Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pkg/rand: replace SafeRand by global source in math/rand #29731

Closed
wants to merge 1 commit into from
Closed

pkg/rand: replace SafeRand by global source in math/rand #29731

wants to merge 1 commit into from

Conversation

tklauser
Copy link
Member

@tklauser tklauser commented Dec 8, 2023

Since Go 1.20 the top-level math/rand functions are auto-seeded by default, see https://go.dev/doc/go1.20#library and golang/go#54880. They also use the runtime's lock-free fastrand64 function when 1. Seed has not been called and 2. GODEBUG=randautoseed=0 is not used, see golang/go#49892.

This allows to drop SafeRand and use the global source again. SafeRand was originally introduced in commit fac5dde ("rand: add and use concurrency-safe PRNG source") to fix #10988 by providing a concurrency-safe PRNG source other than the global math/rand source which couldn't be used at the time because it can be interfered with from unrelated packages by means of calling rand.Seed, see #10575. rand.Seed is deprecated since Go 1.20 and per the paragraph above the global source is seeded by default. This makes it unlikely that packages would interfere with the global PRNG state anymore and the top-level math/rand functions are safe to use again.

@tklauser tklauser added kind/cleanup This includes no functional changes. dont-merge/wait-until-release Freeze window for current release is blocking non-bugfix PRs release-note/misc This PR makes changes that have no direct user impact. kind/tech-debt Technical debt labels Dec 8, 2023
@tklauser tklauser requested review from a team as code owners December 8, 2023 11:17
@tklauser tklauser requested a review from a team as a code owner December 8, 2023 11:30
@tklauser tklauser force-pushed the pr/tklauser/rm-safe-rand branch 2 times, most recently from b973bf5 to e44b450 Compare December 8, 2023 11:35
@tklauser
pkg/rand: replace SafeRand by global source in math/rand
7b25186 
Since Go 1.20 the top-level math/rand functions are auto-seeded by
default, see https://go.dev/doc/go1.20#library and
golang/go#54880. They also use the runtime's
lock-free fastrand64 function when 1. Seed has not been called and 2.
GODEBUG=randautoseed=0 is not used, see
golang/go#49892.

This allows to drop SafeRand and use the global source again. SafeRand
was originally introduced in commit fac5dde ("rand: add and use
concurrency-safe PRNG source") to fix #10988 by providing a
concurrency-safe PRNG source other than the global math/rand source
which could be used at the time because it can't be interfered with from
unrelated packages by means of calling rand.Seed, see #10575. rand.Seed
is deprecated since Go 1.20 and per the paragraph above the global
source is seeded by default. This makes it unlikely that packages would
interfere with the global PRNG state anymore and the top-level math/rand
functions are safe to use again.

Signed-off-by: Tobias Klauser <tobias@cilium.io>
@tklauser tklauser requested a review from a team as a code owner December 8, 2023 11:45
@tklauser
Copy link
Member Author

tklauser commented Dec 8, 2023

/test

@marseel
Copy link
Contributor

marseel commented Dec 11, 2023

  1. Seed has not been called

If I understand correctly, how can we ensure that some packages we import don't call rand.Seed?
For example, here is one case:

cilium/vendor/github.com/servak/go-fastping/fastping.go

Line 157 in 8b31dff

rand.Seed(time.Now().UnixNano())

which we call from here

cilium/pkg/health/server/prober.go

Line 382 in 52c06e1

Pinger: fastping.NewPinger(),

@tklauser
Copy link
Member Author

tklauser commented Dec 12, 2023
edited

  1. Seed has not been called

If I understand correctly, how can we ensure that some packages we import don't call rand.Seed? For example, here is one case:

Good point. I guess we could use some kind of checker akin to ./contrib/scripts/rand-check.sh and run it against vendored code as well and fix any occurrences upstream.

That doesn't sound like a really feasible approach though. I think instead we should wait for the math/rand/v2 package released in the upcoming Go 1.22 and switch to use that instead of pkg/rand. That package gets rid of the Seed method and global function altogether.

@tklauser tklauser added the dont-merge/waiting-for-upstream Only merge once upstream library or kernel features have landed label Dec 12, 2023
@tklauser tklauser marked this pull request as draft December 12, 2023 08:13
@joestringer joestringer removed the dont-merge/wait-until-release Freeze window for current release is blocking non-bugfix PRs label Dec 15, 2023
@github-actions GitHub Actions
Copy link

This pull request has been automatically marked as stale because it
has not had recent activity. It will be closed if no further activity
occurs. Thank you for your contributions.

@github-actions github-actions bot added the stale The stale bot thinks this issue is old. Add "pinned" label to prevent this from becoming stale. label Jan 14, 2024
@tklauser tklauser removed the stale The stale bot thinks this issue is old. Add "pinned" label to prevent this from becoming stale. label Jan 14, 2024
@tklauser tklauser added the pinned These issues are not marked stale by our issue bot. label Jan 14, 2024
@tklauser tklauser mentioned this pull request May 15, 2024
Merged
@tklauser
Copy link
Member Author

Superseded by #32542

@tklauser tklauser closed this May 15, 2024
@tklauser tklauser deleted the pr/tklauser/rm-safe-rand branch May 15, 2024 09:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nebril nebril nebril approved these changes

@marseel marseel Awaiting requested review from marseel marseel is a code owner automatically assigned from cilium/kvstore

@tommyp1ckles tommyp1ckles Awaiting requested review from tommyp1ckles tommyp1ckles is a code owner automatically assigned from cilium/sig-ipam

Assignees
No one assigned
Labels
dont-merge/waiting-for-upstream Only merge once upstream library or kernel features have landed kind/cleanup This includes no functional changes. kind/tech-debt Technical debt pinned These issues are not marked stale by our issue bot. release-note/misc This PR makes changes that have no direct user impact.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

DATA RACE: rand.NewSource is not safe for concurrent usage.
4 participants
@tklauser @marseel @nebril @joestringer