From: Florian Weimer <fweimer@redhat.com>
To: GNU C Library <libc-alpha@sourceware.org>
Subject: Re: [PATCH v7] getrandom system call wrapper [BZ #17252]
Date: Fri, 18 Nov 2016 13:21:00 -0000 [thread overview]
Message-ID: <6df675e8-0eaf-8ff5-43b2-458afc585d55@redhat.com> (raw)
In-Reply-To: <20161117062144.GS21655@vapier.lan>
On 11/17/2016 07:21 AM, Mike Frysinger wrote:
> On 14 Nov 2016 18:44, Florian Weimer wrote:
>
> just nits at this point
>
>> +/* Flags for use with getrandom. */
>> +#define GRND_NONBLOCK 1
>> +#define GRND_RANDOM 2
>
> if they're bit flags, should we be doing 0x1/0x2 etc ? otherwise this
> will turn into 4, 8, 16, 32, 64, etc... which gets ugly. the kernel
> headers use hex constants.
Okay, I turned this into:
#define GRND_NONBLOCK 0x01
#define GRND_RANDOM 0x02
Do you want more zero padding?
(I'm not a fan of column alignment because it means that future patches
will have to make whitespace-only changes to change column alignment,
which slightly obfuscates the actual change.)
>> +/* Test getrandom with a single buffer length. */
>> +static void
>> +test_length (char *buffer, size_t length, unsigned int flags)
>> +{
>> + memset (buffer, 0, length);
>> + strcpy (buffer + length, "123");
>
> while this works, it seems pointlessly fragile. can't you treat it like
> a normal "this is the length of the buffer" and carve out space at the
> end yourself ? i.e.
> memset (buffer, 0, length);
> static const char canary[] = "123";
> size_t canary_len = sizeof(canary);
> length -= canary_len;
> strcpy (buffer + length, canary);
> ...
>
> ssize_t ret = getrandom (buffer, length - , flags);
I don't think this is much clearer. I'm going to add a comment:
/* Test getrandom with a single buffer length. NB: The passed-in
buffer must have room for four extra bytes after the specified
length, which are used to test that getrandom leaves those bytes
unchanged. */
Hopefully this is clear enough.
>
>> + if (ret < 0)
>> + {
>> + if (!((flags & GRND_RANDOM)
>> + && (flags & GRND_NONBLOCK)
>> + && errno != EAGAIN))
>
> seems like it'd be more readable to distribute the ! and to combine the
> flags check into a single mask ? i have to read these lines a few times
> to digest what exactly the code is trying to do.
What about this?
/* EAGAIN is an expected error with GRND_RANDOM and
GRND_NONBLOCK. */
if ((flags & GRND_RANDOM)
&& (flags & GRND_NONBLOCK)
&& errno == EAGAIN)
return;
printf ("error: getrandom (%zu, 0x%x): %m\n", length, flags);
errors = true;
return;
The second return was missing before, the old condition was actually wrong.
>> + if (getrandom_full (buffer1, sizeof (buffer1), flags)
>> + && getrandom_full (buffer2, sizeof (buffer2), flags))
>> + {
>> + if (memcmp (buffer1, buffer2, sizeof (buffer1)) == 0)
>
> maybe also add a comment that likelihood of this being the same is
> extremely rare too.
This should do it:
/* The probability that these two 8-byte buffers are equal
is very small (assuming that two subsequent calls to
getrandom result are independent, uniformly distributed
random variables). */
>> + for (int use_random = 0; use_random < 2; ++use_random)
>> + for (int use_nonblock = 0; use_nonblock < 2; ++use_nonblock)
>> + {
>> + int flags = 0;
>
> unsigned to match the API ?
Right, thanks.
Do you have any comments about the matter of the cancellation point and
the redirect to __libc_getrandom?
Thanks,
florian
prev parent reply other threads:[~2016-11-18 13:21 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-10 21:03 [PATCH] Add getrandom implementation " Florian Weimer
2016-06-10 21:31 ` Joseph Myers
2016-06-10 21:36 ` Joseph Myers
2016-06-10 22:00 ` Paul Eggert
2016-06-10 22:06 ` Joseph Myers
2016-06-11 11:13 ` Florian Weimer
2016-06-11 20:10 ` Paul Eggert
2016-06-10 22:15 ` Roland McGrath
2016-06-10 22:40 ` Joseph Myers
2016-06-10 22:45 ` Roland McGrath
2016-06-23 17:21 ` Florian Weimer
2016-06-25 21:58 ` Paul Eggert
2016-09-02 22:23 ` Roland McGrath
2016-06-27 15:07 ` [PATCH v2] " Florian Weimer
2016-06-30 9:33 ` Rical Jasan
2016-09-08 9:53 ` Florian Weimer
2016-09-08 10:13 ` Andreas Schwab
2016-09-08 10:28 ` Florian Weimer
2016-09-08 11:58 ` Rical Jasan
2016-09-08 12:36 ` Florian Weimer
2016-06-30 12:03 ` Zack Weinberg
2016-07-13 13:10 ` Nikos Mavrogiannopoulos
2016-11-14 17:45 ` [PATCH v7] getrandom system call wrapper " Florian Weimer
2016-11-14 18:29 ` Zack Weinberg
2016-11-15 20:57 ` Richard Henderson
2016-11-16 15:11 ` Florian Weimer
2016-11-16 15:20 ` Zack Weinberg
2016-11-16 15:52 ` Florian Weimer
2016-11-16 16:41 ` Zack Weinberg
2016-11-17 13:02 ` Florian Weimer
2016-11-17 13:46 ` Zack Weinberg
2016-11-17 13:50 ` Florian Weimer
2016-11-17 13:56 ` Zack Weinberg
2016-11-17 15:24 ` Florian Weimer
2016-11-17 17:16 ` Zack Weinberg
2016-11-18 10:27 ` Szabolcs Nagy
2016-11-18 15:46 ` Torvald Riegel
2016-11-18 18:50 ` Zack Weinberg
2016-11-21 16:57 ` Torvald Riegel
2016-11-21 17:12 ` Zack Weinberg
2016-11-21 17:30 ` Torvald Riegel
2016-11-21 17:34 ` Florian Weimer
2016-11-29 8:24 ` Florian Weimer
2016-11-16 18:02 ` Torvald Riegel
2016-11-16 19:53 ` Adhemerval Zanella
2016-11-17 12:52 ` Torvald Riegel
2016-11-18 8:28 ` Szabolcs Nagy
2016-11-18 14:21 ` Torvald Riegel
2016-11-18 15:13 ` Florian Weimer
2016-11-18 16:04 ` Torvald Riegel
2016-11-29 8:16 ` Florian Weimer
2016-11-29 13:56 ` Torvald Riegel
2016-11-29 14:40 ` Florian Weimer
2016-11-29 15:23 ` Torvald Riegel
2016-11-29 15:32 ` Florian Weimer
2016-11-29 15:54 ` Zack Weinberg
2016-11-29 17:53 ` Paul Eggert
2016-11-29 18:11 ` Florian Weimer
2016-11-29 19:37 ` Paul Eggert
2016-11-30 6:09 ` Florian Weimer
2016-11-17 6:21 ` Mike Frysinger
2016-11-18 13:21 ` Florian Weimer [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6df675e8-0eaf-8ff5-43b2-458afc585d55@redhat.com \
--to=fweimer@redhat.com \
--cc=libc-alpha@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).