Features/Virtio RNG

From FedoraProject

< Features(Difference between revisions)
Jump to: navigation, search
(Update status, libvirt bits in F19 now)
(13 intermediate revisions by 2 users not shown)
Line 1: Line 1:
<!-- All fields on this form are required to be accepted by FESCo.
+
= Virtio RNG =
We also request that you maintain the same order of sections so that all of the feature pages are uniform.  -->
+
 
+
= VirtIORNG =
+
  
 
== Summary ==
 
== Summary ==
 
+
Provide a paravirtual random number generator to virtual machines, to prevent entropy starvation in guests.
Provide virtio-rng driver to KVM guests can take advantage of host entropy (random number generator hardware)
+
 
+
  
 
== Owner ==
 
== Owner ==
* Name: [[User:crobinso| Cole Robinson]]
+
* Name: [[User:crobinso|Cole Robinson]]
 
* Email: crobinso@redhat.com
 
* Email: crobinso@redhat.com
* Name: Amit Shah
+
* Name: [[User:Amitshah|Amit Shah]]
 
* Email: amit.shah@redhat.com
 
* Email: amit.shah@redhat.com
  
 
== Current status ==
 
== Current status ==
 
* Targeted release: [[Releases/19 | Fedora 19]]
 
* Targeted release: [[Releases/19 | Fedora 19]]
* Last updated:  
+
* Last updated: 2013-03-12
* Percentage of completion: TBS
+
* Percentage of completion: 90%
 
+
* Support for the VirtIO RNG device has been added to the QEMU sources starting from commit a9b7b2ad7b075dba5495271706670e5c6b1304bc. This is part of the QEMU 1.3 release. The Linux kernel contains the guest driver for the device since version 2.6.26.
+
  
 
== Detailed Description ==
 
== Detailed Description ==
<!-- Expand on the summary, if appropriate.  A couple sentences suffices to explain the goal, but the more details you can provide the better. -->
+
The linux kernel collects entropy from various non-deterministic hardware events, like mouse and keyboard input, and network traffic. This entropy is then exposed through /dev/random, commonly used by cryptographic applications that need true randomness to maintain security. However if more entropy is being consumed than is being produced, we have entropy starvation: reading from /dev/random will block, which can cause a denial of service. A common example here is use of /dev/random by SSL in various services.
 
+
VirtIO RNG is a paravirtualized device that is exposed as a hardware RNG device to the guest. On the host side, it can be wired up to one of several sources of entropy, including a real hardware RNG device as well as the host's /dev/random if hardware support doesn't exist.  
+
  
 +
VirtIO RNG (random number generator) is a paravirtualized device that is exposed as a hardware RNG device to the guest. Virtio RNG just appears as a regular hardware RNG to the guest, which the kernel reads from to fill its entropy pool. This effectively allows a host to inject entropy into a guest via several means: The default mode uses the host's /dev/random, but a physical HW RNG device or EGD (Entropy Gathering Daemon) source can also be used.
  
 
== Benefit to Fedora ==
 
== Benefit to Fedora ==
<!-- What is the benefit to the platform?  If this is a major capability update, what has changed?  If this is a new feature, what capabilities does it bring? Why will Fedora become a better distribution or project because of this feature?-->
+
Makes Fedora a better platform for hosting server VMs.
 
+
* Guests will have access to better and faster entropy.  
+
  
 
== Scope ==
 
== Scope ==
* TBS
+
* Virtio RNG driver in kernel (DONE, since 2.6.26)
 +
* QEMU Device (DONE, since qemu 1.3)
 +
* Libvirt support (DONE, in 1.0.3)
 
* Apps (all optional but would be nice if they are done)
 
* Apps (all optional but would be nice if they are done)
** TBS
+
** virt-install (Not done)
 
+
** virt-manager (Not done)
  
 
== How To Test ==
 
== How To Test ==
<!-- This does not need to be a full-fledged document.  Describe the dimensions of tests that this feature is expected to pass when it is done.  If it needs to be tested with different hardware or software configurations, indicate them.  The more specific you can be, the better the community testing can be.
+
TBD
  
Remember that you are writing this how to for interested testers to use to check out your feature - documenting what you do for testing is OK, but it's much better to document what *I* can do to test your feature.
+
XXX: Manual qemu bits at http://wiki.qemu.org/Features/VirtIORNG#Testing
 
+
A good "how to test" should answer these four questions:
+
 
+
0. What special hardware / data / etc. is needed (if any)?
+
1. How do I prepare my system to test this feature? What packages
+
need to be installed, config files edited, etc.?
+
2. What specific actions do I perform to check that the feature is
+
working like it's supposed to?
+
3. What are the expected results of those actions?
+
-->
+
 
+
See http://wiki.qemu.org/Features/VirtIORNG#Testing
+
  
 +
XXX: Libvirt instructions based on posted patches
  
 
== User Experience ==
 
== User Experience ==
 
+
Server VMs will have more options for avoiding entropy starvation.
Guests will have access to better and faster entropy.  
+
  
