kernel-packages team mailing list archive

Thread
Date
[Bug 575669] Re: Rapid depletion of entropy pool

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: agent 8131 <575669@xxxxxxxxxxxxxxxxxx>
Date: Tue, 31 Dec 2013 01:41:13 -0000
Reply-to: Bug 575669 <575669@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Christopher,

You did not address my previous question as to why that patch would
resolve this issue.

Am I correct in assuming that you are requesting that I reproduce these
conditions in the unreleased 14.04? It should be noted, if not reflected
in the bug status, that this is still a confirmed bug for 10.04 LTS and
12.04 LTS. Since the status of a bug may be different for different
releases is it the case that the bug status on this ticket is just meant
to reflect the state in the current development release? This is not
made clear in any of the documentation I've read.

For people coming across this bug report who have experienced
application blocking issues due to low available entropy (usually
running under some sort of virtualization) one easy solution is to
install the haveged package and run that daemon. Whether that provides
adequate security is open for debate, but it will prevent application
hangs while waiting for sufficient entropy.

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/575669

Title:
  Rapid depletion of entropy pool

Status in “linux” package in Ubuntu:
  Incomplete

Bug description:
  I was noticing that on several of my servers the available entropy has
  been exceedingly low for the last 6-7 months.  My guess is this
  problem began with Ubuntu 9.10 and continues in Ubuntu 10.04.  I came
  across some useful information here:

  http://lkml.org/lkml/2010/4/5/19

  And I confirmed that running:

  watch cat /proc/sys/kernel/random/entropy_avail

  will rapidly deplete the entropy pool.  But running the python script:

  import sys, time
  while True:
    sys.stdout.write(open('/proc/sys/kernel/random/entropy_avail', 'r').read())
    time.sleep(1)

  will not rapidly deplete the entropy pool.  This seems to support the
  hypothesis that entropy is being drained with each launch of a process
  which has been linked to the glibc randomized stack protector.  Some
  information about that can be found here:

  http://sourceware.org/ml/libc-alpha/2008-10/msg00006.html

  As many people who have run virtual servers can attest, low entropy on
  a server can cause a number of difficult to diagnose performance
  problems as processes block trying to access /dev/random.  Low entropy
  may also lead to a reduction in security for various cryptographic
  services.

  I'm not an expert in these matters and have limited ability to test as
  many of my servers are running older versions but it does appear that
  those older versions do not have this behavior.  This could also be a
  kernel issue but I thought I would start here and see if others can
  replicate this problem and help in diagnosing the issue.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/575669/+subscriptions