From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 68570 invoked by alias); 18 Nov 2016 10:27:48 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Received: (qmail 68474 invoked by uid 89); 18 Nov 2016 10:27:47 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.8 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_NONE,SPF_HELO_PASS autolearn=ham version=3.3.2 spammy=blocked, risk X-HELO: EUR01-HE1-obe.outbound.protection.outlook.com Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Szabolcs.Nagy@arm.com; Message-ID: <582ED78F.3050400@arm.com> Date: Fri, 18 Nov 2016 10:27:00 -0000 From: Szabolcs Nagy User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.8.0 MIME-Version: 1.0 To: Zack Weinberg , Florian Weimer CC: , GNU C Library Subject: Re: [PATCH v7] getrandom system call wrapper [BZ #17252] References: <3dd5d3b8-c196-98fb-1671-90cd90ab90c7@redhat.com> <244f578c-889a-a4cf-c686-bb2a5e49cca1@panix.com> <2d175242-1a82-9410-d01e-682ab4d9081e@panix.com> <0cca2fc9-14d2-9fa2-5a6e-fe00af31acd6@redhat.com> <4928b864-9691-021d-fcf9-b3ef9bd10f63@panix.com> <5193b776-03a5-3841-6980-b67c56a99c2a@redhat.com> In-Reply-To: Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-ClientProxiedBy: HE1PR0402CA0022.eurprd04.prod.outlook.com (10.175.27.32) To DB6PR0802MB2150.eurprd08.prod.outlook.com (10.172.227.8) X-Microsoft-Exchange-Diagnostics: 1;DB6PR0802MB2150;2:u6SGO45Fjxc6B6Y8/PtVM4oJULCf/feq5WKQ44DyKl20ygxlC0HYt4p3cPR26HDuYmHhVD5g1nTKC0bN2zjK6REFHWcv8XVjMbhOaGaFPrQcCiI0fY1btu/90XtVJh8JW7MzvPC8CV7qs9VJwPQgOQS9EbTi3YdN3AdMAdeyEVM=;3:HPPJVNJKBhh/KdIoNvZ3pMvY3qqdkttJcjO/3nn6Fjo28GIicdA4/SpbnHXpcdnjjdbApSxj2CDGoKeFU95UWW/Xk+XLhV6tIx21gYdH6TDeLtd8kCjkGskOhGIBvUbbmL8oryUrp+UJXsMyzdApZ+HmU52sDY6jUaQNR/mBT7I= X-MS-Office365-Filtering-Correlation-Id: 5240c66a-032f-46ca-0a62-08d40f9d81bb X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:DB6PR0802MB2150; X-Microsoft-Exchange-Diagnostics: 1;DB6PR0802MB2150;25:NBix20BZb2KotMT5TQBY3UlurxDaVAnyojS5XOSQ7hAprpDvCg4Z5YQvlsof51ZGfwo7O3SMp+FXkEeT4PRHQbk56OtAJaHGi4KFq6E5RuXF78KQNX2nmDGLZR5M4ahvkkkMm52b3VWi2zcq/Kj6DguN61o3YVIzOeC+R8rOOj0PqgBmGIzW7t2y1DIKLq4xX1uK5eNMoivZnNhi20wGlvbA+WwJpPMiTQFpNfwZC8T2WadOZM8Efm7BpaiFmo5Z5TFpocQcZcVi/lZJAnsUbJmn364DUVMPiOUIzQ2EpAKyIZX6iYf0eFTRY+10piGTZ28fuRlp2rOtbxoKKCn511yN7W3VekVu6jlNohBLcnUEuem/xxoaEH4wp762lfOO3xcUBJ8QO6XW0Dkp0imwmAb6J85t4OINu5BQxC2mi4dBb6YganGX3ESZ8H1H9S5kPvdzbARhM68LM69bZieEqrN8MdD3SJg8ae88msmNuymezk+F10YToed4x+MHTKchEf1oqq4bZ+E/GCZp7emtNU40KkI3YYDJQGcbBPuFPP6feSW/XA5R3Xx+pDBRQrAD7PjqNBmXyT7y2LH6krXVFDID044eLyW9JZnzFCur30AnGwWVqO7JVTAaYfayn2pBHx8POp8ST4KSt0P+wKy+B3xQOsJHyDZNwMAtIccBkNlhKatyDQp3R+LSyCA656Gn8rR9edlRWDxat6xdQK+6tzRTurOEnOQ57QrcUQMwDwBY6fFIm43U0h37aXsCAV77 