GETPC());
return pauth_addpac(env, x, y, &env->apda_key, true);
return pauth_addpac(env, x, y, &env->keys.apda, true);
}
uint64_t HELPER(pacdb)(CPUARMState *env, uint64_t x, uint64_t y)
@ -433,7 +433,7 @@ uint64_t HELPER(pacdb)(CPUARMState *env, uint64_t x, uint64_t y)
return x;
}
pauth_check_trap(env, el, GETPC());
return pauth_addpac(env, x, y, &env->apdb_key, true);
return pauth_addpac(env, x, y, &env->keys.apdb, true);
}
uint64_t HELPER(pacga)(CPUARMState *env, uint64_t x, uint64_t y)
@ -441,7 +441,7 @@ uint64_t HELPER(pacga)(CPUARMState *env, uint64_t x, uint64_t y)
uint64_t pac;
pauth_check_trap(env, arm_current_el(env), GETPC());
pac = pauth_computepac(x, y, env->apga_key);
pac = pauth_computepac(x, y, env->keys.apga);
return pac & 0xffffffff00000000ull;
}
@ -453,7 +453,7 @@ uint64_t HELPER(autia)(CPUARMState *env, uint64_t x, uint64_t y)
return x;
}
pauth_check_trap(env, el, GETPC());
return pauth_auth(env, x, y, &env->apia_key, false, 0);
return pauth_auth(env, x, y, &env->keys.apia, false, 0);
}
uint64_t HELPER(autib)(CPUARMState *env, uint64_t x, uint64_t y)
@ -463,7 +463,7 @@ uint64_t HELPER(autib)(CPUARMState *env, uint64_t x, uint64_t y)
return x;
}
pauth_check_trap(env, el, GETPC());
return pauth_auth(env, x, y, &env->apib_key, false, 1);
return pauth_auth(env, x, y, &env->keys.apib, false, 1);
}
uint64_t HELPER(autda)(CPUARMState *env, uint64_t x, uint64_t y)
@ -473,7 +473,7 @@ uint64_t HELPER(autda)(CPUARMState *env, uint64_t x, uint64_t y)
return x;
}
pauth_check_trap(env, el, GETPC());
return pauth_auth(env, x, y, &env->apda_key, true, 0);
return pauth_auth(env, x, y, &env->keys.apda, true, 0);
}
uint64_t HELPER(autdb)(CPUARMState *env, uint64_t x, uint64_t y)
@ -483,7 +483,7 @@ uint64_t HELPER(autdb)(CPUARMState *env, uint64_t x, uint64_t y)
return x;
}
pauth_check_trap(env, el, GETPC());
return pauth_auth(env, x, y, &env->apdb_key, true, 1);
return pauth_auth(env, x, y, &env->keys.apdb, true, 1);
}
uint64_t HELPER(xpaci)(CPUARMState *env, uint64_t a)

View File

@ -730,13 +730,14 @@ static void x86_cpu_vendor_words2str(char *dst, uint32_t vendor1,
CPUID_EXT_MONITOR | CPUID_EXT_SSSE3 | CPUID_EXT_CX16 | \
CPUID_EXT_SSE41 | CPUID_EXT_SSE42 | CPUID_EXT_POPCNT | \
CPUID_EXT_XSAVE | /* CPUID_EXT_OSXSAVE is dynamic */ \
CPUID_EXT_MOVBE | CPUID_EXT_AES | CPUID_EXT_HYPERVISOR)
CPUID_EXT_MOVBE | CPUID_EXT_AES | CPUID_EXT_HYPERVISOR | \
CPUID_EXT_RDRAND)
/* missing:
CPUID_EXT_DTES64, CPUID_EXT_DSCPL, CPUID_EXT_VMX, CPUID_EXT_SMX,
CPUID_EXT_EST, CPUID_EXT_TM2, CPUID_EXT_CID, CPUID_EXT_FMA,
CPUID_EXT_XTPR, CPUID_EXT_PDCM, CPUID_EXT_PCID, CPUID_EXT_DCA,
CPUID_EXT_X2APIC, CPUID_EXT_TSC_DEADLINE_TIMER, CPUID_EXT_AVX,
CPUID_EXT_F16C, CPUID_EXT_RDRAND */
CPUID_EXT_F16C */
#ifdef TARGET_X86_64
#define TCG_EXT2_X86_64_FEATURES (CPUID_EXT2_SYSCALL | CPUID_EXT2_LM)

