[PATCH 1/1] getrandom(2) : new man page

[PATCH 1/1] getrandom(2) : new man page

[Heinrich Schuchardt]

Kernel 3.17 introduces a new system call getrandom(2).

The man page in this patch is based on the commit message by
Theodore Ts'o <tytso-3s7WtUTddSA@public.gmane.org>.

Signed-off-by: Heinrich Schuchardt <xypron.glpk-Mmb7MZpHnFY@public.gmane.org>
CC: Theodore Ts'o <tytso-3s7WtUTddSA@public.gmane.org>
---
 man2/getrandom.2 | 198 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 198 insertions(+)
 create mode 100644 man2/getrandom.2

diff --git a/man2/getrandom.2 b/man2/getrandom.2
new file mode 100644
index 0000000..e649eea
--- /dev/null
+++ b/man2/getrandom.2
@@ -0,0 +1,198 @@
+.\" Copyright (C) 2014, Theodore Ts'o <tytso-3s7WtUTddSA@public.gmane.org>
+.\" Copyright (C) 2014, Heinrich Schuchardt <xypron.glpk-Mmb7MZpHnFY@public.gmane.org>
+.\"
+.\" %%%LICENSE_START(VERBATIM)
+.\" Permission is granted to make and distribute verbatim copies of this
+.\" manual provided the copyright notice and this permission notice are
+.\" preserved on all copies.
+.\"
+.\" Permission is granted to copy and distribute modified versions of
+.\" this manual under the conditions for verbatim copying, provided that
+.\" the entire resulting derived work is distributed under the terms of
+.\" a permission notice identical to this one.
+.\"
+.\" Since the Linux kernel and libraries are constantly changing, this
+.\" manual page may be incorrect or out-of-date.  The author(s) assume.
+.\" no responsibility for errors or omissions, or for damages resulting.
+.\" from the use of the information contained herein.  The author(s) may.
+.\" not have taken the same level of care in the production of this.
+.\" manual, which is licensed free of charge, as they might when working.
+.\" professionally.
+.\"
+.\" Formatted or processed versions of this manual, if unaccompanied by
+.\" the source, must acknowledge the copyright and authors of this work.
+.\" %%%LICENSE_END
+
+.TH GETRANDOM 2 2014-09-13 "Linux" "Linux Programmer's Manual"
+.SH NAME
+getrandom \- fill buffer with random bytes
+.SH SYNOPSIS
+.B #include <linux/random.h>
+.sp
+.BI "int getrandom(void *"buf ", size_t " buflen ", unsigned int " flags );
+.SH DESCRIPTION
+The system call
+.BR getrandom ()
+fills the buffer pointed to by
+.I buf
+with up to
+.I buflen
+random bytes which can be used to seed user space random number
+generators (i.e., DRBG's) or for other cryptographic uses.
+It should not be used for Monte Carlo simulations or other programs/algorithms
+which are doing probabilistic sampling.
+.PP
+.I flags
+is a bit mask.
+The following bits can be set in
+.IR flags :
+.TP
+.B GRND_RANDOM
+If this flags bit is set, then random bytes are draw from the
+.I /dev/random
+pool instead of the
+.I /dev/urandom
+pool.
+The
+.I /dev/random
+pool is limited based on the entropy that can be obtained from environmental
+noise, so if there is insufficient entropy, the requested number of bytes may
+not be returned.
+.TP
+.B GRND_NONBLOCK
+If this bit is set and there is no entropy available at all,
+.BR getrandom ()
+will return -1 with
+.I errno
+set to
+.BR EAGAIN .
+If the
+.B GRND_NONBLOCK
+bit is not set and there is no entropy available at all
+.BR getrandom ()
+will block.
+.PP
+The
+.BR getentropy ()
+system call in OpenBSD can be emulated using the following
+function:
+
+.in +4n
+.nf
+int
+getentropy(void *buf, size_t buflen)
+{
+    int ret;
+
+    if (buflen > 256)
+        goto failure;
+    ret = getrandom(buf, buflen, 0);
+    if (ret < 0)
+        return ret;
+    if (ret == buflen)
+        return 0;
+failure:
+    errno = EIO;
+    return -1;
+}
+.fi
+.in
+.SH RETURN VALUE
+On success,
+.BR getrandom ()
+returns the number of bytes that were copied to the buffer
+.IR buf .
+This may not be all the bytes requested by the caller via
+.I buflen
+if insufficient entropy was present in the
+.IR/dev/random pool ,
+or if the system call was interrupted by a signal.
+.PP
+On error, -1 is returned, and
+.I errno
+is set appropriately.
+.SH ERRORS
+.TP
+.B EINVAL
+An invalid flag was passed to
+.BR getrandom ().
+.TP
+.B EFAULT
+The address referenced in parameter
+.I buf
+is outside the accessible address space.
+.TP
+.B EAGAIN
+The requested entropy was not available, and
+.BR getrandom ()
+would have blocked if the
+.B GRND_NONBLOCK
+flag was not set.
+.TP
+.B EINTR
+While blocked waiting for entropy, the call was interrupted by a signal
+handler; see the description of how interrupted
+.BR read (2)
+calls on "slow" devices are handled with and without the
+.B SA_RESTART
+flag in the
+.BR signal (7)
+man page.
+.SH NOTES
+For small requests 
+.RI ( buflen
+<= 256)
+.IR getrandom ()
+will not return
+.B EINTR
+when reading from the
+.I /dev/urandom
+pool once the entropy pool has been initialized,
+and it will return all of the bytes that have been requested.
+This is the recommended way to use
+.BR getrandom (),
+and is designed for compatibility with OpenBSD's
+.BR getentropy ()
+system call.
+.PP
+However, if you are using
+.BR GRND_RANDOM ,
+then
+.IR getrandom ()
+may block until the entropy accounting determines that sufficient environmental
+noise has been gathered such that
+.IR getrandom ()
+will be operating as a NRBG instead of a DRBG for those people who are working
+in the NIST SP 800-90 regime.
+Since it may block for a long time, these guarantees do NOT apply.
+The user may want to interrupt a hanging process using a signal, so blocking
+until all of the requested bytes are returned would be unfriendly.
+.PP
+For this reason, the user of
+.IR getrandom ()
+MUST always check the return value, in case it returns some error,
+or if fewer bytes than requested was returned.
+In the case of
+.RB ! GRND_RANDOM
+and small request, the latter should never happen, but the careful userspace
+code (and all crypto code should be careful) should check for this anyway!
+.PP
+Finally, unless you are doing long-term key generation (and perhaps not even
+then), you probably shouldn't be using
+.B GRND_RANDOM.
+The cryptographic algorithms used for
+.I /dev/urandom
+are quite conservative, and so should be sufficient for all purposes.
+The disadvantage of
+.I GRND_RANDOM
+is that it can block, and the increased complexity required to deal with
+partially fulfilled
+.IR getrandom ()
+requests.
+.SH VERSIONS
+.BR getrandom ()
+was introduced in version 3.17.0 of the Linux kernel for the x86 and amd64 architecture,
+.\" FIXME . Patch is in next-20140913.
+and is expected to be delivered in 3.18.0 for other architectures.
+.SH CONFORMING TO
+This system call is Linux-specific.
-- 
2.1.0

--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 1/1] getrandom(2) : new man page

[Michael Kerrisk (man-pages)]

Hello Heinrich

Thank you for working on this!

@Ted: could you please review the next version of 
Heinrich's page?

Heinrich, see my comments below.