X-Microsoft-Exchange-Diagnostics: 1;DB6PR0802MB2150;31:dBy8iU45tdIB+aXGj2rsf1j6jO2XuMOtIRNSHD6gMkn9AiZYZEEeRYwJH1NmmEwGcnoBFj3z7Ng1vr06iZvUXJz3VEDxgmN9U26p7P0aSvFlvcOyOdpVN+A6bN9NcfD5NM8ChXfqIWIc9abrqEwYS6UErvc2/f1LGtgnZfD3OB5gZlVtCJkt2ttG5ZwkT27aYvI7tt9fugiPmBV5Jn3FYcP/t84vVhonGb3rAtzKP2X+SZQr2nWc4hoKdy4QHwFg;20:a6cVpfs3kS2NlX/OQVL0WNlGGdn7wP8fJjW8GRb1+gU8MPJGLZVKtamzLpQb0gKkXjgX2+adtJk95gLiNDNVOWZJjtQiVEf+QMEXVqcUVWKiBNbYE4JKGhNfbeNzuZ6t/VxnhgSqZGfk23/sJU1VMuklIaEJ70XAI9Wz9YG/ew4=;4:kodUimbFD1P1i3decmECa7xuHcdrKTXPdq+YXzsFfHmgbAtEmSdcyVcl+Cth57BU4NCMwZ0PBTkyZ8esgviSnzsvhJEoZ5mlQMaF10Th9DqNMRL9dQgxMi7Gm7RBSkSTXKOLiwmFKk9r7hMgDfteTZoq+mle2ls0K/a33V/N0ehLzEMjIFUfRHmTyq1iVjY12zt+slrYM/+m7CXUHHwdYBgYJGO0wQKioNPAim74n9fF2WJxJrX1rMSvJoKTRZsgf1cdXHHQKgEB/+Gr/R/Fu65lwOP1OIFSUzuOxuU4FCZ2dNkKzotlVhwjKgXR12wPsHo2ffwDj7lAbvMCmoIocOBDliDb6rSzh1gs7LapdcX4wAgkPEdAuSzY7nO3WZbJ8d3fe4Duh1Zc/CMzxNVKbNcia5OCaMxwK6vboRv0C1I9flyKjuzc5EAbqQ0jc8eC NoDisclaimer: True X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040281)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6055026)(6041223);SRVR:DB6PR0802MB2150;BCL:0;PCL:0;RULEID:;SRVR:DB6PR0802MB2150; X-Forefront-PRVS: 01304918F3 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4630300001)(6009001)(6049001)(7916002)(377454003)(199003)(24454002)(189002)(92566002)(6116002)(230700001)(81166006)(4326007)(65806001)(65956001)(47776003)(54356999)(23676002)(77096005)(33656002)(97736004)(81156014)(38730400001)(8676002)(305945005)(76176999)(59896002)(3846002)(66066001)(50986999)(65816999)(4001350100001)(93886004)(106356001)(189998001)(87266999)(80316001)(5660300001)(64126003)(105586002)(42186005)(2906002)(50466002)(5001770100001)(229853002)(83506001)(2950100002)(7846002)(86362001)(6666003)(7736002)(36756003)(68736007)(101416001);DIR:OUT;SFP:1101;SCL:1;SRVR:DB6PR0802MB2150;H:[10.2.206.73];FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en; Received-SPF: None (protection.outlook.com: arm.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtEQjZQUjA4MDJNQjIxNTA7MjM6cG53L2E3Z1VDS3cvRDNFV0w3WnhIMFQ0?= =?utf-8?B?TzVna2Zncis1VGhvaDdydFU3QXlPLy9ab2VUVGE1VjYxQ2ZuTjdoYXZUQnlm?= =?utf-8?B?ampVcW5lZ2VUYXZ1cXBPdW1LQmdqVHp1TmV1azVIV1l5WnRhZG9ublk4eEg2?= =?utf-8?B?MUxUQ2VIenVsZDFpWVBCb0hlMHZaQzczYjJIc0p4TXJHNXNPcWpjYlFCemNo?