<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 05:03:42 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-43643] each SecureRandom reads 8kiB out of /dev/urandom</title>
                <link>https://jira.mongodb.org/browse/SERVER-43643</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;mongo::SecureRandom() holds a std::ifstream to read from /dev/urandom.&lt;br/&gt;
std::ifstream is buffered by default, so the first use of the SecureRandom fills that 8kiB buffer. This is extremely wasteful, as a SecureRandom object is often used for a few words and discarded, and /dev/urandom entropy and/or computational load is a resource we don&apos;t want to squander unnecessarily.&lt;/p&gt;

&lt;p&gt;As a patch, we can reduce the buffering to maybe 64 bytes or so, possibly as part of &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-43641&quot; title=&quot;platform/random.h causing bugs, upgrade overdue&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-43641&quot;&gt;&lt;del&gt;SERVER-43641&lt;/del&gt;&lt;/a&gt; which is in there anyway. Turning off buffering completely would incur read() syscalls on every use, which could be risky, so a 100X smaller buffer seems a good tradeoff.&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://gist.github.com/BillyDonahue/53fa229d311cc6ac1f5ab21bd588e11f#file-gistfile2-txt&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://gist.github.com/BillyDonahue/53fa229d311cc6ac1f5ab21bd588e11f#file-gistfile2-txt&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Catchpoint 5 (call to syscall read), 0x00007ffff4e0534e in __libc_read (fd=6, buf=buf@entry=0x7fffeee07820, &lt;font color=&quot;#DE350B&quot;&gt;nbytes=nbytes@entry=8191&lt;/font&gt;) at ../sysdeps/unix/sysv/linux/read.c:27&lt;br/&gt;
27      ../sysdeps/unix/sysv/linux/read.c: No such file or directory.&lt;br/&gt;
(gdb) bt&lt;br/&gt;
#0  0x00007ffff4e0534e in __libc_read (fd=6, buf=buf@entry=0x7fffeee07820, nbytes=nbytes@entry=8191) at ../sysdeps/unix/sysv/linux/read.c:27&lt;br/&gt;
#1  0x00007ffff7916287 in std::_&lt;em&gt;basic_file&amp;lt;char&amp;gt;::xsgetn (this=this@entry=0x7fffeee004d8, __s=0x7fffeee07820 &apos;\253&apos; &amp;lt;repeats 200 times&amp;gt;..., __n=&lt;/em&gt;_n@entry=8191) at basic_file.cc:285&lt;br/&gt;
#2  0x00007ffff793ff30 in std::basic_filebuf&amp;lt;char, std::char_traits&amp;lt;char&amp;gt; &amp;gt;::underflow (this=0x7fffeee00470) at /home/billy/dev/10gen/toolchain-builder/tmp/build-gcc-v3.sh-sRY/build/x86_64-mongodb-linux/libstdc++-v3/include/bits/char_traits.h:350&lt;br/&gt;
#3  0x00007ffff78ee576 in std::basic_streambuf&amp;lt;char, std::char_traits&amp;lt;char&amp;gt; &amp;gt;::uflow (this=0x7fffeee00470) at /home/billy/dev/10gen/toolchain-builder/tmp/build-gcc-v3.sh-sRY/build/x86_64-mongodb-linux/libstdc++-v3/include/streambuf:707&lt;br/&gt;
#4  std::basic_streambuf&amp;lt;char, std::char_traits&amp;lt;char&amp;gt; &amp;gt;::xsgetn (this=this@entry=0x7fffeee00470, _&lt;em&gt;s=&lt;/em&gt;&lt;em&gt;s@entry=0x7fffffffd468 &quot; \362\333\356\377\177&quot;, __n=&lt;/em&gt;_n@entry=8)&lt;br/&gt;
    at /home/billy/dev/10gen/toolchain-builder/tmp/build-gcc-v3.sh-sRY/build/x86_64-mongodb-linux/libstdc++-v3/include/bits/streambuf.tcc:64&lt;br/&gt;
#5  0x00007ffff79409e3 in std::basic_filebuf&amp;lt;char, std::char_traits&amp;lt;char&amp;gt; &amp;gt;::xsgetn (this=0x7fffeee00470, __s=0x7fffffffd468 &quot; \362\333\356\377\177&quot;, __n=8)&lt;br/&gt;
    at /home/billy/dev/10gen/toolchain-builder/tmp/build-gcc-v3.sh-sRY/build/x86_64-mongodb-linux/libstdc++-v3/include/bits/codecvt.h:210&lt;br/&gt;
#6  0x00007ffff78e989d in std::basic_streambuf&amp;lt;char, std::char_traits&amp;lt;char&amp;gt; &amp;gt;::sgetn (__n=8, __s=0x7fffffffd468 &quot; \362\333\356\377\177&quot;, this=&amp;lt;optimized out&amp;gt;)&lt;br/&gt;
    at /home/billy/dev/10gen/toolchain-builder/tmp/build-gcc-v3.sh-sRY/build/x86_64-mongodb-linux/libstdc++-v3/include/streambuf:364&lt;br/&gt;
