Port-xen archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: nothing contributing entropy in Xen domUs? or dom0!!!

At 2021年3月31日 21:58:48 -0400, Thor Lancelot Simon <tls%panix.com@localhost> wrote:
Subject: Re: nothing contributing entropy in Xen domUs? (causing python3.7 rebuild to get stuck in kernel in "entropy" during an "import" statement)
>
> On Wed, Mar 31, 2021 at 11:24:07AM +0200, Manuel Bouyer wrote:
> > On Tue, Mar 30, 2021 at 10:42:53PM +0000, Taylor R Campbell wrote:
> > >
> > > There are no virtual RNG devices on the system in question, according
> > > to the quoted `rndctl -l' output. Perhaps the VM host needs to be
> > > taught to expose a virtio-rng device to the guest?
> >
> > There is no such thing in Xen.
>
> Is the CPU so old that it doesn't have RDRAND / RDSEED, or is Xen perhaps
> masking these CPU features from the guest?
So I don't quite know how to tell for sure (because "cpuid", for one,
doesn't seem to even seem to include strings within it to report either
of those features, and because figuring it out from the magic names
given in places like Wikipedia is too hard), but in theory my CPU is
very much new enough to have at least one of those features.
In this particular example server it's in a Dell R510 with a pair of
6-core E5645 CPUs that "cpuid" shows the following for (in the dom0):
# cpuid
 eax in eax ebx ecx edx
00000000 0000000b 756e6547 6c65746e 49656e69
00000001 000206c2 20200800 029ee3ff bfebfbff
00000002 55035a01 00f0b2ff 00000000 00ca0000
00000003 00000000 00000000 00000000 00000000
00000004 3c004121 01c0003f 0000003f 00000000
00000005 00000040 00000040 00000003 00001120
00000006 00000007 00000002 00000001 00000000
00000007 00000000 00000000 00000000 00000000
00000008 00000000 00000000 00000000 00000000
00000009 00000000 00000000 00000000 00000000
0000000a 07300403 00000004 00000000 00000603
0000000b 00000001 00000002 00000100 00000020
80000000 80000008 00000000 00000000 00000000
80000001 00000000 00000000 00000001 2c100800
80000002 65746e49 2952286c 6f655820 2952286e
80000003 55504320 20202020 20202020 45202020
80000004 35343635 20402020 30342e32 007a4847
80000005 00000000 00000000 00000000 00000000
80000006 00000000 00000000 01006040 00000000
80000007 00000000 00000000 00000000 00000100
80000008 00003028 00000000 00000000 00000000
Vendor ID: "GenuineIntel"; CPUID level 11
Intel-specific functions:
Version 000206c2:
Type 0 - Original OEM
Family 6 - Pentium Pro
Model 12 -
Stepping 2
Reserved 8
Extended brand string: "Intel(R) Xeon(R) CPU E5645 @ 2.40GHz"
CLFLUSH instruction cache line size: 8
Initial APIC ID: 32
Hyper threading siblings: 32
Feature flags bfebfbff:
FPU Floating Point Unit
VME Virtual 8086 Mode Enhancements
DE Debugging Extensions
PSE Page Size Extensions
TSC Time Stamp Counter
MSR Model Specific Registers
PAE Physical Address Extension
MCE Machine Check Exception
CX8 COMPXCHG8B Instruction
APIC On-chip Advanced Programmable Interrupt Controller present and enabled
SEP Fast System Call
MTRR Memory Type Range Registers
PGE PTE Global Flag
MCA Machine Check Architecture
CMOV Conditional Move and Compare Instructions
FGPAT Page Attribute Table
PSE-36 36-bit Page Size Extension
CLFSH CFLUSH instruction
DS Debug store
ACPI Thermal Monitor and Clock Ctrl
MMX MMX instruction set
FXSR Fast FP/MMX Streaming SIMD Extensions save/restore
SSE Streaming SIMD Extensions instruction set
SSE2 SSE2 extensions
SS Self Snoop
HT Hyper Threading
TM Thermal monitor
31 reserved
TLB and cache info:
5a: unknown TLB/cache descriptor
03: Data TLB: 4KB pages, 4-way set assoc, 64 entries
55: unknown TLB/cache descriptor
ff: unknown TLB/cache descriptor
b2: unknown TLB/cache descriptor
f0: unknown TLB/cache descriptor
ca: unknown TLB/cache descriptor
Processor serial: 0002-06C2-0000-0000-0000-0000
Xen does indeed hide features in the vcpu it presents to a PV domU:
$ cpuid
 eax in eax ebx ecx edx
00000000 0000000b 756e6547 6c65746e 49656e69
00000001 000206c2 22200800 02982203 1fc9cbf5
00000002 55035a01 00f0b2ff 00000000 00ca0000
00000003 00000000 00000000 00000000 00000000
00000004 3c004121 01c0003f 0000003f 00000000
00000005 00000040 00000040 00000003 00001120
00000006 00000007 00000002 00000001 00000000
00000007 00000000 00000000 00000000 00000000
00000008 00000000 00000000 00000000 00000000
00000009 00000000 00000000 00000000 00000000
0000000a 07300403 00000004 00000000 00000603
0000000b 00000001 00000002 00000100 00000022
80000000 80000008 00000000 00000000 00000000
80000001 00000000 00000000 00000001 20100800
