From: Torvald Riegel <triegel@redhat.com>
To: Florian Weimer <fweimer@redhat.com>
Cc: GNU C Library <libc-alpha@sourceware.org>
Subject: Re: [PATCH v3] getrandom system call wrapper [BZ #17252]
Date: Fri, 09 Sep 2016 15:23:00 -0000 [thread overview]
Message-ID: <1473434601.30192.13.camel@localhost.localdomain> (raw)
In-Reply-To: <a93942f0-c688-8d8e-92dc-8fad856838b1@redhat.com>
On Fri, 2016-09-09 at 16:28 +0200, Florian Weimer wrote:
> On 09/09/2016 04:21 PM, Torvald Riegel wrote:
> > On Thu, 2016-09-08 at 13:44 +0200, Florian Weimer wrote:
> >> I have made the system call wrapper a cancellation point. (If we
> >> implement the simpler getentropy interface, it would not be a
> >> cancellation point.)
> >
> > Why did you do that?
>
> I have to, because it can block indefinitely.
That doesn't mean you have to make the default function a cancellation
point. There are many POSIX functions which can block indefinitely and
which are not required to be cancellation points (eg, rwlocks only *may*
be cancellation points).
Can the system call really block indefinitely, or only for a long time
and (ie, will return eventually)?
> > Even though the system call is new, and thus can't
> > have been used in existing code directly, making it a cancellation point
> > will make all callers cancellation points too. Therefore, for example,
> > we couldn't use it in the implementation of any POSIX functions (that
> > are not cancellation points) in glibc without having to disable and
> > restore the cancellation state around it every time.
>
> The system call definition facility also provides a
> __getrandom_notcancel entry point, which can be called if we don't
> expect blocking. Obviously, this is for internal use only.
>
> > It might be even more convenient to have one wrapper that is a
> > cancellation point and one that is not.
> >
> > Can't we just let cancellation rot in its corner?
>
> No, we have many customers who use it (and this despite the fact that
> the current implementation has a critical race condition).
Usage of it doesn't mean that it has to be the default. Have we made
other syscall wrappers cancellation points in the past (ie, syscalls
that don't already have a matching POSIX function that is specified to
be a cancellation point too)?
I'm worried about people who just want to use the syscall but don't know
that much about POSIX cancellation. They couldn't use the syscall
safely in a library without also being aware of POSIX cancellation, and
I'm concerned that they might just forget to disable cancellation around
the syscall, thus creating resource leaks, deadlocks (eg, cancellation
handler doesn't release locks), etc. If this is primarily a Linux API
currently (ignoring the Solaris case for a while), then marrying it to
POSIX seems wrong.
next prev parent reply other threads:[~2016-09-09 15:23 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-09-08 11:44 Florian Weimer
2016-09-08 12:46 ` Florian Weimer
2016-09-09 1:54 ` Rical Jasan
2016-09-08 13:01 ` Andreas Schwab
2016-09-08 13:02 ` Florian Weimer
2016-09-08 13:19 ` Andreas Schwab
2016-09-08 13:26 ` Florian Weimer
2016-09-08 13:37 ` Andreas Schwab
2016-09-08 13:49 ` Florian Weimer
2016-09-08 13:54 ` Andreas Schwab
2016-09-08 14:02 ` Florian Weimer
2016-09-08 15:56 ` Andreas Schwab
2016-09-08 14:19 ` Zack Weinberg
2016-09-08 14:31 ` Florian Weimer
2016-09-08 14:39 ` Zack Weinberg
2016-09-08 14:40 ` Florian Weimer
2016-09-08 15:10 ` Zack Weinberg
2016-09-08 18:28 ` Richard Henderson
2016-09-08 18:32 ` Florian Weimer
2016-09-08 18:35 ` Richard Henderson
2016-09-12 13:48 ` Florian Weimer
2016-10-07 23:00 ` Paul Eggert
2016-10-08 10:33 ` Florian Weimer
2016-10-08 10:49 ` Andreas Schwab
2016-10-08 12:31 ` Florian Weimer
2016-09-09 14:21 ` Torvald Riegel
2016-09-09 14:28 ` Florian Weimer
2016-09-09 14:41 ` Zack Weinberg
2016-09-09 15:14 ` Florian Weimer
2016-09-09 15:23 ` Torvald Riegel [this message]
2016-09-12 7:26 ` Florian Weimer
2016-09-12 9:40 ` Torvald Riegel
2016-09-12 11:52 ` Florian Weimer
2016-09-23 9:44 ` Torvald Riegel
2016-09-23 11:04 ` Florian Weimer
2016-10-12 15:58 ` Florian Weimer
2016-10-12 16:10 ` Zack Weinberg
2016-10-17 13:02 ` Florian Weimer
2016-10-17 13:07 ` Zack Weinberg
2016-10-17 12:54 ` Torvald Riegel
2016-10-17 13:01 ` Florian Weimer
2016-10-03 17:51 ` Carlos O'Donell
2016-10-04 12:02 ` Florian Weimer
2016-10-04 12:24 ` Adhemerval Zanella
2016-10-04 16:05 ` Torvald Riegel
2016-10-04 20:31 ` Zack Weinberg
2016-10-05 7:18 ` Florian Weimer
2016-10-05 12:42 ` Zack Weinberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1473434601.30192.13.camel@localhost.localdomain \
--to=triegel@redhat.com \
--cc=fweimer@redhat.com \
--cc=libc-alpha@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).