On 09/13/2014 03:15 PM, Heinrich Schuchardt wrote:
> Kernel 3.17 introduces a new system call getrandom(2).
> 
> The man page in this patch is based on the commit message by
> Theodore Ts'o <tytso-3s7WtUTddSA@public.gmane.org>.
> 
> Signed-off-by: Heinrich Schuchardt <xypron.glpk-Mmb7MZpHnFY@public.gmane.org>
> CC: Theodore Ts'o <tytso-3s7WtUTddSA@public.gmane.org>
> ---
>  man2/getrandom.2 | 198 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 198 insertions(+)
>  create mode 100644 man2/getrandom.2
> 
> diff --git a/man2/getrandom.2 b/man2/getrandom.2
> new file mode 100644
> index 0000000..e649eea
> --- /dev/null
> +++ b/man2/getrandom.2
> @@ -0,0 +1,198 @@
> +.\" Copyright (C) 2014, Theodore Ts'o <tytso-3s7WtUTddSA@public.gmane.org>
> +.\" Copyright (C) 2014, Heinrich Schuchardt <xypron.glpk-Mmb7MZpHnFY@public.gmane.org>
> +.\"
> +.\" %%%LICENSE_START(VERBATIM)
> +.\" Permission is granted to make and distribute verbatim copies of this
> +.\" manual provided the copyright notice and this permission notice are
> +.\" preserved on all copies.
> +.\"
> +.\" Permission is granted to copy and distribute modified versions of
> +.\" this manual under the conditions for verbatim copying, provided that
> +.\" the entire resulting derived work is distributed under the terms of
> +.\" a permission notice identical to this one.
> +.\"
> +.\" Since the Linux kernel and libraries are constantly changing, this
> +.\" manual page may be incorrect or out-of-date.  The author(s) assume.
> +.\" no responsibility for errors or omissions, or for damages resulting.
> +.\" from the use of the information contained herein.  The author(s) may.
> +.\" not have taken the same level of care in the production of this.
> +.\" manual, which is licensed free of charge, as they might when working.
> +.\" professionally.
> +.\"
> +.\" Formatted or processed versions of this manual, if unaccompanied by
> +.\" the source, must acknowledge the copyright and authors of this work.
> +.\" %%%LICENSE_END
> +
> +.TH GETRANDOM 2 2014-09-13 "Linux" "Linux Programmer's Manual"
> +.SH NAME
> +getrandom \- fill buffer with random bytes
> +.SH SYNOPSIS
> +.B #include <linux/random.h>
> +.sp
> +.BI "int getrandom(void *"buf ", size_t " buflen ", unsigned int " flags );
> +.SH DESCRIPTION
> +The system call
> +.BR getrandom ()
> +fills the buffer pointed to by
> +.I buf
> +with up to
> +.I buflen
> +random bytes which can be used to seed user space random number

s/user space/user-space/

> +generators (i.e., DRBG's) or for other cryptographic uses.

Here, I assume DBRGs means "Deterministic Random Bit Generators".
Best to write that in full, so that some readers are not left 
puzzled by the acronym.

> +It should not be used for Monte Carlo simulations or other programs/algorithms
> +which are doing probabilistic sampling.

It would be helpful to add to that last sentence an explanation of
_why_ it should not be thus used.

> +.PP
> +.I flags
> +is a bit mask.
> +The following bits can be set in
> +.IR flags :

I'd rather see:

The
.I flags
argument is a bit mask that can contain zero or
more of the following values ORed together:

> +.TP
> +.B GRND_RANDOM
> +If this flags bit is set, then random bytes are draw from the

s/flags//
s/draw/drawn/

> +.I /dev/random
> +pool instead of the
> +.I /dev/urandom
> +pool.
> +The
> +.I /dev/random
> +pool is limited based on the entropy that can be obtained from environmental
> +noise, so if there is insufficient entropy, the requested number of bytes may
> +not be returned.
> +.TP
> +.B GRND_NONBLOCK
> +If this bit is set and there is no entropy available at all,
> +.BR getrandom ()
> +will return -1 with
> +.I errno
> +set to
> +.BR EAGAIN .
> +If the
> +.B GRND_NONBLOCK
> +bit is not set and there is no entropy available at all

s/all/all,/

> +.BR getrandom ()
> +will block.

I think it would be better to move the piece about OpenBSD's 
getentropy() call to a subsection under NOTES, perhaps headed

.SS Emulating OpenBSD's getentropy()

> +.PP
> +The
> +.BR getentropy ()
> +system call in OpenBSD can be emulated using the following
> +function:
> +
> +.in +4n
> +.nf
> +int
> +getentropy(void *buf, size_t buflen)
> +{
> +    int ret;
> +
> +    if (buflen > 256)
> +        goto failure;
> +    ret = getrandom(buf, buflen, 0);
> +    if (ret < 0)
> +        return ret;
> +    if (ret == buflen)
> +        return 0;
> +failure:
> +    errno = EIO;
> +    return -1;
> +}
> +.fi
> +.in
> +.SH RETURN VALUE
> +On success,
> +.BR getrandom ()
> +returns the number of bytes that were copied to the buffer
> +.IR buf .
> +This may not be all the bytes requested by the caller via
> +.I buflen
> +if insufficient entropy was present in the
> +.IR/dev/random pool ,

Missing space after "IR"

> +or if the system call was interrupted by a signal.
> +.PP
> +On error, -1 is returned, and
> +.I errno
> +is set appropriately.
> +.SH ERRORS
> +.TP
> +.B EINVAL
> +An invalid flag was passed to
> +.BR getrandom ().
> +.TP
> +.B EFAULT
> +The address referenced in parameter
> +.I buf
> +is outside the accessible address space.
> +.TP
> +.B EAGAIN
> +The requested entropy was not available, and
> +.BR getrandom ()
> +would have blocked if the
> +.B GRND_NONBLOCK
> +flag was not set.
> +.TP
> +.B EINTR
> +While blocked waiting for entropy, the call was interrupted by a signal
> +handler; see the description of how interrupted
> +.BR read (2)
> +calls on "slow" devices are handled with and without the
> +.B SA_RESTART
> +flag in the
> +.BR signal (7)
> +man page.

Did you test whether SA_RESTART has an affect for getrandom()? 
(For many system calls it is ignored.) I've not tested this,
but reading the source suggests that it does.

> +.SH NOTES
> +For small requests
> +.RI ( buflen
> +<= 256)

s/$/,/

> +.IR getrandom ()

s/.IR getrandom ()/.BR getrandom ()/

(The same error needs fixing in other places too.)

> +will not return
> +.B EINTR
> +when reading from the
> +.I /dev/urandom
> +pool once the entropy pool has been initialized,
> +and it will return all of the bytes that have been requested.

I find the previous sentence rather hard to understand. Can you 
reword/enhance? To be clear: above, you mean that if "buflen"
is <= 256, then getrandom() will not fail with EINTR if interrupted
by a signal handler, right? Here, I think you are also talking
about the case where GRND_RANDOM is not specified. Assuming that
is so, I think you need to say that explicitly in this paragraph.

> +This is the recommended way to use

The meaning of "This" is not clear here, especially given the
complexity of the previous sentence.

> +.BR getrandom (),
> +and is designed for compatibility with OpenBSD's
> +.BR getentropy ()
> +system call.
> +.PP
> +However, if you are using
> +.BR GRND_RANDOM ,
> +then
> +.IR getrandom ()
> +may block until the entropy accounting determines that sufficient environmental
> +noise has been gathered such that
> +.IR getrandom ()
> +will be operating as a NRBG instead of a DRBG for those people who are working

Write "Nondeterministic Random Bit Generator"

> +in the NIST SP 800-90 regime.

Perhaps a pointer to where the reader can get further info about
"the NIST SP 800-90 regime" would be helpful here. Do you have one?

> +Since it may block for a long time, these guarantees do NOT apply.

Please use
.I not
for emphasis in the previous line.

> +The user may want to interrupt a hanging process using a signal, so blocking
> +until all of the requested bytes are returned would be unfriendly.
> +.PP
> +For this reason, the user of
> +.IR getrandom ()
> +MUST always check the return value, in case it returns some error,
> +or if fewer bytes than requested was returned.
> +In the case of
> +.RB ! GRND_RANDOM
> +and small request, the latter should never happen, but the careful userspace

s/the careful userspace/careful user-sapce/

> +code (and all crypto code should be careful) should check for this anyway!
> +.PP
> +Finally, unless you are doing long-term key generation (and perhaps not even
> +then), you probably shouldn't be using
> +.B GRND_RANDOM.
> +The cryptographic algorithms used for
> +.I /dev/urandom
> +are quite conservative, and so should be sufficient for all purposes.
> +The disadvantage of
> +.I GRND_RANDOM

s/.I/.B/

> +is that it can block, and the increased complexity required to deal with
> +partially fulfilled
> +.IR getrandom ()
> +requests.

I'd write that last piece as a new sentence:

Furthermore, the need to deal with partially fulfilled
.IR getrandom ()
requests increases code complexity.

> +.SH VERSIONS
> +.BR getrandom ()
> +was introduced in version 3.17.0 of the Linux kernel for the x86 and amd64 architecture,
> +.\" FIXME . Patch is in next-20140913.
> +and is expected to be delivered in 3.18.0 for other architectures.

Remove the ".0" at the end of the two previous kernel versions.

> +.SH CONFORMING TO
> +This system call is Linux-specific.

The order of the .SH sections in this page does not match the order
given in man-pages(7). Could you please reorder for the next version.

Cheers,

Michael


-- 
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 1/1] getrandom(2) : new man page

[Theodore Ts'o]

On Mon, Sep 29, 2014 at 05:22:05PM +0200, Michael Kerrisk (man-pages) wrote:
> 
> @Ted: could you please review the next version of 
> Heinrich's page?

