[3/6] eal: improve entropy for initial PRNG seed

Message ID 20190514092046.30808-4-mattias.ronnblom@ericsson.com
State Superseded
Delegated to: Thomas Monjalon
Headers show
Series
  • Pseudo-random number generation improvements
Related show

Checks

Context Check Description
ci/Intel-compilation fail Compilation issues
ci/checkpatch success coding style OK

Commit Message

Mattias Rönnblom May 14, 2019, 9:20 a.m.
Replace the use of rte_get_timer_cycles() with getentropy() for
seeding the pseudo-random number generator. getentropy() provides a
more truly random value.

Suggested-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: Mattias Rönnblom <mattias.ronnblom@ericsson.com>
---
 lib/librte_eal/common/rte_random.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

Comments

Mattias Rönnblom May 14, 2019, 9:36 a.m. | #1
On 2019-05-14 11:20, Mattias Rönnblom wrote:
> Replace the use of rte_get_timer_cycles() with getentropy() for
> seeding the pseudo-random number generator. getentropy() provides a
> more truly random value.
> 

getentropy() doens't exist in libc versions earler than 2.25, and it 
also (like Stephen mentioned) requires the getrandom() syscall not 
available until Linux 3.17.

If this is deemed too much of a limitation, I'll change to 
/dev/urandom-based seeding.
Bruce Richardson May 14, 2019, 9:37 a.m. | #2
On Tue, May 14, 2019 at 11:20:43AM +0200, Mattias Rönnblom wrote:
> Replace the use of rte_get_timer_cycles() with getentropy() for
> seeding the pseudo-random number generator. getentropy() provides a
> more truly random value.
> 
> Suggested-by: Stephen Hemminger <stephen@networkplumber.org>
> Signed-off-by: Mattias Rönnblom <mattias.ronnblom@ericsson.com>
> ---
>  lib/librte_eal/common/rte_random.c | 12 +++++++++++-
>  1 file changed, 11 insertions(+), 1 deletion(-)
> 
> diff --git a/lib/librte_eal/common/rte_random.c b/lib/librte_eal/common/rte_random.c
> index 4d3cf5226..aafc2f7ad 100644
> --- a/lib/librte_eal/common/rte_random.c
> +++ b/lib/librte_eal/common/rte_random.c
> @@ -3,6 +3,7 @@
>   */
>  
>  #include <stdlib.h>
> +#include <unistd.h>
>  
>  #include <rte_branch_prediction.h>
>  #include <rte_cycles.h>
> @@ -135,5 +136,14 @@ rte_rand(void)
>  
>  RTE_INIT(rte_rand_init)
>  {
> -	rte_srand(rte_get_timer_cycles());
> +	uint64_t seed;
> +	int rc;
> +
> +	rc = getentropy(&seed, sizeof(seed));

This API was only introduced in FreeBSD in v12, so you may want to have a
define for enabling it, and (for meson) but in a check for
cc.has_function(get_entropy).

> +
> +	/* fall back to rdtsc in case of failure */
> +	if (rc < 0)
> +		seed = rte_get_timer_cycles();

Rather than fallback immediately to time, what about putting in a call to
HW random number generator support if available, e.g. rdseed instruction.

> +
> +	rte_srand(seed);
>  }
> -- 
> 2.17.1
>
Bruce Richardson May 14, 2019, 9:39 a.m. | #3
On Tue, May 14, 2019 at 11:36:49AM +0200, Mattias Rönnblom wrote:
> On 2019-05-14 11:20, Mattias Rönnblom wrote:
> > Replace the use of rte_get_timer_cycles() with getentropy() for
> > seeding the pseudo-random number generator. getentropy() provides a
> > more truly random value.
> > 
> 
> getentropy() doens't exist in libc versions earler than 2.25, and it also
> (like Stephen mentioned) requires the getrandom() syscall not available
> until Linux 3.17.
> 
> If this is deemed too much of a limitation, I'll change to
> /dev/urandom-based seeding.

Since we are shifting over to meson builds more and more, I'd suggest just
using function detection there with a very basic fallback (e.g. your
time-based one) for cases where the function is not supported.

/Bruce
Mattias Rönnblom May 14, 2019, 11:58 a.m. | #4
On 2019-05-14 11:39, Bruce Richardson wrote:
> On Tue, May 14, 2019 at 11:36:49AM +0200, Mattias Rönnblom wrote:
>> On 2019-05-14 11:20, Mattias Rönnblom wrote:
>>> Replace the use of rte_get_timer_cycles() with getentropy() for
>>> seeding the pseudo-random number generator. getentropy() provides a
>>> more truly random value.
>>>
>>
>> getentropy() doens't exist in libc versions earler than 2.25, and it also
>> (like Stephen mentioned) requires the getrandom() syscall not available
>> until Linux 3.17.
>>
>> If this is deemed too much of a limitation, I'll change to
>> /dev/urandom-based seeding.
> 
> Since we are shifting over to meson builds more and more, I'd suggest just
> using function detection there with a very basic fallback (e.g. your
> time-based one) for cases where the function is not supported.
> 

OK, fixed. Thanks.

Would it be OK to always use the rdtsc fallback w/ make-based builds?

Patch

diff --git a/lib/librte_eal/common/rte_random.c b/lib/librte_eal/common/rte_random.c
index 4d3cf5226..aafc2f7ad 100644
--- a/lib/librte_eal/common/rte_random.c
+++ b/lib/librte_eal/common/rte_random.c
@@ -3,6 +3,7 @@ 
  */
 
 #include <stdlib.h>
+#include <unistd.h>
 
 #include <rte_branch_prediction.h>
 #include <rte_cycles.h>
@@ -135,5 +136,14 @@  rte_rand(void)
 
 RTE_INIT(rte_rand_init)
 {
-	rte_srand(rte_get_timer_cycles());
+	uint64_t seed;
+	int rc;
+
+	rc = getentropy(&seed, sizeof(seed));
+
+	/* fall back to rdtsc in case of failure */
+	if (rc < 0)
+		seed = rte_get_timer_cycles();
+
+	rte_srand(seed);
 }