DPDK patches and discussions
 help / color / mirror / Atom feed
From: Luca Boccassi <bluca@debian.org>
To: Dan Gora <dg@adax.com>
Cc: "Mattias Rönnblom" <mattias.ronnblom@ericsson.com>,
	"dev@dpdk.org" <dev@dpdk.org>,
	"David Marchand" <david.marchand@redhat.com>,
	"Jerin Jacob" <jerinjacobk@gmail.com>
Subject: Re: [dpdk-dev] [PATCH 2/2] eal: resolve getentropy at run time for random seed
Date: Mon, 27 Apr 2020 13:44:09 +0100	[thread overview]
Message-ID: <9782db5b1e5d2dfdcfa8e52410fd166df5db938d.camel@debian.org> (raw)
In-Reply-To: <CAGyogRbp_jDjfUVc50uf5QcXnXU2-LBqLdmrg=WG-8Gm4gFP+Q@mail.gmail.com>

On Thu, 2020-04-23 at 14:38 -0300, Dan Gora wrote:
> On Thu, Apr 23, 2020 at 12:59 PM Luca Boccassi <bluca@debian.org> wrote:
> > > > /dev/urandom is basically only a different interface to the same
> > > > underlying mechanism.
> > 
> > This is not the whole story though - while the end result when all
> > works is the same, there are important differences in getting there.
> > There's a reason a programmatic interface was added - it's just better
> > in general.
> > Just to name one - opening files has implications for LSMs like
> > SELinux. You now need a specific policy to allow it, which means
> > applications that upgrade from one version of DPDK to the next will
> > break.
> 
> DPDK opens _tons_ of files. This would not be the first file that DPDK
> has to open.  And it's not like /dev/urandom is a new interface.  It's
> been around forever.

That might be the case, but it is not reason in itself to make things
harder. Especially in light of the new stability promise - this might
or might not be considered part of it, but it's worth mentioning at the
very least, as it has a real impact on users.

> If this is such a major problem, then that would argue for using the
> dlsym()/dlopen() method to try to find the getentropy glibc function
> that I sent in v3 of these patches.
> 
> > In general, I do not think we should go backwards. The programmatic
> > interface to the random pools are good and we should use them by
> > default - of course by all means add fallbacks to urandom if they are
> > not available.
> 
> The original problem was that the "programmatic interface to the
> random pools" (that is, getentropy()) can only be determined at
> compilation time and if found introduce a new dependency on glibc 2.25
> that can easily be avoided by emulating it (as I did here in v4 of the
> patches) or by trying to dynamically find the symbol at run time using
> dlopen()/dlsym() (as I did in v3 of the patches).
> 
> > But as Stephen said glibc generally does not support compiling on new +
> > running on old - so if it's not this that breaks, it will be something
> > else.
> 
> Well that's not necessarily true.  Most glibc interfaces have been
> around forever and you can easily see what versions of glibc are
> needed by running ldd on your application.  I don't see the point in
> introducing a new dependency on a very recent version of glibc which
> is not supported by all supported DPDK platforms when it can easily be
> worked around.
> 
> The issue here is that the original patch to add getentropy():
> 1) Added a _new_ dependency on glibc 2.25.
> 2) Added a _new_ dependency that the rdseed CPU flag on the execution
> machine has to match the complication machine.
> 3) Has different behavior if the DPDK is compiled with meson or with
> Make on the same complication platform.
> 
> thanks,
> dan

Adding a new dependecy happens only when building with the new version
of the library. If it's not available, then there's no new dependency. 
It sounds to me like you are trying to add workarounds for issues in
your downstream build/deployment model, where your build dependencies
are newer than your runtime dependencies. This in general is rarely
well supported.
Now I'm fine with adding workarounds as _fallbacks_ - what I am
explicitly NACKing is forcibly restricting to the least common
denominator because of issues in a third party build/deployment system
that doesn't follow the common norm.
This is especially true when dealing with RNG APIs, where the tiniest
and most innocent-looking mistake could have disastrous consequences.

