Bug 1260686 - /dev/hwrng can't be accessed
/dev/hwrng can't be accessed
Status: CLOSED CURRENTRELEASE
Product: vdsm
Classification: oVirt
Component: General (Show other bugs)
---
Unspecified Unspecified
medium Severity medium (vote)
: ovirt-4.0.0-rc
: 4.18.0
Assigned To: Martin Polednik
Nikolai Sednev
: Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-09-07 08:53 EDT by jniederm
Modified: 2018-03-26 13:51 EDT (History)
13 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-08-04 09:29:14 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: Virt
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
rule-engine: ovirt‑4.0.0+
rule-engine: planning_ack+
tjelinek: devel_ack+
mavital: testing_ack+


Attachments (Terms of Use)
vdsm.log (8.54 MB, text/plain)
2015-09-07 08:53 EDT, jniederm
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
oVirt gerrit 54806 master MERGED virt: set correct permissions for hwrng device 2016-05-18 05:39 EDT

  None (edit)
Description jniederm 2015-09-07 08:53:09 EDT
Created attachment 1071017 [details]
vdsm.log

Description of problem:
Starting of vm with /dev/hwrng random generator set, but no physical generator attached to host, fails on vdsm side:
libvirtError: internal error: process exited while connecting to monitor: 2015-09-07T11:22:29.125501Z qemu-system-x86_64: -object rng-random,id=objrng0,filename=/dev/hwrng: Could not open '/dev/hwrng': Permission denied

Version-Release number of selected component (if applicable):
vdsm.noarch  4.17.4-6.git3154996.fc22

How reproducible:
100%

Steps to Reproduce:
1. Create a cluster with one host
2. Make sure the host has /dev/hwrng
3. Edit cluster, select Required Random Number Generator sources: /dev/hwrng
4. Create vm with random generator of source /dev/hwrng
5. Run the vm

Actual results:
Vm never finish starting. vdsm log contains:
Thread-561::ERROR::2015-09-07 07:22:29,248::vm::749::virt.vm::(_startUnderlyingVm) vmId=`2d5f1407-39d6-494e-8ee3-edc667cbce7e`::The vm start process failed
Traceback (most recent call last):
  File "/usr/share/vdsm/virt/vm.py", line 694, in _startUnderlyingVm
    self._run()
  File "/usr/share/vdsm/virt/vm.py", line 1865, in _run
    self._connection.createXML(domxml, flags),
  File "/usr/lib/python2.7/site-packages/vdsm/libvirtconnection.py", line 124, in wrapper
    ret = f(*args, **kwargs)
  File "/usr/lib64/python2.7/site-packages/libvirt.py", line 3523, in createXML
    if ret is None:raise libvirtError('virDomainCreateXML() failed', conn=self)
libvirtError: internal error: process exited while connecting to monitor: 2015-09-07T11:22:29.125501Z qemu-system-x86_64: -object rng-random,id=objrng0,filename=/dev/hwrng: Could not open '/dev/hwrng': Permission denied

Expected results:
vm either starts normally or enabling random generator of source /dev/hwrng is disabled

Additional info:
called on host:
# ll /dev/hwrng 
crw-------. 1 root root 10, 183 Sep  7 07:29 /dev/hwrng
# ll /dev/random 
crw-rw-rw-. 1 root root 1, 8 Sep  7 07:29 /dev/random
Comment 1 Dan Kenigsberg 2015-09-07 10:30:15 EDT
Could you provide libvirt, qemu and kernel versions?
Does it pass on el7?
Comment 2 jniederm 2015-09-07 10:40:01 EDT
libvirt.x86_64   1.2.13.1-2.fc22
qemu.x86_64      2:2.3.1-1.fc22
# uname -r
4.1.6-200.fc22.x86_64
Tested on Fedora 22
Comment 3 Martin Polednik 2015-09-10 08:25:25 EDT
Seems like 600 are default permissions for hwrng, therefore making it inaccessible to 'qemu' u/g. Tested even with dynamic_ownership=1 and didn't really help, so it's up to us to change the ownership.
Comment 4 Mike McCune 2016-03-28 19:09:17 EDT
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune@redhat.com with any questions
Comment 5 Sandro Bonazzola 2016-05-02 05:51:29 EDT
Moving from 4.0 alpha to 4.0 beta since 4.0 alpha has been already released and bug is not ON_QA.
Comment 6 Nikolai Sednev 2016-08-02 12:05:34 EDT
Works for me on these settings on host:
1)
rngd --rng-device=/dev/random
modprobe tpm-rng
chmod 666 /dev/hwrng
ll -ls /dev/hwrng                                                                                                             
0 crw-rw-rw-. 1 root root 10, 183 Aug  2 16:58 /dev/hwrng

Then started VM from engine's WEBUI with random generator of source /dev/hwrng and it booted up just fine.

2)
rngd --rng-device=/dev/urandom
modprobe tpm-rng
chmod 666 /dev/hwrng
ll -ls /dev/hwrng                                                                                                             
0 crw-rw-rw-. 1 root root 10, 183 Aug  2 16:58 /dev/hwrng

Then started VM from engine's WEBUI with random generator of source /dev/hwrng and it booted up just fine.

3)
rngd --rng-device=/dev/hwrng
modprobe tpm-rng
chmod 666 /dev/hwrng
ll -ls /dev/hwrng                                                                                                             
0 crw-rw-rw-. 1 root root 10, 183 Aug  2 16:58 /dev/hwrng

Then started VM with with random generator of source /dev/hwrng and it booted up just fine.

