From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 5854EA00C2; Wed, 22 Apr 2020 22:35:44 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 965041D53C; Wed, 22 Apr 2020 22:35:43 +0200 (CEST) Received: from mail-il1-f196.google.com (mail-il1-f196.google.com [209.85.166.196]) by dpdk.org (Postfix) with ESMTP id 0708B1D536 for ; Wed, 22 Apr 2020 22:35:42 +0200 (CEST) Received: by mail-il1-f196.google.com with SMTP id r2so3363764ilo.6 for ; Wed, 22 Apr 2020 13:35:41 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=tHVTaiZmj4kBkCjUIA2Dk+bzJjP6JAOArNpLUX6MAgs=; b=pwjOZbQfeqrV5fqGQV9yI7Gun/riYXH3z6zBEdQM0Y5gk40WEG9Q/SmQoa6/75DyTD vzt4tjQKKMsN/MUKiORCcKoDT+cihQGsXc1d3mSxMUDZVLyEnTT7Xlvs6cTV4Vd7qYY5 SN5iN82XkmKv3QJBvZp/EQnBY2Hlt+HBNUtRcE1EHl2vxN+aPUYO7gOjNx4FWwfyQTVv CMDkHOssY0iFfT8t4rI4wtnpNZZRYahyV1DxoAW0A/dUmigmrCbc3+rIPmLr8sQJRcDt Tw4FjASB8ZXLrWQbnMgV+47Sj0yyhM2R6eudqIFTeNYKZBAdjUE2kwi0v5ON+UTyq3qu 7HWg== X-Gm-Message-State: AGi0PubuSfZM8i7N6yCv0UFgDlSaynWxBewYVgWlCcVYRqYVDkzkVD8L jXk3FgFYOvYAY1YRt8ifGuJLMj27TtnSWftjWSI= X-Google-Smtp-Source: APiQypJEaZSlqRFaAie2vDO50bgxS/Aj/wQ6frqohqAMAW8vktm9a8IUClEHYFFZIPr4bIM5pCTv6daSDu1NJUXFNyU= X-Received: by 2002:a92:9a0a:: with SMTP id t10mr287409ili.50.1587587741224; Wed, 22 Apr 2020 13:35:41 -0700 (PDT) MIME-Version: 1.0 References: <20200421195446.1730-1-dg@adax.com> <20200421195446.1730-3-dg@adax.com> <5df15087-781e-d27f-b7d8-50b1b8cb0c94@ericsson.com> <80e5cf97-feae-c753-5c65-4f3b121729f3@ericsson.com> In-Reply-To: <80e5cf97-feae-c753-5c65-4f3b121729f3@ericsson.com> From: Dan Gora Date: Wed, 22 Apr 2020 17:35:05 -0300 Message-ID: To: =?UTF-8?Q?Mattias_R=C3=B6nnblom?= Cc: "dev@dpdk.org" , David Marchand , Jerin Jacob Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Subject: Re: [dpdk-dev] [PATCH 2/2] eal: resolve getentropy at run time for random seed X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" On Wed, Apr 22, 2020 at 5:14 PM Mattias R=C3=B6nnblom wrote: > > On 2020-04-22 19:44, Dan Gora wrote: > > On Wed, Apr 22, 2020 at 5:28 AM Mattias R=C3=B6nnblom > > wrote: > >> On 2020-04-21 21:54, Dan Gora wrote: > >>> The getentropy() function was introduced into glibc v2.25 and so is > >>> not available on all supported platforms. Previously, if DPDK was > >>> compiled (using meson) on a system which has getentropy(), it would > >>> introduce a dependency on glibc v2.25 which would prevent that binary > >>> from running on a system with an older glibc. Similarly if DPDK was > >>> compiled on a system which did not have getentropy(), getentropy() > >>> could not be used even if the execution system supported it. > >>> > >>> Introduce a new static function, __rte_getentropy() which will try to > >>> resolve the getentropy() function dynamically using dlopen()/dlsym(), > >>> returning failure if the getentropy() function cannot be resolved or > >>> if it fails. > >> > >> Two other options: providing a DPDK-native syscall wrapper for > >> getrandom(), or falling back to reading /dev/urandom. Have you > >> considered any of those two options? If so, why do you prefer > >> dlopen()/dlsym()? > > I didn't give any thought at all to using /dev/urandom. The goal was > > not really to change how the thing worked, just to remove the > > dependency on glibc 2.25. > > > /dev/urandom is basically only a different interface to the same > underlying mechanism. > > Such an alternative would look something like: > > static int > getentropy(void *buffer, size_t length) > { > int rc =3D -1; > int old_errno =3D errno; > int fd; > > fd =3D open("/dev/urandom", O_RDONLY); > > if (fd < 0) > goto out; > > if (read(fd, buffer, length) !=3D length) > goto out_close; > > rc =3D 0; > > out_close: > close(fd); > out: > errno =3D old_errno; > > return rc; > } That's fine with me, but like I said I wasn't trying to change how any of this worked, just work around glibc dependencies. There seems to be some subtle difference between /dev/urandom and /dev/random, but... https://patches-gcc.linaro.org/comment/14484/ > >> Failure to run on old libc seems like a non-issue to me. > > Well, again, it's a new dependency that didn't exist before.. We sell > > to telco customers, so we have to support 10s of different target > > platforms of various ages. If they update their system, we'd have to > > recompile our code to be able to use getentropy(). Similarly, if we > > compiled on a system which has getentropy(), but the target system > > doesn't, then they cannot run our binary because of the glibc 2.25 > > dependency. That means that we have to have separate versions with > > and without getentropy(). It's a maintenance headache for no real > > benefit. > > > I'm not sure I follow. Why would you need to recompile DPDK in case they > upgrade their system? It sounds like you care about initial seeding, > since you want getentropy() if it exists, but then in the next paragraph > you want to throw it out, so I'm a little confused. Well _I_ wouldn't but maybe someone wants getentropy() for the initial seed.. I assume that's why it was added in the first place.. For my application we don't care at all. I just want to get rid of this dependency on glibc 2.25 and have the behavior be the same on meson and Makefile builds on the same complication system. > Why doesn't the standard practice of compiling against the oldest > supported libc work for you? I guess I didn't realize that was "standard practice" but even so it still adds an unnecessary restriction on the complication platform. > > To my mind, since getentropy() can block it seems like it would > > probably be better to just remove it entirely, but I suppose that's up > > to the person(s) who put it in in the first place. > > > Maybe I'm wrong, but I found it unlikely that a DPDK application would > start before the entropy pool was initialized. After this point, > getentropy() will not block. Do you consider this a real problem? Not really.. I don't know the original motivations for adding getentropy() in the first place. I assumed that there was some good reason. If there's not we could just back out all of these complications and revert commit faf8fd252785ee8b1 (et al...) Again, I don't have any dog in the fight about how to get the seed, I just wanted to remove the glibc dependency and the different behavior for Makefile and meson builds on the same complication system. For me, using dlsym() or reading from /dev/[u]random is 6 for half a dozen. Both have precedents in other places in the DPDK code base. I can fix it either way. thanks dan