Of course.  :-)

> 
> > +generators (i.e., DRBG's) or for other cryptographic uses.
> 
> Here, I assume DBRGs means "Deterministic Random Bit Generators".
> Best to write that in full, so that some readers are not left 
> puzzled by the acronym.

Both DRBG and NDRBG are defined in the NIST Special Publications (SP)
800-90A, 800-90B, and 800-90C.  Some of these are in draft forms, and
some of these are formal standards that have since been re-opened for
comments and possible revisions after the Snowden revelations.  You
can check out the NIST web site for more details.  It would probably
be a good idea to include URL's in the references section to the NIST
web pages for these documents.

> 
> Did you test whether SA_RESTART has an affect for getrandom()? 
> (For many system calls it is ignored.) I've not tested this,
> but reading the source suggests that it does.

I did test to make sure that SA_RESTART semantics were working
correctly in my development, but it would be good for someone else to
double chek this.  My reference of what happens with slow read(2)
calls when signals came in was a reference to the expectation that the
full system call restart semantics are supposed to be in place for the
getrandom(2) system call.

> > +.SH VERSIONS
> > +.BR getrandom ()
> > +was introduced in version 3.17.0 of the Linux kernel for the x86 and amd64 architecture,
> > +.\" FIXME . Patch is in next-20140913.
> > +and is expected to be delivered in 3.18.0 for other architectures.
> 
> Remove the ".0" at the end of the two previous kernel versions.

... and I suspect they will also show up in 3.17.N kernel releases.
Might be good to double check to see if they've showed in the stable
releases.

						- Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Aw: Re: [PATCH 1/1] getrandom(2) : new man page

[Heinrich Schuchardt]

Hello Michael,

please find below a reworked version of the man page. I considered
your remarks and reworked it.

I removed the abbreviations and the reference to NIST as these do
not help to make better use of getrandom().
> > +random bytes which can be used to seed user space random number
> 
> s/user space/user-space/
done
> 

> > +.I flags
> > +is a bit mask.
> > +The following bits can be set in
> > +.IR flags :
> 
> I'd rather see:
> 
> The
> .I flags
> argument is a bit mask that can contain zero or
> more of the following values ORed together:

done

> > +If this flags bit is set, then random bytes are draw from the
> 
> s/flags//
> s/draw/drawn/
done

> > +bit is not set and there is no entropy available at all
> 
> s/all/all,/

done

> I think it would be better to move the piece about OpenBSD's 
> getentropy() call to a subsection under NOTES, perhaps headed
> 
> .SS Emulating OpenBSD's getentropy()
done

> > +.IR/dev/random pool ,
> 
> Missing space after "IR"

done

> Did you test whether SA_RESTART has an affect for getrandom()? 
> (For many system calls it is ignored.) I've not tested this,
> but reading the source suggests that it does.
See reply by Theodore

> > +.IR getrandom ()
> 
> s/.IR getrandom ()/.BR getrandom ()/
done

> > +will not return
> > +.B EINTR
> > +when reading from the
> > +.I /dev/urandom
> > +pool once the entropy pool has been initialized,
> > +and it will return all of the bytes that have been requested.
> 
> I find the previous sentence rather hard to understand. Can you 
> reword/enhance? To be clear: above, you mean that if "buflen"
> is <= 256, then getrandom() will not fail with EINTR if interrupted
> by a signal handler, right? Here, I think you are also talking
> about the case where GRND_RANDOM is not specified. Assuming that
> is so, I think you need to say that explicitly in this paragraph.
> 
reworked

> > +This is the recommended way to use
> 
> The meaning of "This" is not clear here, especially given the
> complexity of the previous sentence.
> 
reworked
> > +.IR getrandom ()
> > +will be operating as a NRBG instead of a DRBG for those people who are working
> > +in the NIST SP 800-90 regime.
> 
> Perhaps a pointer to where the reader can get further info about
> "the NIST SP 800-90 regime" would be helpful here. Do you have one?
The reference may be interesting in random(4) but is not helpful here.
I removed it.

> > +Since it may block for a long time, these guarantees do NOT apply.
> 
> Please use
> .I not
> for emphasis in the previous line.
done
> 
> s/the careful userspace/careful user-sapce/
done

> > +is that it can block, and the increased complexity required to deal with
> > +partially fulfilled
> > +.IR getrandom ()
> > +requests.
> 
> I'd write that last piece as a new sentence:
> 
> Furthermore, the need to deal with partially fulfilled
> .IR getrandom ()
> requests increases code complexity.
> 
done
> 
> Remove the ".0" at the end of the two previous kernel versions.
done
> 
> > +.SH CONFORMING TO
> > +This system call is Linux-specific.
> 
> The order of the .SH sections in this page does not match the order
> given in man-pages(7). Could you please reorder for the next version.
> 
done

diff --git a/man2/getrandom.2 b/man2/getrandom.2
new file mode 100644
index 0000000..6a30898
--- /dev/null
+++ b/man2/getrandom.2
@@ -0,0 +1,226 @@
+.\" Copyright (C) 2014, Theodore Ts'o <tytso-3s7WtUTddSA@public.gmane.org>
+.\" Copyright (C) 2014, Heinrich Schuchardt <xypron.glpk-Mmb7MZpHnFY@public.gmane.org>
+.\"
+.\" %%%LICENSE_START(VERBATIM)
+.\" Permission is granted to make and distribute verbatim copies of this
+.\" manual provided the copyright notice and this permission notice are
+.\" preserved on all copies.
+.\"
+.\" Permission is granted to copy and distribute modified versions of
+.\" this manual under the conditions for verbatim copying, provided that
+.\" the entire resulting derived work is distributed under the terms of
+.\" a permission notice identical to this one.
+.\"
+.\" Since the Linux kernel and libraries are constantly changing, this
+.\" manual page may be incorrect or out-of-date.  The author(s) assume.
+.\" no responsibility for errors or omissions, or for damages resulting.
+.\" from the use of the information contained herein.  The author(s) may.
+.\" not have taken the same level of care in the production of this.
+.\" manual, which is licensed free of charge, as they might when working.
+.\" professionally.
+.\"
+.\" Formatted or processed versions of this manual, if unaccompanied by
+.\" the source, must acknowledge the copyright and authors of this work.
+.\" %%%LICENSE_END
+
+.TH GETRANDOM 2 2014-09-13 "Linux" "Linux Programmer's Manual"
+.SH NAME
+getrandom \- fill buffer with random bytes
+.SH SYNOPSIS
+.B #include <linux/random.h>
+.sp
+.BI "int getrandom(void *"buf ", size_t " buflen ", unsigned int " flags );
+.SH DESCRIPTION
+The system call
+.BR getrandom ()
+fills the buffer pointed to by
+.I buf
+with up to
+.I buflen
+random bytes.
+These can be used to seed user-space random number generators
+or for other cryptographic purposes.
+.PP
+.BR getrandom ()
+relies on entropy gathered from device drivers and other sources of
+environmental noise.
+Unnecessarily reading large quantities of data will have a negative impact
+on other users of the
+.I /dev/random
+and the
+.I /dev/urandom
+devices.
+Therefore it should not be used for Monte Carlo simulations or other
+programs/algorithms which are doing probabilistic sampling.
+.PP
+The
+.I flags
+argument is a bit mask that can contain zero or more of the following values
+ORed tgether:
+.TP
+.B GRND_RANDOM
+If this bit is set, then random bytes are drawn from the
+.I /dev/random
+pool instead of the
+.I /dev/urandom
+pool.
+The
+.I /dev/random
+pool is limited based on the entropy that can be obtained from environmental
+noise, so if there is insufficient entropy, the requested number of bytes may
+not be returned.
+.TP
+.B GRND_NONBLOCK
+If this bit is set and there is no entropy available at all,
+.BR getrandom ()
+will return -1 with
+.I errno
+set to
+.BR EAGAIN .
+If the
+.B GRND_NONBLOCK
+bit is not set and there is no entropy available at all,
+.BR getrandom ()
+will block.
+.SH RETURN VALUE
+On success,
+.BR getrandom ()
+returns the number of bytes that were copied to the buffer
+.IR buf .
+This may not be all the bytes requested by the caller via
+.I buflen
+if insufficient entropy was present in the
+.IR /dev/random
+pool, or if the system call was interrupted by a signal.
+.PP
+On error, -1 is returned, and
+.I errno
+is set appropriately.
+.SH ERRORS
+.TP
+.B EINVAL
+An invalid flag was passed to
+.BR getrandom ().
+.TP
+.B EFAULT
+The address referenced in parameter
+.I buf
+is outside the accessible address space.
+.TP
+.B EAGAIN
+The requested entropy was not available, and
+.BR getrandom ()
+would have blocked if the
+.B GRND_NONBLOCK
+flag was not set.
+.TP
+.B EINTR
+While blocked waiting for entropy, the call was interrupted by a signal
+handler; see the description of how interrupted
+.BR read (2)
+calls on "slow" devices are handled with and without the
+.B SA_RESTART
+flag in the
+.BR signal (7)
+man page.
+.SH VERSIONS
+.BR getrandom ()
+was introduced in version 3.17 of the Linux kernel.
+.SH CONFORMING TO
+This system call is Linux-specific.
+.SH NOTES
+.SS Interrupt handling
+The reaction of
+.BR getrandom ()
+in case of an interruption of a blocking call by a signal
+when reading from
+.I /dev/urandom
+.RB ( GRND_RANDOM
+is not set)
+depends on the initialization state of the entropy buffer
+and on the request size
+.IR buflen .
+If the entropy is not yet intialized or the request size is large
+.RI ( buflen
+> 256),
+.B EINTR
+will be returned.
+If the entropy pool has been intialized and the request size is small
+.RI ( buflen
+<= 256),
+.BR getrandom ()
+will not return
+.BR EINTR .
+Instead it will return all of the bytes that have been requested.
+.PP
+When reading from
+.I /dev/random
+.RB ( GRND_RANDOM
+is set)
+these guarantees do
+.I not
+apply.
+.PP
+Calling
+.BR getrandom ()
+to read
+.I /dev/urandom
+for small values of
+.I buflen
+is is the preferred mode of usage.
+The described behavior was designed for compatibility with
+OpenBSD's
+.BR getentropy ()
+system call.
+.PP
+The user of
+.BR getrandom ()
+.I must
+always check the return value, in case it returns some error,
+or if fewer bytes than requested were returned.
+In the case of
+.RB ! GRND_RANDOM
+and small request, the latter should never happen, but the careful user-space
+code should check for this anyway!
+.SS Choice of random device
+Unless you are doing long-term key generation (and perhaps not even
+then), you probably shouldn't be using
+.B GRND_RANDOM.
+The cryptographic algorithms used for
+.I /dev/urandom
+are quite conservative, and so should be sufficient for all purposes.
+The disadvantage of
+.B GRND_RANDOM
+is that it can block.
+Furthermore dealing with partially fulfilled
+.IR getrandom ()
+requests increases code complexity.
+.SS Emulating OpenBSD's getentropy()
+The
+.BR getentropy ()
+system call in OpenBSD can be emulated using the following
+function:
+
+.in +4n
+.nf
+int
+getentropy(void *buf, size_t buflen)
+{
+    int ret;
+
+    if (buflen > 256)
+        goto failure;
+    ret = getrandom(buf, buflen, 0);
+    if (ret < 0)
+        return ret;
+    if (ret == buflen)
+        return 0;
+failure:
+    errno = EIO;
+    return -1;
+}
+.fi
+.in
+.SH SEE ALSO
+.BR random (4),
+.BR urandom (4)
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: Aw: Re: [PATCH 1/1] getrandom(2) : new man page

[Michael Kerrisk (man-pages)]

Hello Heinrich,

On 09/30/2014 02:38 AM, Heinrich Schuchardt wrote:
> Hello Michael,
> 
> please find below a reworked version of the man page. I considered
> your remarks and reworked it.
> 
> I removed the abbreviations and the reference to NIST as these do
> not help to make better use of getrandom().
>>> +random bytes which can be used to seed user space random number
>>
[...]

Thanks for the detailed checklist of responses. That makes life 
much simpler for me.

A few more comments below.

> diff --git a/man2/getrandom.2 b/man2/getrandom.2
> new file mode 100644
> index 0000000..6a30898
> --- /dev/null
> +++ b/man2/getrandom.2
> @@ -0,0 +1,226 @@
> +.\" Copyright (C) 2014, Theodore Ts'o <tytso-3s7WtUTddSA@public.gmane.org>
> +.\" Copyright (C) 2014, Heinrich Schuchardt <xypron.glpk-Mmb7MZpHnFY@public.gmane.org>
> +.\"
> +.\" %%%LICENSE_START(VERBATIM)
> +.\" Permission is granted to make and distribute verbatim copies of this
> +.\" manual provided the copyright notice and this permission notice are
> +.\" preserved on all copies.
> +.\"
> +.\" Permission is granted to copy and distribute modified versions of
> +.\" this manual under the conditions for verbatim copying, provided that
> +.\" the entire resulting derived work is distributed under the terms of
> +.\" a permission notice identical to this one.
> +.\"
> +.\" Since the Linux kernel and libraries are constantly changing, this
> +.\" manual page may be incorrect or out-of-date.  The author(s) assume.
> +.\" no responsibility for errors or omissions, or for damages resulting.
> +.\" from the use of the information contained herein.  The author(s) may.
> +.\" not have taken the same level of care in the production of this.
> +.\" manual, which is licensed free of charge, as they might when working.
> +.\" professionally.
> +.\"
> +.\" Formatted or processed versions of this manual, if unaccompanied by
> +.\" the source, must acknowledge the copyright and authors of this work.
> +.\" %%%LICENSE_END
> +
> +.TH GETRANDOM 2 2014-09-13 "Linux" "Linux Programmer's Manual"
> +.SH NAME
> +getrandom \- fill buffer with random bytes

Maybe better:
s/fill buffer with/obtain a series of/
?

> +.SH SYNOPSIS
> +.B #include <linux/random.h>
> +.sp
> +.BI "int getrandom(void *"buf ", size_t " buflen ", unsigned int " flags );
> +.SH DESCRIPTION
> +The system call
> +.BR getrandom ()
> +fills the buffer pointed to by
> +.I buf
> +with up to
> +.I buflen
> +random bytes.
> +These can be used to seed user-space random number generators
> +or for other cryptographic purposes.
> +.PP
> +.BR getrandom ()
> +relies on entropy gathered from device drivers and other sources of
> +environmental noise.
> +Unnecessarily reading large quantities of data will have a negative impact
> +on other users of the
> +.I /dev/random
> +and the
> +.I /dev/urandom
> +devices.
> +Therefore it should not be used for Monte Carlo simulations or other

s/it/.BR getrandom ()/

> +programs/algorithms which are doing probabilistic sampling.
> +.PP
> +The
> +.I flags
> +argument is a bit mask that can contain zero or more of the following values
> +ORed tgether:
> +.TP
> +.B GRND_RANDOM
> +If this bit is set, then random bytes are drawn from the
> +.I /dev/random
> +pool instead of the
> +.I /dev/urandom
> +pool.
> +The
> +.I /dev/random
> +pool is limited based on the entropy that can be obtained from environmental
> +noise, so if there is insufficient entropy, the requested number of bytes may
> +not be returned.

And at this point I ask myself: so, what is returned? Is it a short "read". 
If so, then say something like: "the call may return fewer bytes than 
requested". And what happens if no entropy is available?

> +.TP
> +.B GRND_NONBLOCK
> +If this bit is set and there is no entropy available at all,
> +.BR getrandom ()
> +will return -1 with
> +.I errno
> +set to
> +.BR EAGAIN .
> +If the
> +.B GRND_NONBLOCK
> +bit is not set and there is no entropy available at all,
> +.BR getrandom ()
> +will block.
> +.SH RETURN VALUE
> +On success,
> +.BR getrandom ()
> +returns the number of bytes that were copied to the buffer
> +.IR buf .
> +This may not be all the bytes requested by the caller via

s/This may not be all the/This may be less than the number of/

> +.I buflen
> +if insufficient entropy was present in the
> +.IR /dev/random
> +pool, or if the system call was interrupted by a signal.
> +.PP
> +On error, -1 is returned, and
> +.I errno
> +is set appropriately.
> +.SH ERRORS
> +.TP
> +.B EINVAL
> +An invalid flag was passed to
> +.BR getrandom ().
> +.TP
> +.B EFAULT
> +The address referenced in parameter
> +.I buf
> +is outside the accessible address space.
> +.TP
> +.B EAGAIN
> +The requested entropy was not available, and
> +.BR getrandom ()
> +would have blocked if the
> +.B GRND_NONBLOCK
> +flag was not set.
> +.TP
> +.B EINTR
> +While blocked waiting for entropy, the call was interrupted by a signal
> +handler; see the description of how interrupted
> +.BR read (2)
> +calls on "slow" devices are handled with and without the
> +.B SA_RESTART
> +flag in the
> +.BR signal (7)
> +man page.
> +.SH VERSIONS
> +.BR getrandom ()
> +was introduced in version 3.17 of the Linux kernel.
> +.SH CONFORMING TO
> +This system call is Linux-specific.
> +.SH NOTES
> +.SS Interrupt handling

s/Interrupt handling/Interruption by a signal handler/

> +The reaction of
> +.BR getrandom ()
> +in case of an interruption of a blocking call by a signal
> +when reading from
> +.I /dev/urandom
> +.RB ( GRND_RANDOM
> +is not set)
> +depends on the initialization state of the entropy buffer
> +and on the request size
> +.IR buflen .
> +If the entropy is not yet intialized or the request size is large
> +.RI ( buflen
> +> 256),
> +.B EINTR
> +will be returned.
> +If the entropy pool has been intialized and the request size is small
> +.RI ( buflen
> +<= 256),
> +.BR getrandom ()
> +will not return
> +.BR EINTR .
> +Instead it will return all of the bytes that have been requested.

s/Instead/Instead,/

> +.PP
> +When reading from
> +.I /dev/random
> +.RB ( GRND_RANDOM
> +is set)
> +these guarantees do
> +.I not
> +apply.
> +.PP
> +Calling
> +.BR getrandom ()
> +to read
> +.I /dev/urandom
> +for small values of

s/small/small (<= 256)

> +.I buflen
> +is is the preferred mode of usage.

s/is is/is/

> +The described behavior was designed for compatibility with

It's not quite clear what "The described behavior" refers to.
Can you improve this?

