[libvirt-users] virRandomBits - not very random
Brian Rak
brak at gameservers.com
Fri May 25 13:27:34 UTC 2018
On 5/25/2018 8:58 AM, Eric Blake wrote:
> Reviving an ancient thread:
>
> On 11/04/2014 02:18 AM, Daniel P. Berrange wrote:
>> On Mon, Nov 03, 2014 at 11:09:12AM -0500, Brian Rak wrote:
>>> I just ran into an issue where I had about 30 guests get duplicate mac
>>> addresses assigned. These were scattered across 30 different machines.
>>>
>>> Some debugging revealed that:
>>>
>>> 1) All the host machines were restarted within a couple seconds of each
>>> other
>>> 2) All the host machines had fairly similar libvirtd pids (within
>>> ~100 PIDs
>>> of each other)
>>> 3) Libvirt seeds the RNG using 'time(NULL) ^ getpid()'
>>>
>>> This perfectly explains why I saw so many duplicate mac addresses.
>>>
>>> Why is the RNG seed such a predictable value? Surely there has to be a
>>> better source of a random seed then the timestamp and the pid?
>>>
>>> The PID seems to me to be a very bad source of any randomness. I
>>> just ran a
>>> test across 60 of our hosts. 43 of them shared their PID with at
>>> least one
>>> other machine.
>>
>> We should probably seed it with data from /dev/urandom, and/or the new
>> Linux getrandom() syscall (or BSD equivalent).
>
> Did anyone ever open a BZ to track this? As far as I can tell, we
> still have a very predictable (meaning bad) seeding algorithm that
> permits large clusters to create collisions when their random number
> sequences sync up.
>
I never did. We just switched to maintaining the mac ourselves, and not
letting libvirt generate it.
More information about the libvirt-users
mailing list