[Xen-devel] dom0 and domU /dev/urandom generating too less entro

To:	XEN User - listmembers <xen-users@xxxxxxxxxxxxxxxxxxx>, XEN Devel - listmembers <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject:	[Xen-devel] dom0 and domU /dev/urandom generating too less entropy
From:	Stephan Seitz <s.seitz@xxxxxxxxxxxx>
Date:	Wed, 10 Oct 2007 22:00:10 +0200
Delivery-date:	Wed, 10 Oct 2007 13:01:19 -0700
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Organization:	netz-haut e.K.
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent:	Thunderbird 2.0.0.4 (X11/20070604)

Hi there,

I've recently seen problems after migrating physical servers into
paravirtualized domU's.

The migrated systems vary from debian woody, sarge, ubuntu >=breezy,
each system with it's own but manageable problems.

On thing in common is: /dev/urandom generates too less entropy for
e.g. ssh-keygen.
Last days, i found even sshd itself dying by too less entropy:

sshd[26134]: fatal: Couldn't obtain random bytes (error 604389476)

We're using an own build derived from the 3.1.0 tarball, but without
any substantial changes to the code:
The currently used kernel has been heavily patched, but this issue
doesn't seem to be kernel-specific.
We tried the 2.6.18 (xensource 3.1.0) as well as different distro
kernels.

host                   :
release                : 2.6.20-100-server
version                : #2 SMP Sat Jun 2 12:18:40 UTC 2007
machine                : i686
nr_cpus                : 4
nr_nodes               : 1
sockets_per_node       : 1
cores_per_socket       : 4
threads_per_core       : 1
cpu_mhz                : 2394
hw_caps                : 
bfebfbff:20100000:00000000:00000140:0000e3bd:00000000:00000001
total_memory           : 8190
free_memory            : 1
xen_major              : 3
xen_minor              : 1
xen_extra              : .0
xen_caps               : xen-3.0-x86_32p hvm-3.0-x86_32 hvm-3.0-x86_32p
xen_scheduler          : credit
xen_pagesize           : 4096
platform_params        : virt_start=0xf5800000
xen_changeset          : unavailable
cc_compiler            : gcc version 4.1.2 (Ubuntu 4.1.2-0ubuntu4)
cc_compile_by          : root
cc_compile_domain      : halo.local
cc_compile_date        : Wed May 23 02:33:53 CEST 2007
xend_config_format     : 4


Do you know about a workaround, or maybe the possibility for another 
(xen-specific) RNG
besides of /dev/urandom ?

Thanks in advance!


-- 
Stephan Seitz
Senior System Administrator

*netz-haut* e.K.
multimediale kommunikation

zweierweg 22
97074 würzburg

fon: +49 931 2876247
fax: +49 931 2876248

web: www.netz-haut.de <http://www.netz-haut.de/>

registriergericht: amtsgericht würzburg, hra 5054

s.seitz.vcf
Description: Vcard

signature.asc
Description: OpenPGP digital signature

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

xen-users

[Xen-devel] dom0 and domU /dev/urandom generating too less entropy