This repository has been archived by the owner on Jul 31, 2023. It is now read-only.
Defer IDGenerator initialization until first use #1228
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Apologies for the drive-by contribution. For full disclosure, I only have a superficial understanding of this codebase and I'll admit that I haven't tested a trace with this patch. Unit tests do pass locally though. |
cgwalters
approved these changes
Oct 1, 2020
JAORMX
approved these changes
Oct 2, 2020
|
Thanks @jlebon for writing up the details of the issue and its impact! Let me carefully review this change and get back to you in the next few days. |
nilebox
suggested changes
Oct 6, 2020
nilebox
reviewed
Oct 6, 2020
jlebon
force-pushed
the
pr/defer-rand
branch
3 times, most recently
from
36b544d
to
cb24a8c
Compare
Initializing the `IDGenerator` from `init()` means that any downstream project which transitively imports this package somewhere in its dependency tree will incur `getrandom()` syscalls it has no control over at startup. This causes problems for us in [Ignition](https://github.com/coreos/ignition), where we're transitively pulling in this package via cloud.google.com/go/storage. Ignition runs very early during the boot process, which means that even though this isn't using `GRND_RANDOM`, the `getrandom` syscall can block until the entropy pool is ready. This is a real problem when running in VMs on systems which don't provide a virtualized RNG device (such as VMware) or which lack RDRAND. I can't find a good reference for this, but I think in general it should be considered good practice to avoid I/O like this in `init()` in favour of a more lazy approach (or an explicit `Initialize()` function for clients to call). Otherwise, *every* program which pulls in the package will pay for it, whether or not they intend to actually make use of the functionality those syscalls are priming. (While it's not relevant here, another advantage of not using `init()` for this is that I/O is fallible, and `init()` semantics means errors can't be handled sanely.) Let's rework things here so that we don't actually initialize the `IDGenerator` fields until the first time it's used.
nilebox
approved these changes
Oct 6, 2020
|
@jlebon you may switch to a pinned commit for dependency or wait until we make a new release for opencensus-go. |
|
Release published: https://github.com/census-instrumentation/opencensus-go/releases/tag/v0.22.5 |
jlebon
added a commit
to jlebon/ignition
that referenced
this pull request
Oct 7, 2020
This includes the patch to avoid `getrandom()` calls: census-instrumentation/opencensus-go#1228
jlebon
added a commit
to jlebon/ignition
that referenced
this pull request
Oct 7, 2020
This includes the patch to avoid `getrandom()` calls: census-instrumentation/opencensus-go#1228
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Initializing the
IDGeneratorfrominit()means that any downstreamproject which transitively imports this package somewhere in its
dependency tree will incur
getrandom()syscalls it has no control overat startup.
This causes problems for us in
Ignition, where we're transitively
pulling in this package via cloud.google.com/go/storage. Ignition runs
very early during the boot process, which means that even though this
isn't using
GRND_RANDOM, thegetrandomsyscall can block until theentropy pool is ready. This is a real problem when running in VMs on
systems which don't provide a virtualized RNG device (such as VMware) or
which lack RDRAND.
I can't find a good reference for this, but I think in general it should
be considered good practice to avoid I/O like this in
init()in favourof a more lazy approach (or an explicit
Initialize()function forclients to call).
Otherwise, every program which pulls in the package will pay for it,
whether or not they intend to actually make use of the functionality
those syscalls are priming. (While it's not relevant here, another
advantage of not using
init()for this is that I/O is fallible, andinit()semantics means errors can't be handled sanely.)Let's rework things here so that we don't actually initialize the
IDGeneratorfields until the first time it's used.