Host's components:
qemu-kvm-rhev-2.3.0-31.el7_2.20.x86_64
ovirt-imageio-daemon-0.3.0-0.el7ev.noarch
libvirt-client-1.2.17-13.el7_2.5.x86_64
ovirt-vmconsole-1.0.4-1.el7ev.noarch
vdsm-4.18.9-1.el7ev.x86_64
ovirt-host-deploy-1.5.1-1.el7ev.noarch
ovirt-hosted-engine-ha-2.0.1-1.el7ev.noarch
ovirt-hosted-engine-setup-2.0.1.3-1.el7ev.noarch
ovirt-engine-sdk-python-3.6.7.0-1.el7ev.noarch
mom-0.5.5-1.el7ev.noarch
rhev-release-4.0.2-5-001.noarch
ovirt-setup-lib-1.0.2-1.el7ev.noarch
ovirt-imageio-common-0.3.0-0.el7ev.noarch
ovirt-vmconsole-host-1.0.4-1.el7ev.noarch
sanlock-3.2.4-3.el7_2.x86_64
Linux version 3.10.0-327.30.1.el7.x86_64 (mockbuild@x86-039.build.eng.bos.redhat.com) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-4) (GCC) ) #1 SMP Wed Jul 13 22:09:46 EDT 2016
Linux 3.10.0-327.30.1.el7.x86_64 #1 SMP Wed Jul 13 22:09:46 EDT 2016 x86_64 x86_64 x86_64 GNU/Linux
Red Hat Enterprise Linux Server release 7.2 (Maipo)

Engine's components:
ovirt-engine-setup-base-4.0.2.3-0.1.el7ev.noarch
ovirt-engine-extensions-api-impl-4.0.2.3-0.1.el7ev.noarch
ovirt-engine-dbscripts-4.0.2.3-0.1.el7ev.noarch
ovirt-iso-uploader-4.0.0-1.el7ev.noarch
ovirt-engine-setup-plugin-ovirt-engine-4.0.2.3-0.1.el7ev.noarch
ovirt-engine-tools-backup-4.0.2.3-0.1.el7ev.noarch
ovirt-engine-4.0.2.3-0.1.el7ev.noarch
ovirt-vmconsole-proxy-1.0.4-1.el7ev.noarch
ovirt-engine-dwh-setup-4.0.2-1.el7ev.noarch
ovirt-engine-dwh-4.0.2-1.el7ev.noarch
ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.0.2.3-0.1.el7ev.noarch
ovirt-engine-cli-3.6.7.0-1.el7ev.noarch
ovirt-engine-setup-4.0.2.3-0.1.el7ev.noarch
ovirt-engine-userportal-debuginfo-4.0.2.3-0.1.el7ev.noarch
ovirt-engine-userportal-4.0.2.3-0.1.el7ev.noarch
ovirt-engine-backend-4.0.2.3-0.1.el7ev.noarch
ovirt-vmconsole-1.0.4-1.el7ev.noarch
ovirt-setup-lib-1.0.2-1.el7ev.noarch
ovirt-engine-dashboard-1.0.1-0.el7ev.x86_64
ovirt-engine-setup-plugin-ovirt-engine-common-4.0.2.3-0.1.el7ev.noarch
ovirt-engine-sdk-python-3.6.7.0-1.el7ev.noarch
ovirt-engine-websocket-proxy-4.0.2.3-0.1.el7ev.noarch
ovirt-engine-webadmin-portal-debuginfo-4.0.2.3-0.1.el7ev.noarch
ovirt-engine-tools-4.0.2.3-0.1.el7ev.noarch
ovirt-log-collector-4.0.0-1.el7ev.noarch
ovirt-host-deploy-java-1.5.1-1.el7ev.noarch
ovirt-engine-setup-plugin-websocket-proxy-4.0.2.3-0.1.el7ev.noarch
ovirt-engine-webadmin-portal-4.0.2.3-0.1.el7ev.noarch
python-ovirt-engine-sdk4-4.0.0-0.5.a5.el7ev.x86_64
ovirt-engine-lib-4.0.2.3-0.1.el7ev.noarch
ovirt-engine-vmconsole-proxy-helper-4.0.2.3-0.1.el7ev.noarch
ovirt-engine-restapi-4.0.2.3-0.1.el7ev.noarch
ovirt-image-uploader-4.0.0-1.el7ev.noarch
ovirt-host-deploy-1.5.1-1.el7ev.noarch
ovirt-engine-extension-aaa-jdbc-1.1.0-1.el7ev.noarch
rhev-guest-tools-iso-4.0-5.el7ev.noarch
rhevm-setup-plugins-4.0.0.2-1.el7ev.noarch
rhev-release-4.0.2-5-001.noarch
rhevm-doc-4.0.0-3.el7ev.noarch
rhevm-branding-rhev-4.0.0-3.el7ev.noarch
rhevm-guest-agent-common-1.0.12-3.el7ev.noarch
rhevm-4.0.2.3-0.1.el7ev.noarch
rhevm-spice-client-x64-msi-4.0-3.el7ev.noarch
rhevm-spice-client-x86-msi-4.0-3.el7ev.noarch
rhevm-dependencies-4.0.0-1.el7ev.noarch
rhev-release-4.0.1-2-001.noarch
Linux version 3.10.0-327.30.1.el7.x86_64 (mockbuild@x86-039.build.eng.bos.redhat.com) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-4) (GCC) ) #1 SMP Wed Jul 13 22:09:46 EDT 2016
Linux 3.10.0-327.30.1.el7.x86_64 #1 SMP Wed Jul 13 22:09:46 EDT 2016 x86_64 x86_64 x86_64 GNU/Linux
Red Hat Enterprise Linux Server release 7.2 (Maipo)

Note You need to log in before you can comment on or make changes to this bug.