This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH v7] getrandom system call wrapper [BZ #17252]
On 11/16/2016 10:11 AM, Florian Weimer wrote:
> On 11/14/2016 07:29 PM, Zack Weinberg wrote:
>> On 11/14/2016 12:44 PM, Florian Weimer wrote:
>>> This patch switches back to the ssize_t return time. This goes against
>>> Theodore Ts'o preference, but seems to reflect the consensus from the
>>> largery community.
>>
>> I still don't think this function should be a cancellation point.
>
> I guess we'll have to agree to disagree on this matter.
I am seriously considering escalating my disagreement here to a formal
objection. I would like to know why you think it is NECESSARY - not
merely convenient or consistent with other stuff - for this function to
be a cancellation point.
(My basic attitude is that adding new cancellation points is always the
Wrong Thing, and should only be done when _unavoidable_; and in this
particular case it is especially bad since applications are probably
going to assume that this function never fails, blocks, or even writes
fewer bytes than requested to the buffer, no matter how clearly we say
that it might.)
>> We don't normally do this at all.
>
> See the “Evolution of ELF symbol management” thread. We do it all the
> time, for the benefit of non-libc DSOs in the glibc conglomerate. I
> think there is broad consensus that we need to extend this to libstdc++
> at least (in addition to changes needed to enable C++ compilation
> without _GNU_SOURCE). And once we are at C++, why stop there? Even
> dynamic languages with a C extension framework would use this.
See the reply I'm about to post in that thread.
zw