RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1796077 - [Hyper-V][RHEL7.7] JITTER rngd source doesn't work in Hyper-V guest VMs
Summary: [Hyper-V][RHEL7.7] JITTER rngd source doesn't work in Hyper-V guest VMs
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: rng-tools
Version: 7.7
Hardware: x86_64
OS: Linux
unspecified
low
Target Milestone: rc
: 7.8
Assignee: Neil Horman
QA Contact: xuli
URL:
Whiteboard:
Depends On:
Blocks: 1801155
TreeView+ depends on / blocked
 
Reported: 2020-01-29 14:44 UTC by Michael Kelley
Modified: 2021-03-25 15:55 UTC (History)
17 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1801155 (view as bug list)
Environment:
Last Closed: 2020-03-31 20:12:13 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
patch to use rdtsc in jitterentropy (1001 bytes, patch)
2020-01-29 18:24 UTC, Neil Horman 		no flags Details | Diff
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2020:1202 0 None None None 2020-03-31 20:12:18 UTC

Description Michael Kelley 2020-01-29 14:44:19 UTC 
Description of problem:

JITTER rng source fails to initialize during boot

Version-Release number of selected component (if applicable):

6.3.1

How reproducible:

Reproduces on every boot

Steps to Reproduce:
1. Boot RHEL 7.7 in a Hyper-V VM
2. Run "systemctl status rngd" to see the status of the rng daemon
3. Observe that "JITTER rng fails with code 2" is reported

Actual results:

JITTER rng fails to initialize with code 2


Expected results:

JITTER rng initializes correctly


Additional info:
Comment 2 Michael Kelley 2020-01-29 14:46:44 UTC 
Problem has already been investigated as a side issue in BZ #1785085.  The JITTER rng source uses clock_gettime() to get timing information, and in Hyper-V guests this call has a resolution of 100 nanoseconds, which is too coarse for JITTER rng purposes.  (The code 2 error result means ECOARSETIME.)  The expectation is that if the JITTER rng source used the RDTSC instruction for timing information, it would work correctly in a Hyper-V VM.
Comment 3 Neil Horman 2020-01-29 18:24:25 UTC 
Created attachment 1656366 [details]
patch to use rdtsc in jitterentropy

It needs cleanup, but this patch should switch x8664 systems to use rdtsc in userspace for jitterentropy.  I'm traveling right now, so I can't build it, but I wanted to get it to you so you could test it out.
Comment 4 Michael Kelley 2020-01-29 23:05:13 UTC 
I applied the patch and rebuilt rngd.  With the new version installed, the VM now boots up with the JITTER source working properly, and rngd does not terminate due to lack of any entropy sources. So the patch looks good.
Comment 5 Neil Horman 2020-02-07 18:08:44 UTC 
https://github.com/smuellerDD/jitterentropy-library/pull/15

Comitted upstream, will backport when this is approved
Comment 7 Neil Horman 2020-02-07 19:51:07 UTC 
In response to comment #6:
1. What is the scope of harm if this BZ is not resolved in this release? Reviewers want to know which RHEL features or customers are affected and if it will impact any Layered Product or Hardware partner plans.
Currently The MS Azure cloud tunes its hypervisor to provide a very coarse granularity clock (as retunrned by ns_gettime), such that the jitter entropy source in rng-tools is unable to get an accurate estimate in the timing variance of load/store operations, and as a result is unusable.  Given that on Guest VMs in public clouds, this source tends to be the only entropy source available, the system entropy pool can be depleted very quickly, resulting in high latenncy during boot. 
 
2. What are the risks associated with resolving this BZ? Reviewers want to know the scope of retesting, potential regressions.
The solution to this problem is to replace the call to ns_gettime in the application with a call to the machines rdtsc instruction, which is available at a much more fine granularity.  The greatest risk to this fix is the possibility that a cloud provider will also limit the granularity of this instruction, re-creating the problem as initially described

3. Provide any other details that meet blocker criteria or should be weighed in making a decision (Other releases affected, upstream status, business impacts, etc).
This issue has already been fixed upstream:
https://github.com/smuellerDD/jitterentropy-library/pull/15
As it has impact on all RHEL releases that use the rngd daemon on cloud providers which limit clock granularity to VMs (currently only Azure, but others may appear in the future)
Comment 22 errata-xmlrpc 2020-03-31 20:12:13 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:1202
Note You need to log in before you can comment on or make changes to this bug.