-- 
Kind regards,
Luca Boccassi

  reply	other threads:[~2020-04-27 12:44 UTC|newest]

Thread overview: 48+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-04-21 19:54 [dpdk-dev] [PATCH 0/2] eal: choose initial PRNG seed source at runtime Dan Gora
2020-04-21 19:54 ` [dpdk-dev] [PATCH 1/2] eal: check for rdseed at run time for random seed Dan Gora
2020-04-22  8:22   ` Mattias Rönnblom
2020-04-21 19:54 ` [dpdk-dev] [PATCH 2/2] eal: resolve getentropy " Dan Gora
2020-04-21 21:03   ` Stephen Hemminger
2020-04-21 21:08     ` Dan Gora
2020-04-22  8:28   ` Mattias Rönnblom
2020-04-22 17:44     ` Dan Gora
2020-04-22 20:14       ` Mattias Rönnblom
2020-04-22 20:35         ` Dan Gora
2020-04-23 10:04           ` Luca Boccassi
2020-04-23 17:38             ` Dan Gora
2020-04-27 12:44               ` Luca Boccassi [this message]
2020-04-27 16:57                 ` Dan Gora
2020-04-30  8:41                   ` Luca Boccassi
2020-04-30 20:43                     ` Dan Gora
2020-05-01 10:33                       ` Luca Boccassi
2020-05-01 21:05                         ` Dan Gora
2020-05-04  8:04                           ` Mattias Rönnblom
2020-05-04 14:13                             ` Dan Gora
2020-05-04 14:19                               ` Dan Gora
2020-06-02  5:10                                 ` Dan Gora
2020-06-09 15:37                                   ` Dan Gora
2020-06-10  8:15                                     ` Thomas Monjalon
2020-06-10  8:33                                       ` Luca Boccassi
2023-06-12 15:55                                         ` Stephen Hemminger
2020-06-10  8:07                               ` Thomas Monjalon
2020-04-23 12:36           ` Mattias Rönnblom
2020-04-23 17:27             ` Dan Gora
2020-04-21 20:41 ` [dpdk-dev] [PATCH v2 0/2] eal: choose initial PRNG seed source at runtime Dan Gora
2020-04-21 20:41   ` [dpdk-dev] [PATCH v2 1/2] eal: check for rdseed at run time for random seed Dan Gora
2020-04-21 20:41   ` [dpdk-dev] [PATCH v2 2/2] eal: resolve getentropy " Dan Gora
2020-04-22 18:15 ` [dpdk-dev] [PATCH v3 0/2] eal: choose initial PRNG seed source at runtime Dan Gora
2020-04-22 18:15   ` [dpdk-dev] [PATCH v3 1/2] eal: check for rdseed at run time for random seed Dan Gora
2020-04-22 18:15   ` [dpdk-dev] [PATCH v3 2/2] eal: resolve getentropy " Dan Gora
2020-04-22 23:42 ` [dpdk-dev] [PATCH v4 0/2] eal: choose initial PRNG seed source at runtime Dan Gora
2020-04-22 23:42   ` [dpdk-dev] [PATCH v4 1/2] eal: check for rdseed at run time for random seed Dan Gora
2020-04-22 23:42   ` [dpdk-dev] [PATCH v4 2/2] eal: emulate glibc getentropy for initial " Dan Gora
2020-04-23  2:39     ` Stephen Hemminger
2020-04-23 17:42       ` Dan Gora
2020-06-29  9:30     ` Mattias Rönnblom
2020-06-29 17:57       ` Dan Gora
2020-06-29 20:57         ` Mattias Rönnblom
2020-06-29  9:32   ` [dpdk-dev] [PATCH v4 0/2] eal: choose initial PRNG seed source at runtime Mattias Rönnblom
2020-06-29 18:01     ` Dan Gora
2020-06-29 18:04       ` Dan Gora
2020-06-29 21:05       ` Mattias Rönnblom
2020-06-29 21:14         ` Dan Gora

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=9782db5b1e5d2dfdcfa8e52410fd166df5db938d.camel@debian.org \
    --to=bluca@debian.org \
    --cc=david.marchand@redhat.com \
    --cc=dev@dpdk.org \
    --cc=dg@adax.com \
    --cc=jerinjacobk@gmail.com \
    --cc=mattias.ronnblom@ericsson.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).