> +OpenBSD's
> +.BR getentropy ()
> +system call.
> +.PP
> +The user of
> +.BR getrandom ()
> +.I must
> +always check the return value, in case it returns some error,

s/returns/indicates/

> +or if fewer bytes than requested were returned.
> +In the case of
> +.RB ! GRND_RANDOM
> +and small request, 

Change the preceding to

In the case where 
.B GRND_RANDOM
is not specified and
.I bufken
is less than or equal to 256,

> the latter should never happen, but the careful user-space

s/the latter should never happen/
  a return of fewer bytes than requested should never happen/

> +code should check for this anyway!
> +.SS Choice of random device
> +Unless you are doing long-term key generation (and perhaps not even
> +then), you probably shouldn't be using
> +.B GRND_RANDOM.
> +The cryptographic algorithms used for
> +.I /dev/urandom
> +are quite conservative, and so should be sufficient for all purposes.
> +The disadvantage of
> +.B GRND_RANDOM
> +is that it can block.
> +Furthermore dealing with partially fulfilled

s/Furthermore/Furthermore,/

> +.IR getrandom ()

s/IR/BR/

> +requests increases code complexity.
> +.SS Emulating OpenBSD's getentropy()
> +The
> +.BR getentropy ()
> +system call in OpenBSD can be emulated using the following
> +function:
> +
> +.in +4n
> +.nf
> +int
> +getentropy(void *buf, size_t buflen)
> +{
> +    int ret;
> +
> +    if (buflen > 256)
> +        goto failure;
> +    ret = getrandom(buf, buflen, 0);
> +    if (ret < 0)
> +        return ret;
> +    if (ret == buflen)
> +        return 0;
> +failure:
> +    errno = EIO;
> +    return -1;
> +}
> +.fi
> +.in
> +.SH SEE ALSO
> +.BR random (4),
> +.BR urandom (4)
> 

Could you make you next submission a two-patch series, with the 
second patch adding SEE ALSO entries in random(3) and random(4).

Thanks,

Michael

-- 
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 0/3] getrandom.2: new manpage

[Heinrich Schuchardt]

Hello Michael,

I corrected my patch as requested plus some other typos.

Best regards

Heinrich

On 30.09.2014 11:22, Michael Kerrisk (man-pages) wrote

::: +getrandom \- fill buffer with random bytes
: 
: Maybe better:
: s/fill buffer with/obtain a series of/
done

:: +Therefore it should not be used for Monte Carlo simulations or other
: 
: s/it/.BR getrandom ()/
done

:: +.I /dev/random
:: +pool is limited based on the entropy that can be obtained from environmental
:: +noise, so if there is insufficient entropy, the requested number of bytes may
:: +not be returned.
: 
: And at this point I ask myself: so, what is returned? Is it a short "read".
: If so, then say something like: "the call may return fewer bytes than
: requested". And what happens if no entropy is available?
rewritten

:: +This may not be all the bytes requested by the caller via
: 
: s/This may not be all the/This may be less than the number of/
done

:: +.SS Interrupt handling
: 
: s/Interrupt handling/Interruption by a signal handler/
done

:: +Instead it will return all of the bytes that have been requested.
: 
: s/Instead/Instead,/
done

:: +for small values of
: 
: s/small/small (<= 256)
done

:: +The described behavior was designed for compatibility with
: 
: It's not quite clear what "The described behavior" refers to.
: Can you improve this?
rewritten

:: +always check the return value, in case it returns some error,
: 
: s/returns/indicates/
done

: 
:: +or if fewer bytes than requested were returned.
:: +In the case of
:: +.RB ! GRND_RANDOM
:: +and small request,
: 
: Change the preceding to
: 
: In the case where
: .B GRND_RANDOM
: is not specified and
: .I bufken
: is less than or equal to 256,
done

: 
:: the latter should never happen, but the careful user-space
: 
: s/the latter should never happen/
:    a return of fewer bytes than requested should never happen/
done

:: +.IR getrandom ()
: 
: s/IR/BR/
done
: 
: Could you make you next submission a two-patch series, with the
: second patch adding SEE ALSO entries in random(3) and random(4).
see next mails


Heinrich Schuchardt (3):
  getrandom.2: new manpage
  random.3: SEE ALSO getrandom.2
  random.4: SEE ALSO getrandom.2

 man2/getrandom.2 | 242 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 man3/random.3    |   1 +
 man4/random.4    |   1 +
 3 files changed, 244 insertions(+)
 create mode 100644 man2/getrandom.2

-- 
2.1.0

--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 1/3] getrandom.2: new manpage

[Heinrich Schuchardt]

Kernel 3.17 introduces a new system call getrandom(2).

The man page in this patch is based on the commit message by
Theodore Ts'o <tytso-3s7WtUTddSA@public.gmane.org> and suggestion by
Michael Kerrisk <mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>.

Signed-off-by: Heinrich Schuchardt <xypron.glpk-Mmb7MZpHnFY@public.gmane.org>
---
 man2/getrandom.2 | 242 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 242 insertions(+)
 create mode 100644 man2/getrandom.2