 
== Dependencies ==
 
== Dependencies ==
 
+
None.
None
+
 
+
  
 
== Contingency Plan ==
 
== Contingency Plan ==
 
+
Since this is brand new functionality, if it isn't ready in time, nothing has changed. We just drop this feature page.
TBS
+
 
+
  
 
== Documentation ==
 
== Documentation ==
<!-- Is there upstream documentation on this feature, or notes you have written yourself?  Link to that material here so other interested developers can get involved. -->
+
* [http://wiki.qemu-project.org/Features/VirtIORNG QEMU VirtIO RNG feature page]
 
+
* [https://lists.gnu.org/archive/html/qemu-devel/2012-05/msg02235.html QEMU patch email from May 2012]
* http://wiki.qemu-project.org/Features/VirtIORNG
+
* [https://www.redhat.com/archives/libvir-list/2013-January/msg00775.html Latest libvirt patch posting]
 
+
* [https://www.redhat.com/archives/libvir-list/2012-December/msg00937.html Libvirt RFC detailing potential future RNG daemon]
 +
* [http://egd.sourceforge.net/ Entropy gathering daemon (EGD)]
 +
* [http://log.amitshah.net/2013/01/about-random-numbers-and-virtual-machines/ Amit's post about virt and RNG]
 +
* [https://lwn.net/Articles/525459/ LWN article about random numbers]
  
 
== Release Notes ==
 
== Release Notes ==
<!-- The Fedora Release Notes inform end-users about what is new in the release. Examples of past release notes are here: http://docs.fedoraproject.org/release-notes/ -->
+
KVM and libvirt now support a paravirtual random number generator device. This can be used to prevent entropy starvation in virtual machines.
<!-- The release notes also help users know how to deal with platform changes such as ABIs/APIs, configuration or data file formats, or upgrade concerns.  If there are any such changes involved in this feature, indicate them here.  You can also link to upstream documentation if it satisfies this need.  This information forms the basis of the release notes edited by the documentation team and shipped with the release. -->
+
 
+
* TBS
+
  
 
== Comments and Discussion ==
 
== Comments and Discussion ==
 +
* fedora devel discussion about the feature: https://lists.fedoraproject.org/pipermail/devel/2013-February/177867.html
  
* TBS
+
[[Category:FeatureAcceptedF19]]
 
+
[[Category:Virtualization]]
 
+
[[Category:FeaturePageIncomplete]]
+
<!-- When your feature page is completed and ready for review -->
+
<!-- remove Category:FeaturePageIncomplete and change it to Category:FeatureReadyForWrangler -->
+
<!-- After review, the feature wrangler will move your page to Category:FeatureReadyForFesco... if it still needs more work it will move back to Category:FeaturePageIncomplete-->
+
<!-- A pretty picture of the page category usage is at: https://fedoraproject.org/wiki/Features/Policy/Process -->
+

Revision as of 14:12, 12 March 2013

Contents

Virtio RNG

Summary

Provide a paravirtual random number generator to virtual machines, to prevent entropy starvation in guests.

Owner

Current status

  • Targeted release: Fedora 19
  • Last updated: 2013-03-12
  • Percentage of completion: 90%

Detailed Description

The linux kernel collects entropy from various non-deterministic hardware events, like mouse and keyboard input, and network traffic. This entropy is then exposed through /dev/random, commonly used by cryptographic applications that need true randomness to maintain security. However if more entropy is being consumed than is being produced, we have entropy starvation: reading from /dev/random will block, which can cause a denial of service. A common example here is use of /dev/random by SSL in various services.

VirtIO RNG (random number generator) is a paravirtualized device that is exposed as a hardware RNG device to the guest. Virtio RNG just appears as a regular hardware RNG to the guest, which the kernel reads from to fill its entropy pool. This effectively allows a host to inject entropy into a guest via several means: The default mode uses the host's /dev/random, but a physical HW RNG device or EGD (Entropy Gathering Daemon) source can also be used.

Benefit to Fedora

Makes Fedora a better platform for hosting server VMs.

Scope

  • Virtio RNG driver in kernel (DONE, since 2.6.26)
  • QEMU Device (DONE, since qemu 1.3)
  • Libvirt support (DONE, in 1.0.3)
  • Apps (all optional but would be nice if they are done)
    • virt-install (Not done)
    • virt-manager (Not done)

How To Test

TBD

XXX: Manual qemu bits at http://wiki.qemu.org/Features/VirtIORNG#Testing

XXX: Libvirt instructions based on posted patches

User Experience

Server VMs will have more options for avoiding entropy starvation.

Dependencies

None.

Contingency Plan

Since this is brand new functionality, if it isn't ready in time, nothing has changed. We just drop this feature page.

Documentation

Release Notes

KVM and libvirt now support a paravirtual random number generator device. This can be used to prevent entropy starvation in virtual machines.

Comments and Discussion