-
Notifications
You must be signed in to change notification settings - Fork 13k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use getrandom for generating HashMap seed #80149
Conversation
r? @shepmaster (rust-highfive has picked a reviewer for you, use r? to override) |
This comment has been minimized.
This comment has been minimized.
a336d08
to
25309a4
Compare
This comment has been minimized.
This comment has been minimized.
25309a4
to
688ba4b
Compare
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This is a bit too deep for me... |
@@ -2783,13 +2782,24 @@ impl RandomState { | |||
// iteration order allows a form of DOS attack. To counter that we | |||
// increment one of the seeds on every RandomState creation, giving | |||
// every corresponding HashMap a different iteration order. | |||
thread_local!(static KEYS: Cell<(u64, u64)> = { | |||
Cell::new(sys::hashmap_random_keys()) | |||
thread_local!(static KEYS: Cell<[u64; 2]> = { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why the change to an array?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It was copied from the previous PR. I think at the time I introduced this change because [u64; 2]
is slightly more idiomatic than (u64, u64)
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I personally think (u64, u64)
makes more sense because it's used to fill out a RandomState
which consists of two separate u64
s rather than an array, but it's not a huge deal.
r? @sfackler |
@Mark-Simulacrum what are the procedures to pull in a new std dependency? |
I'll assign myself for now and get back to you soon. |
Can you clarify whether you mean the mechanics (i.e., infrastructure of adding deps in terms of toml files to edit and such) or policy questions? I think the first is likely working in this PR already, and the latter would need more time on my side to answer properly. |
Yeah I'm mostly wondering about the policy side, since CI should nail down the functionality. |
☔ The latest upstream changes (presumably #83890) made this pull request unmergeable. Please resolve the merge conflicts. |
@m-ou-se |
@newpavlov I reviewed the Overall the quality looks good, and I'd be happy to see this under There's a few important differences in behaviour if we switch Most importantly, Also, |
I think there's one change/addition to the API that could be somewhat useful: a way to read into uninitialized buffers. E.g. by accepting a |
all(target_arch = "wasm32", target_vendor = "unknown", target_os = "unknown"), | ||
all(target_arch = "aarch64", target_os = "hermit"), | ||
)))] | ||
getrandom::getrandom(&mut buf).expect("failed to get system entropy"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It might be good to convert the error to an std::io::Error
first before panicking on it. That way, it uses the Debug implementation of std
's Error and we don't pull in any of getrandom
s display/debug code.
☔ The latest upstream changes (presumably #84411) made this pull request unmergeable. Please resolve the merge conflicts. |
Marking this as S-blocked. |
"Use BCryptGenRandom instead of RtlGenRandom on Windows." merged. nice - that's great news. It's getting there... |
Will this change the availability of HashMap with regards to no_std ? |
No, getting randomness needs interaction with an OS on every architecture other than newish x86 systems (through rdrand). |
So in what way does the |
libstd's HashMap is a wrapper around hashbrown that uses a hasher by default using randomness to ensure hashdos resistence. |
Makes sense, but why can't |
That would make alloc::collections::HashMap and std::collections::HashMap permanently incompatible with each other. This is bound to give a lot of confusion and would prevent merging them in the future if we find a way to support this. For example by allowing the user to specify the rng using a mechanism similar to |
Fair point, OTOH this is adding a bit of confusion because people can't just opt into an |
Hashbrown doesn't have the same stability guarantees as rust and it exports a lot of methods that are unstable or non-existent in the libstd version. Hiding those cq giving them an |
Ideally we'd be able to move the wrapper to AFAIK that doesn't work right now, though, because of some coherence restrictions. |
This PR is significantly outdated, so I will close it. I will create a new PR after we address the @m-ou-se's review. |
Closes: #62079
Note that in future versions of
getrandom
we plan to remove Windows XP support, thusstd
should not update it fromv0.2.0
until rust-lang/compiler-team#378 gets resolved. Also ideally it should be done together with updatingwasi
to v0.10.Since the
rdrand
feature is enabled unconditionally, RDRAND will be used not only on SGX targets, but also on all x86(-64) targets which are not supported ingetrandom
by default (e.g. UEFI and Hermit targets, see rust-random/getrandom#61).As mentioned in the previous PR discussion, if it will be deemed necessary, we (
getrandom
maintainers) are ready to transfergetrandom
to the rust-lang organization.Blocked on m-ou-se/getrandom#1