diff --git a/man2/getrandom.2 b/man2/getrandom.2
new file mode 100644
index 0000000..f6a8a1b
--- /dev/null
+++ b/man2/getrandom.2
@@ -0,0 +1,242 @@
+.\" Copyright (C) 2014, Theodore Ts'o <tytso-3s7WtUTddSA@public.gmane.org>
+.\" Copyright (C) 2014, Heinrich Schuchardt <xypron.glpk-Mmb7MZpHnFY@public.gmane.org>
+.\"
+.\" %%%LICENSE_START(VERBATIM)
+.\" Permission is granted to make and distribute verbatim copies of this
+.\" manual provided the copyright notice and this permission notice are
+.\" preserved on all copies.
+.\"
+.\" Permission is granted to copy and distribute modified versions of
+.\" this manual under the conditions for verbatim copying, provided that
+.\" the entire resulting derived work is distributed under the terms of
+.\" a permission notice identical to this one.
+.\"
+.\" Since the Linux kernel and libraries are constantly changing, this
+.\" manual page may be incorrect or out-of-date.  The author(s) assume.
+.\" no responsibility for errors or omissions, or for damages resulting.
+.\" from the use of the information contained herein.  The author(s) may.
+.\" not have taken the same level of care in the production of this.
+.\" manual, which is licensed free of charge, as they might when working.
+.\" professionally.
+.\"
+.\" Formatted or processed versions of this manual, if unaccompanied by
+.\" the source, must acknowledge the copyright and authors of this work.
+.\" %%%LICENSE_END
+
+.TH GETRANDOM 2 2014-10-03 "Linux" "Linux Programmer's Manual"
+.SH NAME
+getrandom \- obtain a series of random bytes
+.SH SYNOPSIS
+.B #include <linux/random.h>
+.sp
+.BI "int getrandom(void *"buf ", size_t " buflen ", unsigned int " flags );
+.SH DESCRIPTION
+The system call
+.BR getrandom ()
+fills the buffer pointed to by
+.I buf
+with up to
+.I buflen
+random bytes.
+These can be used to seed user-space random number generators
+or for other cryptographic purposes.
+.PP
+.BR getrandom ()
+relies on entropy gathered from device drivers and other sources of
+environmental noise.
+Unnecessarily reading large quantities of data will have a negative impact
+on other users of the
+.I /dev/random
+and the
+.I /dev/urandom
+devices.
+Therefore
+.BR getrandom ()
+should not be used for Monte Carlo simulations or other
+programs/algorithms which are doing probabilistic sampling.
+.PP
+The
+.I flags
+argument is a bit mask that can contain zero or more of the following values
+ORed together:
+.TP
+.B GRND_RANDOM
+If this bit is set, then random bytes are drawn from the
+.I /dev/random
+pool instead of the
+.I /dev/urandom
+pool.
+The
+.I /dev/random
+pool is limited based on the entropy that can be obtained from environmental
+noise. 
+If less random bytes are available than are requested in argument
+.IR buflen ,
+the available random bytes will be copied and the call returns.
+If no random byte is available, the response will depend on the
+presence of
+.B GRND_NONBLOCK
+in the
+.I flags
+argument.
+.TP
+.B GRND_NONBLOCK
+If this bit is set and there is no random byte available at all,
+.BR getrandom ()
+will return -1 with
+.I errno
+set to
+.BR EAGAIN .
+If the
+.B GRND_NONBLOCK
+bit is not set and there is no random byte available at all,
+.BR getrandom ()
+will block.
+.SH RETURN VALUE
+On success,
+.BR getrandom ()
+returns the number of bytes that were copied to the buffer
+.IR buf .
+This may be less than the bytes requested by the caller via
+.I buflen
+if insufficient entropy was present in the
+.IR /dev/random
+pool, or if the system call was interrupted by a signal.
+.PP
+On error, -1 is returned, and
+.I errno
+is set appropriately.
+.SH ERRORS
+.TP
+.B EINVAL
+An invalid flag was passed to
+.BR getrandom ().
+.TP
+.B EFAULT
+The address referenced in parameter
+.I buf
+is outside the accessible address space.
+.TP
+.B EAGAIN
+The requested entropy was not available, and
+.BR getrandom ()
+would have blocked if the
+.B GRND_NONBLOCK
+flag was not set.
+.TP
+.B EINTR
+While blocked waiting for entropy, the call was interrupted by a signal
+handler; see the description of how interrupted
+.BR read (2)
+calls on "slow" devices are handled with and without the
+.B SA_RESTART
+flag in the
+.BR signal (7)
+man page.
+.SH VERSIONS
+.BR getrandom ()
+was introduced in version 3.17 of the Linux kernel.
+.SH CONFORMING TO
+This system call is Linux-specific.
+.SH NOTES
+.SS Interruption by a signal handler
+The reaction of
+.BR getrandom ()
+in case of an interruption of a blocking call by a signal
+when reading from
+.I /dev/urandom
+.RB ( GRND_RANDOM
+is not set)
+depends on the initialization state of the entropy buffer
+and on the request size
+.IR buflen .
+If the entropy is not yet initialized or the request size is large
+.RI ( buflen
+> 256),
+.B EINTR
+will be returned.
+If the entropy pool has been intialized and the request size is small
+.RI ( buflen
+<= 256),
+.BR getrandom ()
+will not return
+.BR EINTR .
+Instead, it will return all of the bytes that have been requested.
+.PP
+When reading from
+.I /dev/random
+.RB ( GRND_RANDOM
+is set)
+these guarantees do
+.I not
+apply.
+.PP
+Calling
+.BR getrandom ()
+to read
+.I /dev/urandom
+for small values (<= 256) of
+.I buflen
+is the preferred mode of usage.
+.PP
+The special treatment of small values of
+.I buflen
+was designed for compatibility with
+OpenBSD's
+.BR getentropy ()
+system call.
+.PP
+The user of
+.BR getrandom ()
+.I must
+always check the return value, in case it indicates some error,
+or if fewer bytes than requested were returned.
+In the case where
+.B GRND_RANDOM
+is not specified and
+.I buflen
+is less than or equal to 256,
+a return of fewer bytes than requested should never happen,
+but the careful user-space code should check for this anyway!
+.SS Choice of random device
+Unless you are doing long-term key generation (and perhaps not even
+then), you probably shouldn't be using
+.B GRND_RANDOM.
+The cryptographic algorithms used for
+.I /dev/urandom
+are quite conservative, and so should be sufficient for all purposes.
+The disadvantage of
+.B GRND_RANDOM
+is that it can block.
+Furthermore, dealing with partially fulfilled
+.BR getrandom ()
+requests increases code complexity.
+.SS Emulating OpenBSD's getentropy()
+The
+.BR getentropy ()
+system call in OpenBSD can be emulated using the following
+function:
+
+.in +4n
+.nf
+int
+getentropy(void *buf, size_t buflen)
+{
+    int ret;
+
+    if (buflen > 256)
+        goto failure;
+    ret = getrandom(buf, buflen, 0);
+    if (ret < 0)
+        return ret;
+    if (ret == buflen)
+        return 0;
+failure:
+    errno = EIO;
+    return -1;
+}
+.fi
+.in
+.SH SEE ALSO
+.BR random (4),
+.BR urandom (4)
-- 
2.1.0

--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 2/3] random.3: SEE ALSO getrandom.2

[Heinrich Schuchardt]

Signed-off-by: Heinrich Schuchardt <xypron.glpk-Mmb7MZpHnFY@public.gmane.org>
---
 man3/random.3 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/man3/random.3 b/man3/random.3
index dc6fa9f..9789cb6 100644
--- a/man3/random.3
+++ b/man3/random.3
@@ -196,6 +196,7 @@ is (as specified) set on error, but the function does not return NULL.
 .\" http://sourceware.org/bugzilla/show_bug.cgi?id=15380
 .SH SEE ALSO
 .BR drand48 (3),
+.BR getrandom (2),
 .BR rand (3),
 .BR random_r (3),
 .BR srand (3)
-- 
2.1.0

--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 3/3] random.4: SEE ALSO getrandom.2

[Heinrich Schuchardt]

Signed-off-by: Heinrich Schuchardt <xypron.glpk-Mmb7MZpHnFY@public.gmane.org>
---
 man4/random.4 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/man4/random.4 b/man4/random.4
index a193ddf..9ec0341 100644
--- a/man4/random.4
+++ b/man4/random.4
@@ -280,6 +280,7 @@ wall clock) to the pools.
 .\" The kernel's random number generator was written by
 .\" Theodore Ts'o (tytso-f/2Lh7Kzk888qNwGfFDJ/Q@public.gmane.org).
 .SH SEE ALSO
+.BR getrandom (2),
 .BR mknod (1)
 .br
 RFC\ 1750, "Randomness Recommendations for Security"
-- 
2.1.0

--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 1/3] getrandom.2: new manpage

[Michael Kerrisk (man-pages)]

Hi Ted,

Could you please check this page over and offer fixes or an Ack?

