bugfix: fixed duplicated seeds. #3671
Conversation
ngx.time() + ngx.worker.pid() maybe get duplicated seeds. get from /dev/urandom first.
k8s-ci-robot
added
the
size/M
|
Thanks for your pull request. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 📝 Please follow instructions at https://git.k8s.io/community/CLA.md#the-contributor-license-agreement to sign the CLA. It may take a couple minutes for the CLA signature to be fully registered; after that, please reply here with a new comment and we'll verify. Thanks.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
k8s-ci-robot
added
the
cncf-cla: no
k8s-ci-robot
added
cncf-cla: yes
rootfs/etc/nginx/lua/lua_ingress.lua
Outdated
| return | ||
| end | ||
|
|
||
| seed = get_seed_from_urandom() | ||
| if not seed then | ||
| seed = ngx.now() * 1000 + pid |
There was a problem hiding this comment.
Why not ngx.time()? That way you'd not have to multiply by 1000.
There was a problem hiding this comment.
ngx.time() returns seconds, and ngx.now() returns seconds and milliseconds, so ngx.time() + pid maybe get the same seed, however ngx.now() * 1000 + pid is less chance to the same seed.
rootfs/etc/nginx/lua/lua_ingress.lua
Outdated
| return seed | ||
| end | ||
|
|
||
| math.randomseed = function() |
There was a problem hiding this comment.
I'd rather keep the function signature identical to the original randomseed.
There was a problem hiding this comment.
agreed, I will keep the function signature identical to the original randomseed.
rootfs/etc/nginx/lua/lua_ingress.lua
Outdated
| ngx.log(ngx.WARN, | ||
| string.format("ignoring math.randomseed(%d) since PRNG is already seeded for worker %d", seed, pid)) |
There was a problem hiding this comment.
Logging user provided seed makes error message clearer, please keep this as is unless you have a reason to remove it.
rootfs/etc/nginx/lua/lua_ingress.lua
Outdated
| local seed | ||
| local frandom = io.open("/dev/urandom", "rb") | ||
| if frandom then | ||
| local str = frandom:read(4) |
There was a problem hiding this comment.
Please make sure you handle log errors returned by :read and .open calls.
There was a problem hiding this comment.
added error info, and the :read will return nil without err if cannot read data.
rootfs/etc/nginx/lua/lua_ingress.lua
Outdated
| return | ||
| end | ||
|
|
||
| seed = get_seed_from_urandom() | ||
| if not seed then |
There was a problem hiding this comment.
added log for that.
|
|
||
| if seeds[pid] then | ||
| local function get_seed_from_urandom() |
There was a problem hiding this comment.
Can you explain the rationale behind this function implementation? What's the entropy going to be with this implementation? Why are you reading specifically 4 bytes from /dev/urandom? What does https://github.com/kubernetes/ingress-nginx/pull/3671/files#diff-d2d9d7b4e27b247474196438a3dfbdc3R13 give us?
Why not use rand_bytes from OpenSSL?
There was a problem hiding this comment.
/dev/urandom provides an interface to the kernel's random number generator, 4 bytes is good enough for us.
Why not use rand_bytes from OpenSSL?
because the openssl's random is not fork safety(fixed from openssl 1.1.1): https://wiki.openssl.org/index.php/Random_fork-safety.
There was a problem hiding this comment.
4 bytes is good enough for us.
How do you decide that? Why not i.e 8 bytes?
There was a problem hiding this comment.
4 bytes is good enough for us.
How do you decide that? Why not i.e 8 bytes?
random in this repo is only for choose balancer, not for encryption, so we don't need to read more bytes. If for encryption, we need read 8 bytes maybe.
k8s-ci-robot
added
size/S
moonming
force-pushed
the
randomseed-bugfix
branch
from
b460197 to
4dcbe64
Compare
moonming
force-pushed
the
randomseed-bugfix
branch
from
4dcbe64 to
8ea7501
Compare
k8s-ci-robot
added
size/M
| seed = 0 | ||
| for i = 1, 4 do | ||
| seed = 256 * seed + str:byte(i) | ||
| end |
There was a problem hiding this comment.
If I understand this correctly you treat the 4 bytes as a base 256 number (where str:byte(4) is the least significant) and then convert it into decimal. Why? Why not simply concatenate the 4 bytes and then use tonumber cast it to a decimal? (I'm not suggesting/asking any change, just want to know what's going on - I don't have much experience with random numbers and crypto in general).
There was a problem hiding this comment.
both solutions are ok, however, if we used the tonumber, we need one more function call, and one more table to contact the 4 bytes.
BTW, there is 4 bytes, so we don't need to consider number overflow.
There was a problem hiding this comment.
This is not a hot code path, I'd be okay to tradeoff performance for readability but reading this again I think treating the bytes we get from /dev/urandom as base 256 number when converting to decimal makes more sense since they are bytes.
|
@moonming I'd really like to get this PR merged. Can you answer my two questions above? |
sorry for late reply, long holiday for Chinese new year. |
|
/lgtm Thanks for the patch and answering my questions @moonming ! And Happy Chinese New Year :) |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: ElvinEfendi, moonming The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
What this PR does / why we need it:
ngx.time() + ngx.worker.pid() maybe get duplicated seeds. get from /dev/urandom first.
Which issue this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close that issue when PR gets merged): fixes #Special notes for your reviewer: