[dpdk-dev] [PATCH 2/2] eal: resolve getentropy at run time for random seed

Luca Boccassi bluca at debian.org
Fri May 1 12:33:24 CEST 2020


On Thu, 2020-04-30 at 17:43 -0300, Dan Gora wrote:
> On Thu, Apr 30, 2020 at 5:29 PM Luca Boccassi <bluca at debian.org> wrote:
> 
> > > > Adding a new dependecy happens only when building with the new version
> > > > of the library. If it's not available, then there's no new dependency.
> > > 
> > > But you also do not get to use the new getentropy() if you happen to
> > > compile on a system which does not have the latest glibc, or if you
> > > use the makefile system..
> > 
> > And that's perfectly fine - backward compatibility workarounds are not
> > a problem to me.
> > 
> > > > It sounds to me like you are trying to add workarounds for issues in
> > > > your downstream build/deployment model, where your build dependencies
> > > > are newer than your runtime dependencies. This in general is rarely
> > > > well supported.
> > > 
> > > I am fully aware of that.  I am not adding "workarounds", I am
> > > eliminating unnecessary dependencies which probably never should have
> > > been introduced in the first place.
> > 
> > It's not unnecessary. It's a better interface, and worth using if
> > available.
> 
> "if available" is the key phrase here.. It not only has to be
> available on  the execution machine, it has to be available on the
> compilation machine as well...

Yes, same as every other dependency.

> > > > Now I'm fine with adding workarounds as _fallbacks_ - what I am
> > > > explicitly NACKing is forcibly restricting to the least common
> > > > denominator because of issues in a third party build/deployment system
> > > > that doesn't follow the common norm.
> > > 
> > > ugh.. this is the exact _opposite_ of what this patch does.  It is not
> > > restricting anything to a least common denominator.  It is allowing
> > > the DPDK to use the "best" available function, regardless of the build
> > > system.
> > > 
> > > Restricting to the least common denominator is what the original patch did...
> > 
> > This is restricting to the least common denominator of /dev/urandom,
> > which is a bad interface, frail with issues that everybody is moving
> > away from, in favour of the programmatic API that this patch is
> > removing, in order to fix a corner case with a non-standard, third-
> > party build system that downgrades dependencies at runtime vs build
> > time.
> 
> Well, no, because rdseed is used first if available and /dev/urandom
> is used next..
> 
> And this is not a corner case at all.. There are lots of linux
> distributions which DPDK claims to support which do not support
> getentropy().  This is hardly a non-standard build system.  You really
> compile and support a separate binary for every possible system that
> your customers will use?

Yes, that's how Linux distributions work. At the very least, most
deployments ensure dependencies are not downgraded, as that's rarely
supported, for very good reasons.

> And what is this about third parties?  Last I checked DPDK was an API
> framework, not a proprietary standalone application.  It is designed,
> by definition, to be used by "third parties".  Or does it only have to
> work in Intel's toolchains?

Third party was the wrong expression. DPDK is a set of libraries with a
build system (two actually) which links them against their
dependencies. It is the reponsibility of who does deployment to make
sure those dependencies, as established at build time, are satisfied at
runtime. Up until now, downgrading at runtime vs build time was not
supported as far as I know, so what you are effectively asking is to
double the size of the support matrix, and for the project to ensure
that every single dependency can always be built against a new version
and used against an older one.

> > > > This is especially true when dealing with RNG APIs, where the tiniest
> > > > and most innocent-looking mistake could have disastrous consequences.
> > > 
> > > This does not change the functionality of the RNG at all.  It just
> > > makes it work in the way that it was intended.  These changes were
> > > only introduced into 19.08, so they are not historical artifacts or
> > > anything.
> > 
> > It's reimplementing a syscall using a different interface which has
> > different semantics. A small mistake there is going to cost us dearly.
> 
> The code was copied almost verbatim from the getentropy() function in
> glibc, it's hard to see it going that wrong there.  The code can be
> tested using the same test cases that the original patch used.  I
> don't see how there is a difference in test coverage here.

And who's going to keep it updated as the implementation in glibc
changes, if/when a bug is found there?
Also, glibc is LGPL2.1 licensed, which means copying almost verbatim a
non-trivial piece of code can possibly result in librte_eal as a whole
to be covered under the terms of LGPL2.1 (IANAL disclaimer). This is
unlikely to be well received, given it's BSD-3-clause now.

> If it's such a big deal to use /dev/urandom, then what about my v3
> patch which used dlopen()/dlsym() to try to find getentropy()?  Is
> that not then acceptable?   dlopen/dlsym() are used in several placed
> in DPDK.

I don't have a problem with that specifically, but it needs to be clear
to the maintainers that what you are effectively asking is for all
dependencies to support runtime-downgrading transparently and out of
the box. This comes with a huge additional cost, and I do not believe
it is supported at the moment.

-- 
Kind regards,
Luca Boccassi


More information about the dev mailing list