This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH v7] getrandom system call wrapper [BZ #17252]

From: Torvald Riegel <triegel at redhat dot com>
To: Zack Weinberg <zackw at panix dot com>
Cc: Szabolcs Nagy <szabolcs dot nagy at arm dot com>, Florian Weimer <fweimer at redhat dot com>, nd <nd at arm dot com>, GNU C Library <libc-alpha at sourceware dot org>
Date: Mon, 21 Nov 2016 17:57:47 +0100
Subject: Re: [PATCH v7] getrandom system call wrapper [BZ #17252]
Authentication-results: sourceware.org; auth=none
References: <3dd5d3b8-c196-98fb-1671-90cd90ab90c7@redhat.com> <244f578c-889a-a4cf-c686-bb2a5e49cca1@panix.com> <d14e4419-c1e5-ac38-9caa-688481a26464@redhat.com> <2d175242-1a82-9410-d01e-682ab4d9081e@panix.com> <c30852c5-9a52-83ea-4af1-310f97febccd@redhat.com> <CAKCAbMgkFGz_D1jeyjb-2em1mdxJxc+3KXr3miux6O_uBtJHiQ@mail.gmail.com> <0cca2fc9-14d2-9fa2-5a6e-fe00af31acd6@redhat.com> <4928b864-9691-021d-fcf9-b3ef9bd10f63@panix.com> <d893b09b-d01f-7ce6-c074-5e47a74b210a@redhat.com> <a3692805-b410-ccf1-a016-071a1914a218@panix.com> <5193b776-03a5-3841-6980-b67c56a99c2a@redhat.com> <db53db04-88cf-0f8e-c541-aafeae1bfb53@panix.com> <582ED78F.3050400@arm.com> <CAKCAbMjmw4Mw8LUimPp9G=t4XCHSK_3Pnh8+wZ4L9NMxedzKfg@mail.gmail.com>

On Fri, 2016-11-18 at 13:50 -0500, Zack Weinberg wrote:
> I don't want to derail this into a general debate over adding new
> cancellation points, and I especially don't want to hold up work on a
> user-space CSPRNG on something unrelated, because arc4random() is the
> top item on _my_ todo list after explicit_bzero().  So here is a
> counterproposal.  Most of my concerns about getrandom() being a
> cancellation point go away if it is only a cancellation point when it
> is actually going to block

Is there a way for the caller to ensure that a subsequent call to
getrandom is not going to block?  If there isn't, then the caller has to
conservatively assume that the call may be a cancellation point.

I still think something like 
ssize_t getrandom (/*getrandom parameters*/, bool cancellation_point);  
would probably be the best option because it requires a caller to make a
conscious decision about cancellation (and thus also makes the caller
aware of the whole cancellation thing).

Follow-Ups:
- Re: [PATCH v7] getrandom system call wrapper [BZ #17252]
  - From: Zack Weinberg

References:
- [PATCH v7] getrandom system call wrapper [BZ #17252]
  - From: Florian Weimer
- Re: [PATCH v7] getrandom system call wrapper [BZ #17252]
  - From: Zack Weinberg
- Re: [PATCH v7] getrandom system call wrapper [BZ #17252]
  - From: Florian Weimer
- Re: [PATCH v7] getrandom system call wrapper [BZ #17252]
  - From: Zack Weinberg
- Re: [PATCH v7] getrandom system call wrapper [BZ #17252]
  - From: Florian Weimer
- Re: [PATCH v7] getrandom system call wrapper [BZ #17252]
  - From: Zack Weinberg
- Re: [PATCH v7] getrandom system call wrapper [BZ #17252]
  - From: Florian Weimer
- Re: [PATCH v7] getrandom system call wrapper [BZ #17252]
  - From: Zack Weinberg
- Re: [PATCH v7] getrandom system call wrapper [BZ #17252]
  - From: Florian Weimer
- Re: [PATCH v7] getrandom system call wrapper [BZ #17252]
  - From: Zack Weinberg
- Re: [PATCH v7] getrandom system call wrapper [BZ #17252]
  - From: Florian Weimer
- Re: [PATCH v7] getrandom system call wrapper [BZ #17252]
  - From: Zack Weinberg
- Re: [PATCH v7] getrandom system call wrapper [BZ #17252]
  - From: Szabolcs Nagy
- Re: [PATCH v7] getrandom system call wrapper [BZ #17252]
  - From: Zack Weinberg

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]