#7  std::istream::read (this=0x7fffeee00460, __s=0x7fffffffd468 &quot; \362\333\356\377\177&quot;, __n=8) at /home/billy/dev/10gen/toolchain-builder/tmp/build-gcc-v3.sh-sRY/build/x86_64-mongodb-linux/libstdc++-v3/include/bits/istream.tcc:667&lt;br/&gt;
#8  0x00007ffff7c9b2be in mongo::random_detail::SecureUrbg::State::operator() (this=0x7fffeee00460) at src/mongo/platform/random.cpp:127&lt;br/&gt;
#9  0x00007ffff7c9b02c in mongo::random_detail::SecureUrbg::operator() (this=0x7fffeedbf220) at src/mongo/platform/random.cpp:139&lt;br/&gt;
#10 0x00005555557397ee in std::uniform_int_distribution&amp;lt;long&amp;gt;::operator()&amp;lt;mongo::random_detail::SecureUrbg&amp;gt; (this=0x7fffffffd5f0, __urng=..., __param=...) at /opt/mongodbtoolchain/stow/gcc-v3.sFn/include/c++/8.2.0/bits/uniform_int_dist.h:275&lt;br/&gt;
#11 0x0000555555736bd3 in std::uniform_int_distribution&amp;lt;long&amp;gt;::operator()&amp;lt;mongo::random_detail::SecureUrbg&amp;gt; (this=0x7fffffffd5f0, __urng=...) at /opt/mongodbtoolchain/stow/gcc-v3.sFn/include/c++/8.2.0/bits/uniform_int_dist.h:166&lt;br/&gt;
#12 0x0000555555733f35 in mongo::RandomBase&amp;lt;mongo::random_detail::SecureUrbg&amp;gt;::_nextAny&amp;lt;long&amp;gt; (this=0x7fffeedbf220) at src/mongo/platform/random.h:137&lt;br/&gt;
#13 0x000055555572f578 in mongo::RandomBase&amp;lt;mongo::random_detail::SecureUrbg&amp;gt;::nextInt64 (this=0x7fffeedbf220) at src/mongo/platform/random.h:120&lt;br/&gt;
#14 0x00007ffff7c7d232 in mongo::_mongoInitializerFunction_OIDGeneration (context=0x7fffffffd7b0) at src/mongo/bson/oid.cpp:58&lt;br/&gt;
...&lt;br/&gt;
#21 0x00007ffff7fe51f3 in main (argc=3, argv=0x7fffffffddb8, envp=0x7fffffffddd8) at src/mongo/unittest/unittest_main.cpp:52&lt;br/&gt;
#22 0x00007ffff4a24b97 in __libc_start_main (main=0x7ffff7fe519c &amp;lt;main(int, char*&lt;b&gt;, char&lt;/b&gt;*)&amp;gt;, argc=3, argv=0x7fffffffddb8, init=&amp;lt;optimized out&amp;gt;, fini=&amp;lt;optimized out&amp;gt;, rtld_fini=&amp;lt;optimized out&amp;gt;, stack_end=0x7fffffffdda8) at ../csu/libc-start.c:310&lt;br/&gt;
#23 0x00005555556f9cea in _start ()&lt;br/&gt;
(gdb) &lt;/p&gt;</description>
                <environment></environment>
        <key id="940294">SERVER-43643</key>
            <summary>each SecureRandom reads 8kiB out of /dev/urandom</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13201">Fixed</resolution>
                                        <assignee username="billy.donahue@mongodb.com">Billy Donahue</assignee>
                                    <reporter username="billy.donahue@mongodb.com">Billy Donahue</reporter>
                        <labels>
                    </labels>
                <created>Wed, 25 Sep 2019 19:48:22 +0000</created>
                <updated>Sun, 29 Oct 2023 22:16:47 +0000</updated>
                            <resolved>Wed, 2 Oct 2019 13:05:57 +0000</resolved>
                                                    <fixVersion>4.3.1</fixVersion>
                                    <component>Internal Code</component>
                                        <votes>0</votes>
                                    <watches>2</watches>
                                                                                                                <comments>
                            <comment id="2446035" author="xgen-internal-githook" created="Wed, 2 Oct 2019 04:42:49 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Billy Donahue&apos;, &apos;username&apos;: &apos;BillyDonahue&apos;, &apos;email&apos;: &apos;billy.donahue@mongodb.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-43641&quot; title=&quot;platform/random.h causing bugs, upgrade overdue&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-43641&quot;&gt;&lt;del&gt;SERVER-43641&lt;/del&gt;&lt;/a&gt; upgrade random.h&lt;/p&gt;

