On Wed, Apr 22, 2020 at 5:14 PM Mattias Rönnblom <mattias.ronnb...@ericsson.com> wrote: > > On 2020-04-22 19:44, Dan Gora wrote: > > On Wed, Apr 22, 2020 at 5:28 AM Mattias Rönnblom > > <mattias.ronnb...@ericsson.com> wrote: > >> On 2020-04-21 21:54, Dan Gora wrote: > >>> The getentropy() function was introduced into glibc v2.25 and so is > >>> not available on all supported platforms. Previously, if DPDK was > >>> compiled (using meson) on a system which has getentropy(), it would > >>> introduce a dependency on glibc v2.25 which would prevent that binary > >>> from running on a system with an older glibc. Similarly if DPDK was > >>> compiled on a system which did not have getentropy(), getentropy() > >>> could not be used even if the execution system supported it. > >>> > >>> Introduce a new static function, __rte_getentropy() which will try to > >>> resolve the getentropy() function dynamically using dlopen()/dlsym(), > >>> returning failure if the getentropy() function cannot be resolved or > >>> if it fails. > >> > >> Two other options: providing a DPDK-native syscall wrapper for > >> getrandom(), or falling back to reading /dev/urandom. Have you > >> considered any of those two options? If so, why do you prefer > >> dlopen()/dlsym()? > > I didn't give any thought at all to using /dev/urandom. The goal was > > not really to change how the thing worked, just to remove the > > dependency on glibc 2.25. > > > /dev/urandom is basically only a different interface to the same > underlying mechanism. > > Such an alternative would look something like: > > static int > getentropy(void *buffer, size_t length) > { > int rc = -1; > int old_errno = errno; > int fd; > > fd = open("/dev/urandom", O_RDONLY); > > if (fd < 0) > goto out; > > if (read(fd, buffer, length) != length) > goto out_close; > > rc = 0; > > out_close: > close(fd); > out: > errno = old_errno; > > return rc; > }
That's fine with me, but like I said I wasn't trying to change how any of this worked, just work around glibc dependencies. There seems to be some subtle difference between /dev/urandom and /dev/random, but... https://patches-gcc.linaro.org/comment/14484/ > >> Failure to run on old libc seems like a non-issue to me. > > Well, again, it's a new dependency that didn't exist before.. We sell > > to telco customers, so we have to support 10s of different target > > platforms of various ages. If they update their system, we'd have to > > recompile our code to be able to use getentropy(). Similarly, if we > > compiled on a system which has getentropy(), but the target system > > doesn't, then they cannot run our binary because of the glibc 2.25 > > dependency. That means that we have to have separate versions with > > and without getentropy(). It's a maintenance headache for no real > > benefit. > > > I'm not sure I follow. Why would you need to recompile DPDK in case they > upgrade their system? It sounds like you care about initial seeding, > since you want getentropy() if it exists, but then in the next paragraph > you want to throw it out, so I'm a little confused. Well _I_ wouldn't but maybe someone wants getentropy() for the initial seed.. I assume that's why it was added in the first place.. For my application we don't care at all. I just want to get rid of this dependency on glibc 2.25 and have the behavior be the same on meson and Makefile builds on the same complication system. > Why doesn't the standard practice of compiling against the oldest > supported libc work for you? I guess I didn't realize that was "standard practice" but even so it still adds an unnecessary restriction on the complication platform. > > To my mind, since getentropy() can block it seems like it would > > probably be better to just remove it entirely, but I suppose that's up > > to the person(s) who put it in in the first place. > > > Maybe I'm wrong, but I found it unlikely that a DPDK application would > start before the entropy pool was initialized. After this point, > getentropy() will not block. Do you consider this a real problem? Not really.. I don't know the original motivations for adding getentropy() in the first place. I assumed that there was some good reason. If there's not we could just back out all of these complications and revert commit faf8fd252785ee8b1 (et al...) Again, I don't have any dog in the fight about how to get the seed, I just wanted to remove the glibc dependency and the different behavior for Makefile and meson builds on the same complication system. For me, using dlsym() or reading from /dev/[u]random is 6 for half a dozen. Both have precedents in other places in the DPDK code base. I can fix it either way. thanks dan