Mailing List Archive: Commit d9e7972619334656 breaks KVM's virtio-rng-pci

Commit d9e7972619334656 breaks KVM's virtio-rng-pci

Jul 20, 2014, 9:18 AM

Post #1 of 4 (147 views)

Hello,

the commit d9e7972619334656 ends up being responsible that using "-device virtio-rng-pci" in KVM no longer works.

From: Kees Cook <keescook@chromium.org>
Date: Mon, 3 Mar 2014 15:51:48 -0800
Subject: [PATCH] hwrng: add randomness to system from rng sources

When bringing a new RNG source online, it seems like it would make sense
to use some of its bytes to make the system entropy pool more random,
as done with all sorts of other devices that contain per-device or
per-boot differences.

When providing "-device virtio-rng-pci" to a kernel with the above commit, the kernel never finishes booting. It just stops. My guess it is waiting for some magic entropy to appear.

Maybe this is something that should be fixed in virtio-rng driver instead of reverting this patch, but I leave this to the experts in this area.

Regards

Marcel

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Re: Commit d9e7972619334656 breaks KVM's virtio-rng-pci [ In reply to ]

keescook at chromium

Jul 20, 2014, 10:39 AM

Post #2 of 4 (131 views)

Permalink

On Sun, Jul 20, 2014 at 9:18 AM, Marcel Holtmann <marcel@holtmann.org> wrote:
> Hello,
>
> the commit d9e7972619334656 ends up being responsible that using "-device virtio-rng-pci" in KVM no longer works.
>
> From: Kees Cook <keescook@chromium.org>
> Date: Mon, 3 Mar 2014 15:51:48 -0800
> Subject: [PATCH] hwrng: add randomness to system from rng sources
>
> When bringing a new RNG source online, it seems like it would make sense
> to use some of its bytes to make the system entropy pool more random,
> as done with all sorts of other devices that contain per-device or
> per-boot differences.
>
> When providing "-device virtio-rng-pci" to a kernel with the above commit, the kernel never finishes booting. It just stops. My guess it is waiting for some magic entropy to appear.
>
> Maybe this is something that should be fixed in virtio-rng driver instead of reverting this patch, but I leave this to the experts in this area.

Yup, this has already been handled. See various threads around:
https://lkml.org/lkml/2014/7/5/14

-Kees

--
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Re: Commit d9e7972619334656 breaks KVM's virtio-rng-pci [ In reply to ]

marcel at holtmann

Jul 20, 2014, 11:32 AM

Post #3 of 4 (131 views)

Permalink

Hi Kees,

>> the commit d9e7972619334656 ends up being responsible that using "-device virtio-rng-pci" in KVM no longer works.
>>
>> From: Kees Cook <keescook@chromium.org>
>> Date: Mon, 3 Mar 2014 15:51:48 -0800
>> Subject: [PATCH] hwrng: add randomness to system from rng sources
>>
>> When bringing a new RNG source online, it seems like it would make sense
>> to use some of its bytes to make the system entropy pool more random,
>> as done with all sorts of other devices that contain per-device or
>> per-boot differences.
>>
>> When providing "-device virtio-rng-pci" to a kernel with the above commit, the kernel never finishes booting. It just stops. My guess it is waiting for some magic entropy to appear.
>>
>> Maybe this is something that should be fixed in virtio-rng driver instead of reverting this patch, but I leave this to the experts in this area.
>
> Yup, this has already been handled. See various threads around:
> https://lkml.org/lkml/2014/7/5/14

I bisected 3.16-rc5 and it was not yet fixed there. It seems the fixes got merged less than 48 hours ago. Which means I just missed them. Tried with HEAD now and all looks good.

Regards

Marcel

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Re: Commit d9e7972619334656 breaks KVM's virtio-rng-pci [ In reply to ]

keescook at chromium

Jul 20, 2014, 12:07 PM

Post #4 of 4 (133 views)

Permalink

On Sun, Jul 20, 2014 at 11:32 AM, Marcel Holtmann <marcel@holtmann.org> wrote:
> Hi Kees,
>
>>> the commit d9e7972619334656 ends up being responsible that using "-device virtio-rng-pci" in KVM no longer works.
>>>
>>> From: Kees Cook <keescook@chromium.org>
>>> Date: Mon, 3 Mar 2014 15:51:48 -0800
>>> Subject: [PATCH] hwrng: add randomness to system from rng sources
>>>
>>> When bringing a new RNG source online, it seems like it would make sense
>>> to use some of its bytes to make the system entropy pool more random,
>>> as done with all sorts of other devices that contain per-device or
>>> per-boot differences.
>>>
>>> When providing "-device virtio-rng-pci" to a kernel with the above commit, the kernel never finishes booting. It just stops. My guess it is waiting for some magic entropy to appear.
>>>
>>> Maybe this is something that should be fixed in virtio-rng driver instead of reverting this patch, but I leave this to the experts in this area.
>>
>> Yup, this has already been handled. See various threads around:
>> https://lkml.org/lkml/2014/7/5/14
>
> I bisected 3.16-rc5 and it was not yet fixed there. It seems the fixes got merged less than 48 hours ago. Which means I just missed them. Tried with HEAD now and all looks good.

Great! Thanks for testing.

-Kees

--
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/