One Thousand Gnomes <gno...@lxorguk.ukuu.org.uk> writes: >> Andy you seem to be arguing here for two system calls. >> get_urandom() and get_random(). >> >> Where get_urandom only blocks if there is not enough starting entropy, >> and get_random(GRND_RANDOM) blocks if there is currently not enough >> entropy. >> >> That would allow -ENOSYS to be the right return value and it would >> simply things for everyone. > > So you replace the "no file handle" special case with the "unsupported or > disabled syscall" special case, which is even harder to test. > > Interfaces have failure modes. People who can't deal with that shouldn't > be writing code that does anything important in languages which don't > handle it for them.
Perhaps I misread the earlier conversation but it what I have read of this discussion people want to disable some of get_random() modes with seccomp. Today get_random does not have any failure codes define except -ENOSYS. get_random(0) succeeding and get_random(GRND_RANDOM) returning -ENOSYS has every chance of causing applications to legitimately assume the get_random system call is not available in any mode. So the code either needs a defined error code for bad flags (-EINVAL) or we need to split the syscall in two. Now that I think about it having the seccomp filter return -EINVAL if it doesn't like the parameter is better that splitting a syscall. Presumably that is what get_random(UNSUPPORTED_FLAG) returns. Eric -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
