[pve-devel] Qemu / virtio-rng-pci

Alexandre DERUMIER aderumier at odiso.com
Wed Jun 3 22:55:16 CEST 2015


>>The problem is that the implementation done by redhat of the interface is 
>>not very good and it can result in hanging qemu processes

That's what I understand if you don't have hardware to generate enough fast entropy on host.
(entropy starvation if a lot of qemu guest acces to host /dev/random).

I think it can be solved by :

1) host : hardware entropy ---> virtio-ring guest
2) host : >=ivybridge (RDRAND) + rngd daemon  to feed /dev/random    ---> virtio-ring guest
3) host : >=broadwell (RDSEED) (hardware /dev/random)  --->virtio-ring guest 
4) guest > qemu 2.3 >=ivibridge (RDRAND) + rngd daemon in guest to feed /dev/random

----- Mail original -----
De: "Stefan Priebe" <s.priebe at profihost.ag>
À: "dietmar" <dietmar at proxmox.com>, "aderumier" <aderumier at odiso.com>
Cc: "pve-devel" <pve-devel at pve.proxmox.com>
Envoyé: Mercredi 3 Juin 2015 20:41:48
Objet: Re: [pve-devel] Qemu / virtio-rng-pci

Am 03.06.2015 um 17:29 schrieb Dietmar Maurer: 
>>> Well, the patch check the version of qemu or the machine option or 
>>> forcemachine from qemu live migration. 
>> 
>> Ah ok sorry didn't saw this. But I still think it's bad to rely on qemu 
>> versions. 
>> What about a pve compatibility flag in the conf file which gets only reset on 
>> a fresh start? Might be also useful for suspends or snapshots? So it would be 
>> possible to change options or defaults without the need to change qemu 
>> version? 
> 
> I usually try to avoid complex things unless I really need them ... 
> 
> It is also unclear to me if you need the virtio-rng-pci device, or is the 
> problem solved by those new CPU flags? 
> 

Sorry for all those noise. We discussed this today in our office. The 
problem is that the implementation done by redhat of the interface is 
not very good and it can result in hanging qemu processes. At least this 
is what i ready on some fedora postings. 

So we go for havaged in each VM. Sorry for the noise ;-( 

Greets, 
Stefan 



More information about the pve-devel mailing list