View File

@ -226,3 +226,5 @@ DEF_HELPER_3(rcrl, tl, env, tl, tl)
DEF_HELPER_3(rclq, tl, env, tl, tl)
DEF_HELPER_3(rcrq, tl, env, tl, tl)
#endif
DEF_HELPER_1(rdrand, tl, env)

View File

@ -22,6 +22,8 @@
#include "exec/exec-all.h"
#include "qemu/host-utils.h"
#include "exec/helper-proto.h"
#include "qapi/error.h"
#include "qemu/guest-random.h"
//#define DEBUG_MULDIV
@ -470,3 +472,22 @@ void helper_cr4_testbit(CPUX86State *env, uint32_t bit)
raise_exception_ra(env, EXCP06_ILLOP, GETPC());
}
}
target_ulong HELPER(rdrand)(CPUX86State *env)
{
Error *err = NULL;
target_ulong ret;
if (qemu_guest_getrandom(&ret, sizeof(ret), &err) < 0) {
qemu_log_mask(LOG_UNIMP, "rdrand: Crypto failure: %s",
error_get_pretty(err));
error_free(err);
/* Failure clears CF and all other flags, and returns 0. */
env->cc_src = 0;
return 0;
}
/* Success sets CF and clears all others. */
env->cc_src = CC_C;
return ret;
}

View File

@ -5332,31 +5332,63 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu)
case 0x1c7: /* cmpxchg8b */
modrm = x86_ldub_code(env, s);
mod = (modrm >> 6) & 3;
if ((mod == 3) || ((modrm & 0x38) != 0x8))
goto illegal_op;
#ifdef TARGET_X86_64
if (dflag == MO_64) {
if (!(s->cpuid_ext_features & CPUID_EXT_CX16))
switch ((modrm >> 3) & 7) {
case 1: /* CMPXCHG8, CMPXCHG16 */
if (mod == 3) {
goto illegal_op;
gen_lea_modrm(env, s, modrm);
if ((s->prefix & PREFIX_LOCK) && (tb_cflags(s->base.tb) & CF_PARALLEL)) {
gen_helper_cmpxchg16b(cpu_env, s->A0);
} else {
gen_helper_cmpxchg16b_unlocked(cpu_env, s->A0);
}
} else
#ifdef TARGET_X86_64
if (dflag == MO_64) {
if (!(s->cpuid_ext_features & CPUID_EXT_CX16)) {
goto illegal_op;
}
gen_lea_modrm(env, s, modrm);
if ((s->prefix & PREFIX_LOCK) &&
(tb_cflags(s->base.tb) & CF_PARALLEL)) {
gen_helper_cmpxchg16b(cpu_env, s->A0);
} else {
gen_helper_cmpxchg16b_unlocked(cpu_env, s->A0);
}
set_cc_op(s, CC_OP_EFLAGS);
break;
}
#endif
{
if (!(s->cpuid_features & CPUID_CX8))
if (!(s->cpuid_features & CPUID_CX8)) {
goto illegal_op;
}
gen_lea_modrm(env, s, modrm);
if ((s->prefix & PREFIX_LOCK) && (tb_cflags(s->base.tb) & CF_PARALLEL)) {
if ((s->prefix & PREFIX_LOCK) &&
(tb_cflags(s->base.tb) & CF_PARALLEL)) {
gen_helper_cmpxchg8b(cpu_env, s->A0);
} else {
gen_helper_cmpxchg8b_unlocked(cpu_env, s->A0);
}
set_cc_op(s, CC_OP_EFLAGS);
break;
case 7: /* RDSEED */
case 6: /* RDRAND */
if (mod != 3 ||
(s->prefix & (PREFIX_LOCK | PREFIX_REPZ | PREFIX_REPNZ)) ||
!(s->cpuid_ext_features & CPUID_EXT_RDRAND)) {
goto illegal_op;
}
if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
gen_io_start();
}
gen_helper_rdrand(s->T0, cpu_env);
rm = (modrm & 7) | REX_B(s);
gen_op_mov_reg_v(s, dflag, rm, s->T0);
set_cc_op(s, CC_OP_EFLAGS);
if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
gen_io_end();
gen_jmp(s, s->pc - s->cs_base);
}
break;
default:
goto illegal_op;
}
set_cc_op(s, CC_OP_EFLAGS);
break;
/**************************/

