Bug 439898 - module load option to enable entropy generation from e1000,bnx2 network cards
module load option to enable entropy generation from e1000,bnx2 network cards
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel (Show other bugs)
5.4
All Linux
low Severity low
: rc
: 5.4
Assigned To: Ivan Vecera
Red Hat Kernel QE team
: FutureFeature, HardwareEnablement
Depends On:
Blocks: 450783 483784 502011 502021
  Show dependency treegraph
 
Reported: 2008-03-31 18:02 EDT by Greg Marsden
Modified: 2010-10-22 19:35 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-09-02 04:58:05 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch to provide module option for entropy generation (1.94 KB, patch)
2008-03-31 18:02 EDT, Greg Marsden
no flags Details | Diff
e1000 entropy enable module option patch (1.50 KB, patch)
2008-03-31 18:02 EDT, Greg Marsden
no flags Details | Diff
Proposed patch (1.24 KB, patch)
2008-12-19 05:23 EST, Ivan Vecera
no flags Details | Diff
Final patch sent to review (2.20 KB, patch)
2008-12-19 06:24 EST, Ivan Vecera
no flags Details | Diff

  None (edit)
Description Greg Marsden 2008-03-31 18:02:10 EDT
Description of problem:

Applications requesting random data from /dev/random either hang, or print
out the following information message:

  Not enough random bytes available.  Please do some other work to give
  the OS a chance to collect more entropy!

Analysis:

In OEL4 and RHEL4, the e1000 module was contributing entropy to the system
by passing the IRQF_SAMPLE_RANDOM during request_irq() calls.  

Version-Release number of selected component (if applicable):


How reproducible:
On a diskless, keyboardless system, reading from /dev/random will hang forever
if system does not have hardware random support.



Additional info:
Patches attached to create add a load-time option for e1000 and bnx2 (default
does not change existing behavior)
Comment 1 Greg Marsden 2008-03-31 18:02:10 EDT
Created attachment 299775 [details]
patch to provide module option for entropy generation
Comment 2 Greg Marsden 2008-03-31 18:02:59 EDT
Created attachment 299776 [details]
e1000 entropy enable module option patch
Comment 3 Ivan Vecera 2008-06-13 14:56:32 EDT
This functionality was present in upstream but was removed by this commit:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=c0bc8721b8d0380ec69fa97578c91201201b05a9
The reason for removal is not known for me... maybe the security (see bug
#439920). As for the proposed patch it would be necessary to push it upstream
but the question is if is it acceptable by upstream...
Comment 9 Ivan Vecera 2008-12-09 10:47:11 EST
I prepared a testing kernel packages. Could you please test them? e1000 has entropy enabled (without using module param) and bnx2 has module parameter to enable entropy generation.
Comment 10 Ivan Vecera 2008-12-09 10:48:08 EST
[addition to Comment #9]
The packages are available at:
http://people.redhat.com/ivecera/rhel-5-ivtest/
Comment 12 Martin Wilck 2008-12-15 06:14:49 EST
But only e1000 and bnx2 are currently changed, correct? Any similar plans for igb and e1000e?
Comment 13 Ivan Vecera 2008-12-19 05:23:29 EST
Created attachment 327424 [details]
Proposed patch
Comment 15 Ivan Vecera 2008-12-19 06:24:23 EST
Created attachment 327433 [details]
Final patch sent to review
Comment 16 RHEL Product and Program Management 2009-02-16 10:42:19 EST
Updating PM score.
Comment 17 Don Zickus 2009-03-09 14:54:12 EDT
in kernel-2.6.18-134.el5
You can download this test kernel from http://people.redhat.com/dzickus/el5

Please do NOT transition this bugzilla state to VERIFIED until our QE team
has sent specific instructions indicating when to do so.  However feel free
to provide a comment indicating that this fix has been verified.
Comment 20 Chris Ward 2009-07-03 14:01:53 EDT
~~ Attention - RHEL 5.4 Beta Released! ~~

RHEL 5.4 Beta has been released! There should be a fix present in the Beta release that addresses this particular request. Please test and report back results here, at your earliest convenience. RHEL 5.4 General Availability release is just around the corner!

If you encounter any issues while testing Beta, please describe the issues you have encountered and set the bug into NEED_INFO. If you encounter new issues, please clone this bug to open a new issue and request it be reviewed for inclusion in RHEL 5.4 or a later update, if it is not of urgent severity.

Please do not flip the bug status to VERIFIED. Only post your verification results, and if available, update Verified field with the appropriate value.

Questions can be posted to this bug or your customer or partner representative.
Comment 21 Chris Ward 2009-07-10 15:04:11 EDT
~~ Attention Partners - RHEL 5.4 Snapshot 1 Released! ~~

RHEL 5.4 Snapshot 1 has been released on partners.redhat.com. If you have already reported your test results, you can safely ignore this request. Otherwise, please notice that there should be a fix available now that addresses this particular request. Please test and report back your results here, at your earliest convenience. The RHEL 5.4 exception freeze is quickly approaching.

If you encounter any issues while testing Beta, please describe the issues you have encountered and set the bug into NEED_INFO. If you encounter new issues, please clone this bug to open a new issue and request it be reviewed for inclusion in RHEL 5.4 or a later update, if it is not of urgent severity.

Do not flip the bug status to VERIFIED. Instead, please set your Partner ID in the Verified field above if you have successfully verified the resolution of this issue. 

Further questions can be directed to your Red Hat Partner Manager or other appropriate customer representative.
Comment 23 Chris Ward 2009-08-07 04:01:10 EDT
Oracle, 

Could you report back on the resolution of this issue in the RHEL 5.4 Beta bits available via RHN Beta Channel? Thanks.
Comment 24 Greg Marsden 2009-08-07 18:41:59 EDT
Thanks for including this patch.
Comment 26 Allen May 2009-08-14 14:32:38 EDT
Preliminary testing on a headless/keyboardless/mouseless system that was having trouble restarting services that use entropy is showing this working perfectly with the kernel-2.6.18-162.el5.i686.rpm build.

Anything I can do to help get this tested and verified for 5.4?

Allen
Comment 27 Martin Wilck 2009-08-24 04:57:15 EDT
It's looking good for bnx2, thanks. 

Side note: I had hoped for a more consistent treatment of the behavior across network drivers, but thanks anyway for adding the option to bnx2.
Comment 28 errata-xmlrpc 2009-09-02 04:58:05 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2009-1243.html

Note You need to log in before you can comment on or make changes to this bug.