This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH v7] getrandom system call wrapper [BZ #17252]
On Tue, Nov 29, 2016 at 10:32 AM, Florian Weimer <fweimer@redhat.com> wrote:
> On 11/29/2016 04:23 PM, Torvald Riegel wrote:
>>
>> On Tue, 2016-11-29 at 15:40 +0100, Florian Weimer wrote:
>>>
>>> I was about to propose a new patch, with two functions:
>>>
>>> getrandom, as I posted it the last time (an unadorned system call which
>>> is also a cancellation point).
>>>
>>> getentropy, a thin wrapper which avoids returning EINTR (to match
>>> OpenBSD and Solaris) and is not a cancellation point. It would return
>>> EIO on short reads, too.
>>>
>>> The documentation would have said that getrandom is a lower-level
>>> function for those which need GRND_RANDOM or cancellation, and everyone
>>> else should call getrandom.
>>
>> I guess one of these should be getentropy (the latter?).
>
> Yes, developers should prefer getentropy or a PRNG seeded from getentropy.
>
>>> Would this work for you?
>>
>>
>> Yeah, I guess so. I can't really estimate how obvious it would be for
>> users to have to consider the pair of these (and thus make a conscious
>> choice and understand what cancellation means) -- but if we can make
>> this fairly obvious (eg, through proper documentation) and thus are
>> likely to prevent users from making a mistake, and we have an
>> alternative for the non-cancellation use case, then I guess this could
>> be a meaningful solution.
>
> Great.
>
> Zack, what do you think?
Yeah, this would also work for me. Would it make sense for getentropy
to loop internally rather than returning a short read? I am really
worried about people forgetting to handle short reads.
zw