80000002 65746e49 2952286c 6f655820 2952286e
80000003 55504320 20202020 20202020 45202020
80000004 35343635 20402020 30342e32 007a4847
80000005 00000000 00000000 00000000 00000000
80000006 00000000 00000000 01006040 00000000
80000007 00000000 00000000 00000000 00000100
80000008 00003028 00000000 00000000 00000000
Vendor ID: "GenuineIntel"; CPUID level 11
Intel-specific functions:
Version 000206c2:
Type 0 - Original OEM
Family 6 - Pentium Pro
Model 12 -
Stepping 2
Reserved 8
Extended brand string: "Intel(R) Xeon(R) CPU E5645 @ 2.40GHz"
CLFLUSH instruction cache line size: 8
Initial APIC ID: 34
Hyper threading siblings: 32
Feature flags 1fc9cbf5:
FPU Floating Point Unit
DE Debugging Extensions
TSC Time Stamp Counter
MSR Model Specific Registers
PAE Physical Address Extension
MCE Machine Check Exception
CX8 COMPXCHG8B Instruction
APIC On-chip Advanced Programmable Interrupt Controller present and enabled
SEP Fast System Call
MCA Machine Check Architecture
CMOV Conditional Move and Compare Instructions
FGPAT Page Attribute Table
CLFSH CFLUSH instruction
ACPI Thermal Monitor and Clock Ctrl
MMX MMX instruction set
FXSR Fast FP/MMX Streaming SIMD Extensions save/restore
SSE Streaming SIMD Extensions instruction set
SSE2 SSE2 extensions
SS Self Snoop
HT Hyper Threading
TLB and cache info:
5a: unknown TLB/cache descriptor
03: Data TLB: 4KB pages, 4-way set assoc, 64 entries
55: unknown TLB/cache descriptor
ff: unknown TLB/cache descriptor
b2: unknown TLB/cache descriptor
f0: unknown TLB/cache descriptor
ca: unknown TLB/cache descriptor
Processor serial: 0002-06C2-0000-0000-0000-0000
I noted today though that entropy doesn't seem to be accumulating even
in the dom0 despite there being many useful sources configured to both
collect and "estimate" _and_ despite the fact there's a valid-looking
$random_file that was saved and reloaded by /etc/rc.d/random_seed (and
saved again every day by /etc/security):
# /etc/rc.d/random_seed rcvar
# random_seed
random_seed=YES
# ls -l /etc/entropy-file
-rw------- 1 root wheel 536 Mar 31 04:15 /etc/entropy-file
# rndctl -l
Source Bits Type Flags
ipmi0-Temp 0 env estimate, collect, v, t, dv, dt
ipmi0-Temp1 0 env estimate, collect, v, t, dv, dt
ipmi0-Temp2 0 env estimate, collect, v, t, dv, dt
ipmi0-Temp3 0 env estimate, collect, v, t, dv, dt
ipmi0-Ambient-T 0 env estimate, collect, v, t, dv, dt
ipmi0-Planar-Te 0 env estimate, collect, v, t, dv, dt
ipmi0-FAN-MOD-1 0 env estimate, collect, v, t, dv, dt
ipmi0-FAN-MOD-1 0 env estimate, collect, v, t, dv, dt
ipmi0-FAN-MOD-2 0 env estimate, collect, v, t, dv, dt
ipmi0-FAN-MOD-2 0 env estimate, collect, v, t, dv, dt
ipmi0-FAN-MOD-3 0 env estimate, collect, v, t, dv, dt
ipmi0-FAN-MOD-3 0 env estimate, collect, v, t, dv, dt
ipmi0-FAN-MOD-4 0 env estimate, collect, v, t, dv, dt
ipmi0-Status 0 ??? estimate, collect, t, dt
ipmi0-Voltage 0 power estimate, collect, v, t, dv, dt
ipmi0-Voltage1 0 power estimate, collect, v, t, dv, dt
ipmi0-Status1 0 ??? estimate, collect, t, dt
ipmi0-Intrusion 0 ??? estimate, collect, t, dt
ipmi0-Temp4 0 env estimate, collect, v, t, dv, dt
ipmi0-Temp5 0 env estimate, collect, v, t, dv, dt
ipmi0-Temp6 0 env estimate, collect, v, t, dv, dt
ipmi0-FAN-MOD-4 0 env estimate, collect, v, t, dv, dt
ipmi0-FAN-MOD-5 0 env estimate, collect, v, t, dv, dt
ipmi0-FAN-MOD-5 0 env estimate, collect, v, t, dv, dt
ipmi0-Ambient-T 0 env estimate, collect, v, t, dv, dt
ipmi0-Ambient-T 0 env estimate, collect, v, t, dv, dt
ums0 0 tty estimate, collect, v, t, dt
ukbd0 0 tty estimate, collect, v, t, dt
/dev/random 0 ??? estimate, collect, v
sd2 0 disk estimate, collect, v, t, dt
sd1 0 disk estimate, collect, v, t, dt
sd0 0 disk estimate, collect, v, t, dt
cpu0 0 vm estimate, collect, v, t, dv
hardclock 0 skew estimate, collect, t
pckbd0 0 tty estimate, collect, v, t, dt
system-power 0 power estimate, collect, v, t, dt
autoconf 0 ??? estimate, collect, t
seed 0 ??? estimate, collect, v
# sysctl kern.entropy
kern.entropy.collection = 1
kern.entropy.depletion = 0
kern.entropy.consolidate = -23552
kern.entropy.gather = -23552
kern.entropy.needed = 256
kern.entropy.pending = 0
kern.entropy.epoch = 19
--
					Greg A. Woods <gwoods%acm.org@localhost>
Kelowna, BC +1 250 762-7675 RoboHack <woods%robohack.ca@localhost>
Planix, Inc. <woods%planix.com@localhost> Avoncote Farms <woods%avoncote.ca@localhost>

Attachment: pgpmNrn4jilrB.pgp
Description: OpenPGP Digital Signature

Home | Main Index | Thread Index | Old Index

AltStyle によって変換されたページ (->オリジナル) /