Description of problem: Applications requesting random data from /dev/random either hang, or print out the following information message: Not enough random bytes available. Please do some other work to give the OS a chance to collect more entropy! Analysis: In OEL4 and RHEL4, the e1000 module was contributing entropy to the system by passing the IRQF_SAMPLE_RANDOM during request_irq() calls. Version-Release number of selected component (if applicable): How reproducible: On a diskless, keyboardless system, reading from /dev/random will hang forever if system does not have hardware random support. Additional info: Patches attached to create add a load-time option for e1000 and bnx2 (default does not change existing behavior)
Created attachment 299775 [details] patch to provide module option for entropy generation
Created attachment 299776 [details] e1000 entropy enable module option patch
This functionality was present in upstream but was removed by this commit: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=c0bc8721b8d0380ec69fa97578c91201201b05a9 The reason for removal is not known for me... maybe the security (see bug #439920). As for the proposed patch it would be necessary to push it upstream but the question is if is it acceptable by upstream...
I prepared a testing kernel packages. Could you please test them? e1000 has entropy enabled (without using module param) and bnx2 has module parameter to enable entropy generation.
[addition to Comment #9] The packages are available at: http://people.redhat.com/ivecera/rhel-5-ivtest/
But only e1000 and bnx2 are currently changed, correct? Any similar plans for igb and e1000e?
Created attachment 327424 [details] Proposed patch
Created attachment 327433 [details] Final patch sent to review
Updating PM score.
in kernel-2.6.18-134.el5 You can download this test kernel from http://people.redhat.com/dzickus/el5 Please do NOT transition this bugzilla state to VERIFIED until our QE team has sent specific instructions indicating when to do so. However feel free to provide a comment indicating that this fix has been verified.
~~ Attention - RHEL 5.4 Beta Released! ~~ RHEL 5.4 Beta has been released! There should be a fix present in the Beta release that addresses this particular request. Please test and report back results here, at your earliest convenience. RHEL 5.4 General Availability release is just around the corner! If you encounter any issues while testing Beta, please describe the issues you have encountered and set the bug into NEED_INFO. If you encounter new issues, please clone this bug to open a new issue and request it be reviewed for inclusion in RHEL 5.4 or a later update, if it is not of urgent severity. Please do not flip the bug status to VERIFIED. Only post your verification results, and if available, update Verified field with the appropriate value. Questions can be posted to this bug or your customer or partner representative.
~~ Attention Partners - RHEL 5.4 Snapshot 1 Released! ~~ RHEL 5.4 Snapshot 1 has been released on partners.redhat.com. If you have already reported your test results, you can safely ignore this request. Otherwise, please notice that there should be a fix available now that addresses this particular request. Please test and report back your results here, at your earliest convenience. The RHEL 5.4 exception freeze is quickly approaching. If you encounter any issues while testing Beta, please describe the issues you have encountered and set the bug into NEED_INFO. If you encounter new issues, please clone this bug to open a new issue and request it be reviewed for inclusion in RHEL 5.4 or a later update, if it is not of urgent severity. Do not flip the bug status to VERIFIED. Instead, please set your Partner ID in the Verified field above if you have successfully verified the resolution of this issue. Further questions can be directed to your Red Hat Partner Manager or other appropriate customer representative.
Oracle, Could you report back on the resolution of this issue in the RHEL 5.4 Beta bits available via RHN Beta Channel? Thanks.
Thanks for including this patch.
Preliminary testing on a headless/keyboardless/mouseless system that was having trouble restarting services that use entropy is showing this working perfectly with the kernel-2.6.18-162.el5.i686.rpm build. Anything I can do to help get this tested and verified for 5.4? Allen
It's looking good for bnx2, thanks. Side note: I had hoped for a more consistent treatment of the behavior across network drivers, but thanks anyway for adding the option to bnx2.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2009-1243.html