View File

@ -23,6 +23,8 @@
#include "exec/helper-proto.h"
#include "crypto/aes.h"
#include "fpu/softfloat.h"
#include "qapi/error.h"
#include "qemu/guest-random.h"
#include "helper_regs.h"
/*****************************************************************************/
@ -158,25 +160,38 @@ uint32_t helper_cmpeqb(target_ulong ra, target_ulong rb)
#undef hasvalue
/*
* Return invalid random number.
*
* FIXME: Add rng backend or other mechanism to get cryptographically suitable
* random number
* Return a random number.
*/
target_ulong helper_darn32(void)
uint64_t helper_darn32(void)
{
return -1;
Error *err = NULL;
uint32_t ret;
if (qemu_guest_getrandom(&ret, sizeof(ret), &err) < 0) {
qemu_log_mask(LOG_UNIMP, "darn: Crypto failure: %s",
error_get_pretty(err));
error_free(err);
return -1;
}
return ret;
}
target_ulong helper_darn64(void)
uint64_t helper_darn64(void)
{
return -1;
Error *err = NULL;
uint64_t ret;
if (qemu_guest_getrandom(&ret, sizeof(ret), &err) < 0) {
qemu_log_mask(LOG_UNIMP, "darn: Crypto failure: %s",
error_get_pretty(err));
error_free(err);
return -1;
}
return ret;
}
#endif
#if defined(TARGET_PPC64)
uint64_t helper_bpermd(uint64_t rs, uint64_t rb)
{
int i;

View File

@ -1847,13 +1847,22 @@ static void gen_darn(DisasContext *ctx)
{
int l = L(ctx->opcode);
if (l == 0) {
gen_helper_darn32(cpu_gpr[rD(ctx->opcode)]);
} else if (l <= 2) {
/* Return 64-bit random for both CRN and RRN */
gen_helper_darn64(cpu_gpr[rD(ctx->opcode)]);
} else {
if (l > 2) {
tcg_gen_movi_i64(cpu_gpr[rD(ctx->opcode)], -1);
} else {
if (tb_cflags(ctx->base.tb) & CF_USE_ICOUNT) {
gen_io_start();
}
if (l == 0) {
gen_helper_darn32(cpu_gpr[rD(ctx->opcode)]);
} else {
/* Return 64-bit random for both CRN and RRN */
gen_helper_darn64(cpu_gpr[rD(ctx->opcode)]);
}
if (tb_cflags(ctx->base.tb) & CF_USE_ICOUNT) {
gen_io_end();
gen_stop_exception(ctx);
}
}
}
#endif

View File

@ -43,6 +43,7 @@
#include "crypto/hash.h"
#include "crypto/tlscredsanon.h"
#include "crypto/tlscredsx509.h"
#include "crypto/random.h"
#include "qom/object_interfaces.h"
#include "qemu/cutils.h"
#include "io/dns-resolver.h"
@ -2535,14 +2536,16 @@ void start_client_init(VncState *vs)
vnc_read_when(vs, protocol_client_init, 1);
}
static void make_challenge(VncState *vs)
static void authentication_failed(VncState *vs)
{
int i;
srand(time(NULL)+getpid()+getpid()*987654+rand());
for (i = 0 ; i < sizeof(vs->challenge) ; i++)
vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
vnc_write_u32(vs, 1); /* Reject auth */
if (vs->minor >= 8) {
static const char err[] = "Authentication failed";
vnc_write_u32(vs, sizeof(err));
vnc_write(vs, err, sizeof(err));
}
vnc_flush(vs);
vnc_client_error(vs);
}
static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
@ -2609,21 +2612,23 @@ static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
return 0;
reject:
vnc_write_u32(vs, 1); /* Reject auth */
if (vs->minor >= 8) {
static const char err[] = "Authentication failed";
vnc_write_u32(vs, sizeof(err));
vnc_write(vs, err, sizeof(err));
}
vnc_flush(vs);
vnc_client_error(vs);
authentication_failed(vs);
qcrypto_cipher_free(cipher);
return 0;
}
void start_auth_vnc(VncState *vs)
{
make_challenge(vs);
Error *err = NULL;
if (qcrypto_random_bytes(vs->challenge, sizeof(vs->challenge), &err)) {
trace_vnc_auth_fail(vs, vs->auth, "cannot get random bytes",
error_get_pretty(err));
error_free(err);
authentication_failed(vs);
return;
}
/* Send client a 'random' challenge */
vnc_write(vs, vs->challenge, sizeof(vs->challenge));
vnc_flush(vs);
@ -2638,13 +2643,7 @@ static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
* must pick the one we sent. Verify this */
if (data[0] != vs->auth) { /* Reject auth */
trace_vnc_auth_reject(vs, vs->auth, (int)data[0]);
vnc_write_u32(vs, 1);
if (vs->minor >= 8) {
static const char err[] = "Authentication failed";
vnc_write_u32(vs, sizeof(err));
vnc_write(vs, err, sizeof(err));
}
vnc_client_error(vs);
authentication_failed(vs);
} else { /* Accept requested auth */
trace_vnc_auth_start(vs, vs->auth);
switch (vs->auth) {
@ -2673,13 +2672,7 @@ static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
default: /* Should not be possible, but just in case */
trace_vnc_auth_fail(vs, vs->auth, "Unhandled auth method", "");
vnc_write_u8(vs, 1);
if (vs->minor >= 8) {
static const char err[] = "Authentication failed";
vnc_write_u32(vs, sizeof(err));
vnc_write(vs, err, sizeof(err));
}
vnc_client_error(vs);
authentication_failed(vs);
}
}
return 0;