Thanks,

Michael



On Fri, Oct 3, 2014 at 2:15 AM, Heinrich Schuchardt <xypron.glpk-Mmb7MZpHnFY@public.gmane.org> wrote:
> Kernel 3.17 introduces a new system call getrandom(2).
>
> The man page in this patch is based on the commit message by
> Theodore Ts'o <tytso-3s7WtUTddSA@public.gmane.org> and suggestion by
> Michael Kerrisk <mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>.
>
> Signed-off-by: Heinrich Schuchardt <xypron.glpk-Mmb7MZpHnFY@public.gmane.org>
> ---
>  man2/getrandom.2 | 242 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 242 insertions(+)
>  create mode 100644 man2/getrandom.2
>
> diff --git a/man2/getrandom.2 b/man2/getrandom.2
> new file mode 100644
> index 0000000..f6a8a1b
> --- /dev/null
> +++ b/man2/getrandom.2
> @@ -0,0 +1,242 @@
> +.\" Copyright (C) 2014, Theodore Ts'o <tytso-3s7WtUTddSA@public.gmane.org>
> +.\" Copyright (C) 2014, Heinrich Schuchardt <xypron.glpk-Mmb7MZpHnFY@public.gmane.org>
> +.\"
> +.\" %%%LICENSE_START(VERBATIM)
> +.\" Permission is granted to make and distribute verbatim copies of this
> +.\" manual provided the copyright notice and this permission notice are
> +.\" preserved on all copies.
> +.\"
> +.\" Permission is granted to copy and distribute modified versions of
> +.\" this manual under the conditions for verbatim copying, provided that
> +.\" the entire resulting derived work is distributed under the terms of
> +.\" a permission notice identical to this one.
> +.\"
> +.\" Since the Linux kernel and libraries are constantly changing, this
> +.\" manual page may be incorrect or out-of-date.  The author(s) assume.
> +.\" no responsibility for errors or omissions, or for damages resulting.
> +.\" from the use of the information contained herein.  The author(s) may.
> +.\" not have taken the same level of care in the production of this.
> +.\" manual, which is licensed free of charge, as they might when working.
> +.\" professionally.
> +.\"
> +.\" Formatted or processed versions of this manual, if unaccompanied by
> +.\" the source, must acknowledge the copyright and authors of this work.
> +.\" %%%LICENSE_END
> +
> +.TH GETRANDOM 2 2014-10-03 "Linux" "Linux Programmer's Manual"
> +.SH NAME
> +getrandom \- obtain a series of random bytes
> +.SH SYNOPSIS
> +.B #include <linux/random.h>
> +.sp
> +.BI "int getrandom(void *"buf ", size_t " buflen ", unsigned int " flags );
> +.SH DESCRIPTION
> +The system call
> +.BR getrandom ()
> +fills the buffer pointed to by
> +.I buf
> +with up to
> +.I buflen
> +random bytes.
> +These can be used to seed user-space random number generators
> +or for other cryptographic purposes.
> +.PP
> +.BR getrandom ()
> +relies on entropy gathered from device drivers and other sources of
> +environmental noise.
> +Unnecessarily reading large quantities of data will have a negative impact
> +on other users of the
> +.I /dev/random
> +and the
> +.I /dev/urandom
> +devices.
> +Therefore
> +.BR getrandom ()
> +should not be used for Monte Carlo simulations or other
> +programs/algorithms which are doing probabilistic sampling.
> +.PP
> +The
> +.I flags
> +argument is a bit mask that can contain zero or more of the following values
> +ORed together:
> +.TP
> +.B GRND_RANDOM
> +If this bit is set, then random bytes are drawn from the
> +.I /dev/random
> +pool instead of the
> +.I /dev/urandom
> +pool.
> +The
> +.I /dev/random
> +pool is limited based on the entropy that can be obtained from environmental
> +noise.
> +If less random bytes are available than are requested in argument
> +.IR buflen ,
> +the available random bytes will be copied and the call returns.
> +If no random byte is available, the response will depend on the
> +presence of
> +.B GRND_NONBLOCK
> +in the
> +.I flags
> +argument.
> +.TP
> +.B GRND_NONBLOCK
> +If this bit is set and there is no random byte available at all,
> +.BR getrandom ()
> +will return -1 with
> +.I errno
> +set to
> +.BR EAGAIN .
> +If the
> +.B GRND_NONBLOCK
> +bit is not set and there is no random byte available at all,
> +.BR getrandom ()
> +will block.
> +.SH RETURN VALUE
> +On success,
> +.BR getrandom ()
> +returns the number of bytes that were copied to the buffer
> +.IR buf .
> +This may be less than the bytes requested by the caller via
> +.I buflen
> +if insufficient entropy was present in the
> +.IR /dev/random
> +pool, or if the system call was interrupted by a signal.
> +.PP
> +On error, -1 is returned, and
> +.I errno
> +is set appropriately.
> +.SH ERRORS
> +.TP
> +.B EINVAL
> +An invalid flag was passed to
> +.BR getrandom ().
> +.TP
> +.B EFAULT
> +The address referenced in parameter
> +.I buf
> +is outside the accessible address space.
> +.TP
> +.B EAGAIN
> +The requested entropy was not available, and
> +.BR getrandom ()
> +would have blocked if the
> +.B GRND_NONBLOCK
> +flag was not set.
> +.TP
> +.B EINTR
> +While blocked waiting for entropy, the call was interrupted by a signal
> +handler; see the description of how interrupted
> +.BR read (2)
> +calls on "slow" devices are handled with and without the
> +.B SA_RESTART
> +flag in the
> +.BR signal (7)
> +man page.
> +.SH VERSIONS
> +.BR getrandom ()
> +was introduced in version 3.17 of the Linux kernel.
> +.SH CONFORMING TO
> +This system call is Linux-specific.
> +.SH NOTES
> +.SS Interruption by a signal handler
> +The reaction of
> +.BR getrandom ()
> +in case of an interruption of a blocking call by a signal
> +when reading from
> +.I /dev/urandom
> +.RB ( GRND_RANDOM
> +is not set)
> +depends on the initialization state of the entropy buffer
> +and on the request size
> +.IR buflen .
> +If the entropy is not yet initialized or the request size is large
> +.RI ( buflen
> +> 256),
> +.B EINTR
> +will be returned.
> +If the entropy pool has been intialized and the request size is small
> +.RI ( buflen
> +<= 256),
> +.BR getrandom ()
> +will not return
> +.BR EINTR .
> +Instead, it will return all of the bytes that have been requested.
> +.PP
> +When reading from
> +.I /dev/random
> +.RB ( GRND_RANDOM
> +is set)
> +these guarantees do
> +.I not
> +apply.
> +.PP
> +Calling
> +.BR getrandom ()
> +to read
> +.I /dev/urandom
> +for small values (<= 256) of
> +.I buflen
> +is the preferred mode of usage.
> +.PP
> +The special treatment of small values of
> +.I buflen
> +was designed for compatibility with
> +OpenBSD's
> +.BR getentropy ()
> +system call.
> +.PP
> +The user of
> +.BR getrandom ()
> +.I must
> +always check the return value, in case it indicates some error,
> +or if fewer bytes than requested were returned.
> +In the case where
> +.B GRND_RANDOM
> +is not specified and
> +.I buflen
> +is less than or equal to 256,
> +a return of fewer bytes than requested should never happen,
> +but the careful user-space code should check for this anyway!
> +.SS Choice of random device
> +Unless you are doing long-term key generation (and perhaps not even
> +then), you probably shouldn't be using
> +.B GRND_RANDOM.
> +The cryptographic algorithms used for
> +.I /dev/urandom
> +are quite conservative, and so should be sufficient for all purposes.
> +The disadvantage of
> +.B GRND_RANDOM
> +is that it can block.
> +Furthermore, dealing with partially fulfilled
> +.BR getrandom ()
> +requests increases code complexity.
> +.SS Emulating OpenBSD's getentropy()
> +The
> +.BR getentropy ()
> +system call in OpenBSD can be emulated using the following
> +function:
> +
> +.in +4n
> +.nf
> +int
> +getentropy(void *buf, size_t buflen)
> +{
> +    int ret;
> +
> +    if (buflen > 256)
> +        goto failure;
> +    ret = getrandom(buf, buflen, 0);
> +    if (ret < 0)
> +        return ret;
> +    if (ret == buflen)
> +        return 0;
> +failure:
> +    errno = EIO;
> +    return -1;
> +}
> +.fi
> +.in
> +.SH SEE ALSO
> +.BR random (4),
> +.BR urandom (4)
> --
> 2.1.0
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-man" in
> the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html



-- 
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 1/3] getrandom.2: new manpage

[Michael Kerrisk (man-pages)]

Ping^2, Ted!

I'm still hoping for your sign-off on this man-pages patch.

Also adding LKML in CC, in case anyone else wants to comment.

