This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH v7] getrandom system call wrapper [BZ #17252]

From: Torvald Riegel <triegel at redhat dot com>
To: Florian Weimer <fweimer at redhat dot com>
Cc: Szabolcs Nagy <szabolcs dot nagy at arm dot com>, Adhemerval Zanella <adhemerval dot zanella at linaro dot org>, nd at arm dot com, libc-alpha at sourceware dot org
Date: Tue, 29 Nov 2016 16:23:50 +0100
Subject: Re: [PATCH v7] getrandom system call wrapper [BZ #17252]
Authentication-results: sourceware.org; auth=none
References: <3dd5d3b8-c196-98fb-1671-90cd90ab90c7@redhat.com> <244f578c-889a-a4cf-c686-bb2a5e49cca1@panix.com> <d14e4419-c1e5-ac38-9caa-688481a26464@redhat.com> <2d175242-1a82-9410-d01e-682ab4d9081e@panix.com> <c30852c5-9a52-83ea-4af1-310f97febccd@redhat.com> <1479319342.7146.1143.camel@localhost.localdomain> <950ffaeb-8984-7840-e495-12442f821c9c@linaro.org> <1479387147.7146.1147.camel@localhost.localdomain> <582EBBB5.80309@arm.com> <1479478867.7146.1167.camel@localhost.localdomain> <9357f19f-be56-0c1d-4192-260b485c3767@redhat.com> <1479485050.7146.1201.camel@localhost.localdomain> <1682bf93-5fbc-80db-1348-e5b8973a59f2@redhat.com> <1480427804.14990.24.camel@redhat.com> <27d946d1-ef23-df50-8061-cbada2dea2e9@redhat.com>

On Tue, 2016-11-29 at 15:40 +0100, Florian Weimer wrote:
> On 11/29/2016 02:56 PM, Torvald Riegel wrote:
> > On Tue, 2016-11-29 at 09:16 +0100, Florian Weimer wrote:
> >> On 11/18/2016 05:04 PM, Torvald Riegel wrote:
> >>> On Fri, 2016-11-18 at 16:13 +0100, Florian Weimer wrote:
> >>>> On 11/18/2016 03:21 PM, Torvald Riegel wrote:
> >>>>
> >>>>> As discussed in the thread, there are different opinions about what the
> >>>>> default should be.  There are reasonable arguments for both options.  In
> >>>>> such a case, it seems better to make the choice explicit, simply from an
> >>>>> ease-of-use and interface design perspective.
> >>>>
> >>>> Unfortunately, this is not the approach that POSIX has chosen.  But
> >>>> there is precedent for doing our own thing in this area: the "c" flag
> >>>> for fopen.  We cannot use the existing flags argument in getrandom for
> >>>> this purpose because its layout is controlled by the kernel.
> >>>
> >>> It seems a separate argument would be better than using up space in the
> >>> existing flags.  Cancellation is something we add, so we should add to
> >>> the underlying interface too, instead of messing with it.
> >>
> >> Is this separate argument your personal preference, or are you just
> >> trying to find common ground and reconcile different positions?
> >
> > It's my personal preference.  Which is partially motivated by trying to
> > find common ground between the different use cases (and not finding
> > obvious common group, so therefore make the choice explicit).
> 
> Hmph.

Note that I mean that this is my preference specifically in the scenario
of adding some sort of flag to getrandom() and offering only
getrandom().

> I was about to propose a new patch, with two functions:
> 
> getrandom, as I posted it the last time (an unadorned system call which 
> is also a cancellation point).
> 
> getentropy, a thin wrapper which avoids returning EINTR (to match 
> OpenBSD and Solaris) and is not a cancellation point.  It would return 
> EIO on short reads, too.
> 
> The documentation would have said that getrandom is a lower-level 
> function for those which need GRND_RANDOM or cancellation, and everyone 
> else should call getrandom.

I guess one of these should be getentropy (the latter?).

> Would this work for you?

Yeah, I guess so.  I can't really estimate how obvious it would be for
users to have to consider the pair of these (and thus make a conscious
choice and understand what cancellation means) -- but if we can make
this fairly obvious (eg, through proper documentation) and thus are
likely to prevent users from making a mistake, and we have an
alternative for the non-cancellation use case, then I guess this could
be a meaningful solution.

Follow-Ups:
- Re: [PATCH v7] getrandom system call wrapper [BZ #17252]
  - From: Florian Weimer

References:
- [PATCH v7] getrandom system call wrapper [BZ #17252]
  - From: Florian Weimer
- Re: [PATCH v7] getrandom system call wrapper [BZ #17252]
  - From: Zack Weinberg
- Re: [PATCH v7] getrandom system call wrapper [BZ #17252]
  - From: Florian Weimer
- Re: [PATCH v7] getrandom system call wrapper [BZ #17252]
  - From: Zack Weinberg
- Re: [PATCH v7] getrandom system call wrapper [BZ #17252]
  - From: Florian Weimer
- Re: [PATCH v7] getrandom system call wrapper [BZ #17252]
  - From: Torvald Riegel
- Re: [PATCH v7] getrandom system call wrapper [BZ #17252]
  - From: Adhemerval Zanella
- Re: [PATCH v7] getrandom system call wrapper [BZ #17252]
  - From: Torvald Riegel
- Re: [PATCH v7] getrandom system call wrapper [BZ #17252]
  - From: Szabolcs Nagy
- Re: [PATCH v7] getrandom system call wrapper [BZ #17252]
  - From: Torvald Riegel
- Re: [PATCH v7] getrandom system call wrapper [BZ #17252]
  - From: Florian Weimer
- Re: [PATCH v7] getrandom system call wrapper [BZ #17252]
  - From: Torvald Riegel
- Re: [PATCH v7] getrandom system call wrapper [BZ #17252]
  - From: Florian Weimer
- Re: [PATCH v7] getrandom system call wrapper [BZ #17252]
  - From: Torvald Riegel
- Re: [PATCH v7] getrandom system call wrapper [BZ #17252]
  - From: Florian Weimer

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]