&lt;p&gt;Respecify PseudoRandom and SecureRandom as template instances of&lt;br/&gt;
a `mongo::RandomBase&amp;lt;Urbg&amp;gt;` (Urbg is a UniformRandomBitGenerator).&lt;br/&gt;
They will only vary in which algorithm they use for their source&lt;br/&gt;
bits, and should otherwise support the same exact operations (e.g.&lt;br/&gt;
`nextCanonicalDouble`).&lt;/p&gt;

&lt;p&gt;Fix range and stats errors in the implementations of those&lt;br/&gt;
RandomBase methods, and specify them in terms of the vetted&lt;br/&gt;
`&amp;lt;random&amp;gt;` facilities.&lt;/p&gt;

&lt;p&gt;Test uniformity of nextInt32(max), which uses an inappropriate&lt;br/&gt;
( x % max) operation.  Verify that refactor fixes this issue.&lt;/p&gt;

&lt;p&gt;Just keep a shared urandom file descriptor open.&lt;/p&gt;

&lt;p&gt;SecureRandom add fill, remove create, fix callers&lt;/p&gt;

&lt;p&gt;Obsoletes &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-43643&quot; title=&quot;each SecureRandom reads 8kiB out of /dev/urandom&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-43643&quot;&gt;&lt;del&gt;SERVER-43643&lt;/del&gt;&lt;/a&gt; Re: SecureRandom 8kiB buffering&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/96da177c6ae7b7ed0f29983ad033d8a59524b0b2&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/96da177c6ae7b7ed0f29983ad033d8a59524b0b2&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="2437823" author="billy.donahue" created="Sat, 28 Sep 2019 02:15:36 +0000"  >&lt;p&gt;I&apos;m now trying what should be a very efficient approach here. It&apos;s similar to what the Python interpreter does to support its os.urandom module and its internal hash randomization. It opens one file descriptor to /dev/urandom, and retains it forever. It goes back to read() from it when necessary, but it doesn&apos;t have to open() and close() it constantly and churn or compete for file descriptors. It&apos;s working fine in PoC.&lt;/p&gt;</comment>
                            <comment id="2433526" author="billy.donahue" created="Wed, 25 Sep 2019 20:27:36 +0000"  >&lt;p&gt;&lt;a href=&quot;https://mongodbcr.appspot.com/489550001/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://mongodbcr.appspot.com/489550001/&lt;/a&gt;&lt;/p&gt;</comment>
                    </comments>
                    <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>3.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18555" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname># of Sprints</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1.0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10011" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Backwards Compatibility</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10038"><![CDATA[Fully Compatible]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Wed, 2 Oct 2019 04:42:49 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        4 years, 19 weeks, 1 day ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_17050" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Downstream Team Attention</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="16941"><![CDATA[Not Needed]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>luke.bonanomi@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            4 years, 19 weeks, 1 day ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                    <customfield id="customfield_10032" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Operating System</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10026"><![CDATA[ALL]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>billy.donahue@mongodb.com</customfieldvalue>
            <customfieldvalue>xgen-internal-githook</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hvshw7:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hvh30n:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_10557" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="3281">Dev Tools 2019-10-07</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_10750" key="com.atlassian.jira.plugin.system.customfieldtypes:textarea">
                        <customfieldname>Steps To Reproduce</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>&lt;p&gt;SECURE_RANDOM_READ_LOC=src/mongo/platform/random.cpp:127&lt;/p&gt;

&lt;p&gt;$ gdb $BUILD_DIR/mongo/platform/platform_test&lt;br/&gt;
b $SECURE_RANDOM_READ_LOC&lt;br/&gt;
run --suite=RandomTest --filter=Secure1&lt;br/&gt;
(hits breakpoint)&lt;br/&gt;
b catch syscall&lt;br/&gt;
continue&lt;/p&gt;
</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hvs45j:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>