= =?utf-8?B?RW43TlNod05JcWtDU0FyVHVBbVVJWWZlU29RTVFXd0k3ZjZYc09vOUhJUmV3?= =?utf-8?B?Q2JxVVNkNXlCT2tPMVpNcTZ3UHZvZ2VDVGhEVVJtUzlldTVyNGc5Z0Q2QzdP?= =?utf-8?B?M2d0bW95NlA2ZUpZbkNHVkhkVnRWMzZwekJURXo4aytIbnNyWTQzaWFML3pt?= =?utf-8?B?TURwU3pYbXhLeXhGbUJjRTdTVE5SQWZ5MFRqMTNtSDVraC9rejdvYjIxa3Na?= =?utf-8?B?Z2F6RVFZZGlqcXEvRmdtUjBpT3gxakY5Z3NjZUxqaXUvZWNrKy9FLzBES0E2?= =?utf-8?B?MzVjWVI3bEdQVFRYMndIUGxveVNrWXVORWZoWTE5ZFBxQVpNcFBZN1RwbFhw?= =?utf-8?B?bDc5TUR0UWlFeHlrTVIvTUtzWWVYVTJPUm1RZnl4RnlhL3V5ZjFrWW1rbjVp?= =?utf-8?B?ZUpvak9RYXBnMEx1TTQwa2V6SllLVWpWeENZbXFubEFidHJneWdDUHJUWG1F?= =?utf-8?B?OHpzdnFXWGxtWHF0MjlUZlFUQmh4UnVWTmVtanpCTEF5dWkxSDhnUTZJcm1v?= =?utf-8?B?Tm5pWC9yMkFEWkNTS2xkbElweExiaElodERxVXFKa3N6Sis5dHFEMlVpNzlh?= =?utf-8?B?b3U0MkpyVDR2ZGJPRExHT3JRSEQyUE00NG5BaTdzVUV2dE9MUjU1cGttcXJi?= =?utf-8?B?WHJ6K3pyUWlpcjQxMUg1VkxzaDZMWWw3YmN6VU5Kc3M5TWdrZTZMV04wcjla?= =?utf-8?B?RDZ1R2pXbS9WVTlITmJ0YmpiZ09IWnZJa3NmTldiOUNBWlFYU1huWGxoSzJV?= =?utf-8?B?K0d4MEg1T3FKc0dlWjhadkQ5Y1BZUFM4U0RFZStyTExsbHhQdjd1a0puajJx?= =?utf-8?B?QThGZ253ZkZIbWdFdFc3ODhNeG1PbDRKTzBOaW8vcnpXRUo5TU1YdzdmNjFi?= =?utf-8?B?bDE2THdRNmdoRzk5Mk5UVUttNHByeG1SY0F6OVlLdnBObkZZM3YvakpMeHVE?= =?utf-8?B?WnhrKzBtWmZnWmgrcVRsTFNHRDBZQ0lPSVZRN0d6Q284VnNOUG5ETS9ESjBl?= =?utf-8?B?bnN4ZFFrNWJLNWJmODhETHdXcnYrU0Vkd243dVpDQlV3SWRQVThoejFOQ2JQ?= =?utf-8?B?WDlPVGg2eVlUV3R3UWxtNWJzNTY5eWxMcUE3anhkK0J4VDdCOTMvV1FrZDRo?= =?utf-8?B?N0JBOUZPRWNvUEQwQTlzTXFOeFJaOG1ucHVuNUowdDU1UjBrdlIybFJWamkw?= =?utf-8?B?ME0yVG0wRVlqMmdRVUNaOXMxKzJ0NnB3QWtoRFBUdXloSURUSE01QkY0dm5S?= =?utf-8?B?eGFvd1dTeXVER0x6NHNRWksvVU9NcjAwSVl3ZE1KQWxLcE1Ed0lnNVUyL2Nu?= =?utf-8?B?N0xlSnRIdVBNTFI2N3Q0WXVYbHlidmFDa1dWNWU5WFA0b0dpekFjdjhhYzd2?= =?utf-8?B?MjZ1VGxWVUlZKy9JSWFIalZxNGRBazBpSjZzS3BiVURhYUh0ODduZXQ3K2lp?= =?utf-8?B?LzEwVmRuSWJvdnZ1WHFETzlZeXhHTFpDYU5XNndJTUdPTjdyNG5uSi9jZVE0?= =?utf-8?B?NVVaL09HNFFIWXhOeVREeGNZZUZCOTZrWk9wNlkxWGVXK2F1U3NaL3pvUndZ?= =?utf-8?Q?Seqz8hkIMewE4xO?= X-Microsoft-Exchange-Diagnostics: 1;DB6PR0802MB2150;6:pgWH4A14Db6s4KL1lRdX5bpNFpsQrTvd87Fz8qGtHb29Is1wxDx8prsFuGh2vacDKWlO71Uo9d7q0hZ8D9f4Q3TSMxuqG/Y/rjSRo6fkEcytN6L4ls/E38VEclf1dzgdur1vRNnhlJSEmn7kuTxUpKb5J7mQsDnVz1zHiGQ6SZeMC0vQ78oxISQniUin0lfp59atP/oziSe5N+1AqPDHFeGe7O1F6GCEkCmybPRysvQEE4YLLLwbDQOYhvyU28fCHR9+eRVUVwpJ6ja2cWB3ns5bsX+9cVBEopqDqjfQ88MTtqpnVafBLCpsELkgeC4sjGUezKl6OUZE7sY6e9AqVEtHtp2x3L5RkEdHT71a6Ic=;5:mljeFVvCp/+ClwrxLSfWI0R6S/0M68ayW/lZAqnSwKWKhFMK19yF4zHTGgk28P99p5tjftP+qObGK5x8o9SepIc988yB6W0xEc7zZthVnkYo7BNSYXlQE4kVfhiTfBE1PXfDkHWN7BRAjblwlQKjQDMwdexQxnDT6ygZl399r4g=;24:JCFSL/MVazNwc0U/DXntkcuTuqeOB3DtVIzHwvmCvEWrTOXwkr7oDYeHGHCpaDJipqEZ+DLm4Git/wRAJ0sNJTvRBNEJS8ZV3lqlv2irkWE= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;DB6PR0802MB2150;7:3r60+59qogwhrtbodG3AJ3UVwcPBeovjvXMWtslGL+uWkn7CPqWbTqZg7Plb2uHgo9u5nVMaszuCwgGEGjZvHmxgUphI2ozAHjzwhiyMR6tU5cMPg6lMR0rAni6p61IdnLw3YwnN1u04yzvbhn4LSflP5E1NnpqsQxdNNz9LoJeef6LR95OUp37u48EYIr7+7VMI9LwfZDDjRoNUjsbCe8DN02WWkUFhGa1DjZzIp7o60pe4+vdld3XdmkBaRxhJtW4EZs1iPcqJoRLsybO7Ki9z77XAyk1wRKxOcTHpqWfvjRwxIfrvaa5FcWQ331kvkAcXItr6yMXXq2AHcnlHbRJZEj+KbpPRIL5dVGamsUk= X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Nov 2016 10:27:32.0037 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0802MB2150 X-SW-Source: 2016-11/txt/msg00651.txt.bz2 On 17/11/16 17:16, Zack Weinberg wrote: > On 11/17/2016 10:24 AM, Florian Weimer wrote: >> On 11/17/2016 02:56 PM, Zack Weinberg wrote: >>> Also evidence that making getrandom a >>> cancellation point _won't_ break programs that naively assume it can >>> never fail. >> >> Cancellation does not add additional error return cases. > > It does add additional _failure_ cases. Suppose a program that expects > threads only to be at risk of cancellation at points where they do > network I/O, and does all the necessary dancing to make that reliable. > These threads are _already_ using getrandom() where available, via a > portability wrapper that will call into the C library if possible, or > make a direct syscall otherwise. Being a wrapper, it's not a > cancellation point, and the surrounding code relies on that. Now you > upgrade glibc, and suddenly getrandom() _is_ a cancellation point, and > the threads can now be cancelled in places where their data structures > are internally inconsistent -- and it doesn't matter that getrandom() > doesn't block under normal conditions, because the generic > cancel-testing code will fire anyway. > > [This is just the general argument that adding new cancellation points > to the C library can render existing code buggy without notice.] there is no existing code that uses glibc getrandom. a user can easily turn a cancellation point into a non-cancellation one if desired, but the other way is not possible. blocking syscalls have to be cancellation points otherwise they cannot be called safely from a long running process that has to remain responsive: blocked threads can keep piling up and there is no way to reuse the resources they hold. [this is the general argument for adding new blocking syscalls as cancellation points].