View File

@ -54,5 +54,6 @@ util-obj-y += iova-tree.o
util-obj-$(CONFIG_INOTIFY1) += filemonitor-inotify.o
util-obj-$(CONFIG_LINUX) += vfio-helpers.o
util-obj-$(CONFIG_OPENGL) += drm.o
util-obj-y += guest-random.o
stub-obj-y += filemonitor-stub.o

93
util/guest-random.c Normal file
View File

@ -0,0 +1,93 @@
/*
* QEMU guest-visible random functions
*
* Copyright 2019 Linaro, Ltd.
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation; either version 2 of the License, or (at your option)
* any later version.
*/
#include "qemu/osdep.h"
#include "qemu-common.h"
#include "qemu/cutils.h"
#include "qapi/error.h"
#include "qemu/guest-random.h"
#include "crypto/random.h"
static __thread GRand *thread_rand;
static bool deterministic;
static int glib_random_bytes(void *buf, size_t len)
{
GRand *rand = thread_rand;
size_t i;
uint32_t x;
if (unlikely(rand == NULL)) {
/* Thread not initialized for a cpu, or main w/o -seed. */
thread_rand = rand = g_rand_new();
}
for (i = 0; i + 4 <= len; i += 4) {
x = g_rand_int(rand);
__builtin_memcpy(buf + i, &x, 4);
}
if (i < len) {
x = g_rand_int(rand);
__builtin_memcpy(buf + i, &x, i - len);
}
return 0;
}
int qemu_guest_getrandom(void *buf, size_t len, Error **errp)
{
if (unlikely(deterministic)) {
/* Deterministic implementation using Glib's Mersenne Twister. */
return glib_random_bytes(buf, len);
} else {
/* Non-deterministic implementation using crypto routines. */
return qcrypto_random_bytes(buf, len, errp);
}
}
void qemu_guest_getrandom_nofail(void *buf, size_t len)
{
qemu_guest_getrandom(buf, len, &error_fatal);
}
uint64_t qemu_guest_random_seed_thread_part1(void)
{
if (deterministic) {
uint64_t ret;
glib_random_bytes(&ret, sizeof(ret));
return ret;
}
return 0;
}
void qemu_guest_random_seed_thread_part2(uint64_t seed)
{
g_assert(thread_rand == NULL);
if (deterministic) {
thread_rand =
g_rand_new_with_seed_array((const guint32 *)&seed,
sizeof(seed) / sizeof(guint32));
}
}
int qemu_guest_random_seed_main(const char *optarg, Error **errp)
{
unsigned long long seed;
if (parse_uint_full(optarg, &seed, 0)) {
error_setg(errp, "Invalid seed number: %s", optarg);
return -1;
} else {
deterministic = true;
qemu_guest_random_seed_thread_part2(seed);
return 0;
}
}

4
vl.c
View File

@ -128,6 +128,7 @@ int main(int argc, char **argv)
#include "qapi/qapi-commands-ui.h"
#include "qapi/qmp/qerror.h"
#include "sysemu/iothread.h"
#include "qemu/guest-random.h"
#define MAX_VIRTIO_CONSOLES 1
@ -3349,6 +3350,9 @@ int main(int argc, char **argv, char **envp)
case QEMU_OPTION_DFILTER:
qemu_set_dfilter_ranges(optarg, &error_fatal);
break;
case QEMU_OPTION_seed:
qemu_guest_random_seed_main(optarg, &error_fatal);
break;
case QEMU_OPTION_s:
add_device_config(DEV_GDB, "tcp::" DEFAULT_GDBSTUB_PORT);
break;