From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <libc-alpha-return-75522-listarch-libc-alpha=sources.redhat.com@sourceware.org>
Received: (qmail 8243 invoked by alias); 6 Dec 2016 13:41:40 -0000
Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <libc-alpha.sourceware.org>
List-Subscribe: <mailto:libc-alpha-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: libc-alpha-owner@sourceware.org
Received: (qmail 8214 invoked by uid 89); 6 Dec 2016 13:41:38 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-1.4 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,RCVD_IN_SORBS_SPAM,SPF_PASS autolearn=no version=3.3.2 spammy=Zack, H*F:D*panix.com, H*RU:sk:pool-10, concrete
X-HELO: mail-qt0-f193.google.com
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:subject:to:references:cc:from:message-id:date
         :user-agent:mime-version:in-reply-to:content-transfer-encoding;
        bh=iwMER5c8pGzQ7PTlLOEVyTXWtBtOLNqY9Tr5Fm+qCTI=;
        b=IxqRZLMSSG2RpN3MTSODDHp+jyxaL30KoKxhvSBsOpwq8Hsj/g0KWgWFS0ONp52kaV
         6TCGdQiHWWwWtEjh/QzULccyXvtQQ0En72T71O5sxeSKSmsSNheABQPK/e84mwWtkWwj
         7PVMU4a9Nj+kXuGWDtUvd6lZZ1Y6SE4a0IAsyDwM/1Qn+9/Y3c23FWsxn43TzxVPSyEc
         3RCpt6qKPc9tmn5qtPb75J4z/xqLi7xv4UVpfvg3RH1ybWbWwoPIGz0zULE7wHS75uHu
         B9dZck3sn1aYHJ75fsZ8YHMzY9TOGuis7HCBRS7Qv3TPFsJIaTKyPSkUYmBi6aTPNqek
         d4Wg==
X-Gm-Message-State: AKaTC02vADkJyvKuO8qhafBtchTIOlNFrDV19jxe/s1kcDA36wfehO+B6GhkCcEzmbDRIQ==
X-Received: by 10.200.46.249 with SMTP id i54mr55093568qta.13.1481031695409;
        Tue, 06 Dec 2016 05:41:35 -0800 (PST)
Subject: Re: [PATCH v9] Add getentropy, getrandom, <sys/random.h> [BZ #17252]
To: Florian Weimer <fweimer@redhat.com>, Torvald Riegel <triegel@redhat.com>
References: <5b8e5866-d071-9e2c-54e7-2ccf857a2fd8@redhat.com>
 <97f4db91-49d9-83fa-9f67-6cc718629160@redhat.com>
 <1480697250.14990.52.camel@redhat.com>
 <680d0bed-b164-b809-d672-e0278fe08d7e@redhat.com>
Cc: GNU C Library <libc-alpha@sourceware.org>
From: Zack Weinberg <zackw@panix.com>
Message-ID: <90908be7-c7db-46f2-a635-27dc5604e47f@panix.com>
Date: Tue, 06 Dec 2016 13:41:00 -0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
 Icedove/45.5.1
MIME-Version: 1.0
In-Reply-To: <680d0bed-b164-b809-d672-e0278fe08d7e@redhat.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-SW-Source: 2016-12/txt/msg00150.txt.bz2

On 12/06/2016 07:55 AM, Florian Weimer wrote:
> On 12/02/2016 05:47 PM, Torvald Riegel wrote:
>> On Wed, 2016-11-30 at 17:15 +0100, Florian Weimer wrote:
>>> On 11/30/2016 02:33 PM, Florian Weimer wrote:
>>>> This iteration of the patch implements both getrandom and getentropy at
>>>> the same time.
>>
>> This basically looks good to me (though I'm no expert on the actual
>> syscall etc.).
> 
> Thanks.
> 
> Zack, would you comment as well, please?

The 256-byte limit is unfortunate but I see why we want it.

I think you should remove this assertion:

+      /* The Linux implementation never returns zero if the length
+         argument is not zero, and does not perform a short read for
+         sizes <= 256.  */
+      assert (bytes == length);

it strikes me as Knowing Too Much about the kernel interface.

My only other remaining concern is the name mangling, and unfortunately
we really do have to resolve that before this can be committed, because
we'll be stuck with whatever decision we make here forever.

I still don't really understand what problems you are trying to solve by
mangling names, I still think that ad-hoc addition of mangled names with
forcible redirection in the headers is unlikely to be the *correct* fix
to whatever the problems actually are, and most importantly of all, I
still don't understand why you are convinced *these particular symbols*
need "interposition protection".  You said

> getentropy definitely needs interposition protection because it is
> frequently redefined.  We'll need to rebuild a distribution to see if
> the current approach is sufficient.  For consistency, I also added
> interposition protection for getrandom.

and this makes absolutely no sense at all to me.  Is it not the case
that people are defining getentropy and/or getrandom *because* libc
doesn't?  Won't their build systems notice (via AC_REPLACE_FUNCS or
equivalent) that libc is now defining them, and stop?

A concrete example of a real program or combination of programs, that
will break if we don't do this, would be really helpful to me.  Not a
demo, please, something that already exists in the wild.

zw