Re: [PATCH] Add getrandom syscall wrapper function

[Rich Felker <dalias@libc.org>]

On Mon, Jan 01, 2018 at 10:51:34PM +0100, Hauke Mehrtens wrote:
> On 01/01/2018 09:47 PM, Rich Felker wrote:
> > On Mon, Jan 01, 2018 at 09:31:23PM +0100, Hauke Mehrtens wrote:
> >> This syscall is available since Linux 3.17 and was also implemented in
> >> glibc in version 2.25. This is a pure syscall wrapper liker glibc does
> >> it.
> >> ---
> >>  include/sys/random.h  | 19 +++++++++++++++++++
> >>  src/linux/getrandom.c | 11 +++++++++++
> >>  2 files changed, 30 insertions(+)
> >>  create mode 100644 include/sys/random.h
> >>  create mode 100644 src/linux/getrandom.c
> >>
> >> diff --git a/include/sys/random.h b/include/sys/random.h
> >> new file mode 100644
> >> index 00000000..5540f877
> >> --- /dev/null
> >> +++ b/include/sys/random.h
> >> @@ -0,0 +1,19 @@
> >> +#ifndef _SYS_RANDOM_H
> >> +#define _SYS_RANDOM_H
> >> +#ifdef __cplusplus
> >> +extern "C" {
> >> +#endif
> >> +
> >> +#define __NEED_size_t
> >> +#define __NEED_ssize_t
> >> +#include <bits/alltypes.h>
> >> +
> >> +#define GRND_NONBLOCK	0x0001
> >> +#define GRND_RANDOM	0x0002
> >> +
> >> +ssize_t getrandom(void *buf, size_t buflen, unsigned int flags);
> >> +
> >> +#ifdef __cplusplus
> >> +}
> >> +#endif
> >> +#endif
> >> diff --git a/src/linux/getrandom.c b/src/linux/getrandom.c
> >> new file mode 100644
> >> index 00000000..50b07df9
> >> --- /dev/null
> >> +++ b/src/linux/getrandom.c
> >> @@ -0,0 +1,11 @@
> >> +#include <sys/random.h>
> >> +#include "syscall.h"
> >> +
> >> +ssize_t getrandom(void *buf, size_t buflen, unsigned int flags)
> >> +{
> >> +#ifdef SYS_getrandom
> >> +	return syscall_cp(SYS_getrandom, buf, buflen, flags);
> >> +#else
> >> +	return __syscall_ret(-ENOSYS);
> >> +#endif
> >> +}
> >> -- 
> >> 2.11.0
> > 
> > The #ifdef doesn't make sense; if the definition is missing then it's
> > a bug in musl source.
> 
> Ok, If I can assume that SYS_getrandom is always defined I will remove this.
> 
> > Aside from that I think the patch is okay but I'm not sure it's
> > complete. There should probably also be getentropy(),
> 
> Adding getentropy() should not be so hard, I can do that.
> 
> > and we've
> > discussed in the past but never reached any conclusion on whether
> > there should be a fallback when the syscall doesn't exist (running on
> > old kernel).
> 
> glibc does not have a fallback for this syscall there was a long
> discussion about this, see here: https://lwn.net/Articles/711013/
> As they never found a good solution for their fallback. I think musl
> should also not provide a fallback.
> 
> This is the glibc implementation:
> https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=92dcaa3e2f7bf0f7f1c04cd2fb6a317df1a4e225

I think we can add it for now with no fallback to unblock things
waiting on it, and also consider adding fallback. If/when we add
arc4random/posix_random, we will have a perfectly reasonable backend
we can use in the absence of the syscall. It would initialize its
entropy from AT_RANDOM on kernels that have it and from the legacy
sysctl random source on kernels too old to have AT_RANDOM.

Rich