Cheers,

Michael


On Fri, Oct 3, 2014 at 2:15 AM, Heinrich Schuchardt <xypron.glpk@gmx.de> wrote:
> Kernel 3.17 introduces a new system call getrandom(2).
>
> The man page in this patch is based on the commit message by
> Theodore Ts'o <tytso@mit.edu> and suggestion by
> Michael Kerrisk <mtk.manpages@gmail.com>.
>
> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
> ---
>  man2/getrandom.2 | 242 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 242 insertions(+)
>  create mode 100644 man2/getrandom.2
>
> diff --git a/man2/getrandom.2 b/man2/getrandom.2
> new file mode 100644
> index 0000000..f6a8a1b
> --- /dev/null
> +++ b/man2/getrandom.2
> @@ -0,0 +1,242 @@
> +.\" Copyright (C) 2014, Theodore Ts'o <tytso@mit.edu>
> +.\" Copyright (C) 2014, Heinrich Schuchardt <xypron.glpk@gmx.de>
> +.\"
> +.\" %%%LICENSE_START(VERBATIM)
> +.\" Permission is granted to make and distribute verbatim copies of this
> +.\" manual provided the copyright notice and this permission notice are
> +.\" preserved on all copies.
> +.\"
> +.\" Permission is granted to copy and distribute modified versions of
> +.\" this manual under the conditions for verbatim copying, provided that
> +.\" the entire resulting derived work is distributed under the terms of
> +.\" a permission notice identical to this one.
> +.\"
> +.\" Since the Linux kernel and libraries are constantly changing, this
> +.\" manual page may be incorrect or out-of-date.  The author(s) assume.
> +.\" no responsibility for errors or omissions, or for damages resulting.
> +.\" from the use of the information contained herein.  The author(s) may.
> +.\" not have taken the same level of care in the production of this.
> +.\" manual, which is licensed free of charge, as they might when working.
> +.\" professionally.
> +.\"
> +.\" Formatted or processed versions of this manual, if unaccompanied by
> +.\" the source, must acknowledge the copyright and authors of this work.
> +.\" %%%LICENSE_END
> +
> +.TH GETRANDOM 2 2014-10-03 "Linux" "Linux Programmer's Manual"
> +.SH NAME
> +getrandom \- obtain a series of random bytes
> +.SH SYNOPSIS
> +.B #include <linux/random.h>
> +.sp
> +.BI "int getrandom(void *"buf ", size_t " buflen ", unsigned int " flags );
> +.SH DESCRIPTION
> +The system call
> +.BR getrandom ()
> +fills the buffer pointed to by
> +.I buf
> +with up to
> +.I buflen
> +random bytes.
> +These can be used to seed user-space random number generators
> +or for other cryptographic purposes.
> +.PP
> +.BR getrandom ()
> +relies on entropy gathered from device drivers and other sources of
> +environmental noise.
> +Unnecessarily reading large quantities of data will have a negative impact
> +on other users of the
> +.I /dev/random
> +and the
> +.I /dev/urandom
> +devices.
> +Therefore
> +.BR getrandom ()
> +should not be used for Monte Carlo simulations or other
> +programs/algorithms which are doing probabilistic sampling.
> +.PP
> +The
> +.I flags
> +argument is a bit mask that can contain zero or more of the following values
> +ORed together:
> +.TP
> +.B GRND_RANDOM
> +If this bit is set, then random bytes are drawn from the
> +.I /dev/random
> +pool instead of the
> +.I /dev/urandom
> +pool.
> +The
> +.I /dev/random
> +pool is limited based on the entropy that can be obtained from environmental
> +noise.
> +If less random bytes are available than are requested in argument
> +.IR buflen ,
> +the available random bytes will be copied and the call returns.
> +If no random byte is available, the response will depend on the
> +presence of
> +.B GRND_NONBLOCK
> +in the
> +.I flags
> +argument.
> +.TP
> +.B GRND_NONBLOCK
> +If this bit is set and there is no random byte available at all,
> +.BR getrandom ()
> +will return -1 with
> +.I errno
> +set to
> +.BR EAGAIN .
> +If the
> +.B GRND_NONBLOCK
> +bit is not set and there is no random byte available at all,
> +.BR getrandom ()
> +will block.
> +.SH RETURN VALUE
> +On success,
> +.BR getrandom ()
> +returns the number of bytes that were copied to the buffer
> +.IR buf .
> +This may be less than the bytes requested by the caller via
> +.I buflen
> +if insufficient entropy was present in the
> +.IR /dev/random
> +pool, or if the system call was interrupted by a signal.
> +.PP
> +On error, -1 is returned, and
> +.I errno
> +is set appropriately.
> +.SH ERRORS
> +.TP
> +.B EINVAL
> +An invalid flag was passed to
> +.BR getrandom ().
> +.TP
> +.B EFAULT
> +The address referenced in parameter
> +.I buf
> +is outside the accessible address space.
> +.TP
> +.B EAGAIN
> +The requested entropy was not available, and
> +.BR getrandom ()
> +would have blocked if the
> +.B GRND_NONBLOCK
> +flag was not set.
> +.TP
> +.B EINTR
> +While blocked waiting for entropy, the call was interrupted by a signal
> +handler; see the description of how interrupted
> +.BR read (2)
> +calls on "slow" devices are handled with and without the
> +.B SA_RESTART
> +flag in the
> +.BR signal (7)
> +man page.
> +.SH VERSIONS
> +.BR getrandom ()
> +was introduced in version 3.17 of the Linux kernel.
> +.SH CONFORMING TO
> +This system call is Linux-specific.
> +.SH NOTES
> +.SS Interruption by a signal handler
> +The reaction of
> +.BR getrandom ()
> +in case of an interruption of a blocking call by a signal
> +when reading from
> +.I /dev/urandom
> +.RB ( GRND_RANDOM
> +is not set)
> +depends on the initialization state of the entropy buffer
> +and on the request size
> +.IR buflen .
> +If the entropy is not yet initialized or the request size is large
> +.RI ( buflen
> +> 256),
> +.B EINTR
> +will be returned.
> +If the entropy pool has been intialized and the request size is small
> +.RI ( buflen
> +<= 256),
> +.BR getrandom ()
> +will not return
> +.BR EINTR .
> +Instead, it will return all of the bytes that have been requested.
> +.PP
> +When reading from
> +.I /dev/random
> +.RB ( GRND_RANDOM
> +is set)
> +these guarantees do
> +.I not
> +apply.
> +.PP
> +Calling
> +.BR getrandom ()
> +to read
> +.I /dev/urandom
> +for small values (<= 256) of
> +.I buflen
> +is the preferred mode of usage.
> +.PP
> +The special treatment of small values of
> +.I buflen
> +was designed for compatibility with
> +OpenBSD's
> +.BR getentropy ()
> +system call.
> +.PP
> +The user of
> +.BR getrandom ()
> +.I must
> +always check the return value, in case it indicates some error,
> +or if fewer bytes than requested were returned.
> +In the case where
> +.B GRND_RANDOM
> +is not specified and
> +.I buflen
> +is less than or equal to 256,
> +a return of fewer bytes than requested should never happen,
> +but the careful user-space code should check for this anyway!
> +.SS Choice of random device
> +Unless you are doing long-term key generation (and perhaps not even
> +then), you probably shouldn't be using
> +.B GRND_RANDOM.
> +The cryptographic algorithms used for
> +.I /dev/urandom
> +are quite conservative, and so should be sufficient for all purposes.
> +The disadvantage of
> +.B GRND_RANDOM
> +is that it can block.
> +Furthermore, dealing with partially fulfilled
> +.BR getrandom ()
> +requests increases code complexity.
> +.SS Emulating OpenBSD's getentropy()
> +The
> +.BR getentropy ()
> +system call in OpenBSD can be emulated using the following
> +function:
> +
> +.in +4n
> +.nf
> +int
> +getentropy(void *buf, size_t buflen)
> +{
> +    int ret;
> +
> +    if (buflen > 256)
> +        goto failure;
> +    ret = getrandom(buf, buflen, 0);
> +    if (ret < 0)
> +        return ret;
> +    if (ret == buflen)
> +        return 0;
> +failure:
> +    errno = EIO;
> +    return -1;
> +}
> +.fi
> +.in
> +.SH SEE ALSO
> +.BR random (4),
> +.BR urandom (4)
> --
> 2.1.0
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-man" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html



-- 
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/

Re: [PATCH 1/3] getrandom.2: new manpage

[Michael Kerrisk (man-pages)]

Ping^2, Ted!

I'm still hoping for your sign-off on this man-pages patch.

Also adding LKML in CC, in case anyone else wants to comment.

Cheers,

Michael


On Fri, Oct 3, 2014 at 2:15 AM, Heinrich Schuchardt <xypron.glpk-Mmb7MZpHnFY@public.gmane.org> wrote:
> Kernel 3.17 introduces a new system call getrandom(2).
>
> The man page in this patch is based on the commit message by
> Theodore Ts'o <tytso-3s7WtUTddSA@public.gmane.org> and suggestion by
> Michael Kerrisk <mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>.
>
> Signed-off-by: Heinrich Schuchardt <xypron.glpk-Mmb7MZpHnFY@public.gmane.org>
> ---
>  man2/getrandom.2 | 242 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 242 insertions(+)
>  create mode 100644 man2/getrandom.2
>
> diff --git a/man2/getrandom.2 b/man2/getrandom.2
> new file mode 100644
> index 0000000..f6a8a1b
> --- /dev/null
> +++ b/man2/getrandom.2
> @@ -0,0 +1,242 @@
> +.\" Copyright (C) 2014, Theodore Ts'o <tytso-3s7WtUTddSA@public.gmane.org>
> +.\" Copyright (C) 2014, Heinrich Schuchardt <xypron.glpk-Mmb7MZpHnFY@public.gmane.org>
> +.\"
> +.\" %%%LICENSE_START(VERBATIM)
> +.\" Permission is granted to make and distribute verbatim copies of this
> +.\" manual provided the copyright notice and this permission notice are
> +.\" preserved on all copies.
> +.\"
> +.\" Permission is granted to copy and distribute modified versions of
> +.\" this manual under the conditions for verbatim copying, provided that
> +.\" the entire resulting derived work is distributed under the terms of
> +.\" a permission notice identical to this one.
> +.\"
> +.\" Since the Linux kernel and libraries are constantly changing, this
> +.\" manual page may be incorrect or out-of-date.  The author(s) assume.
> +.\" no responsibility for errors or omissions, or for damages resulting.
> +.\" from the use of the information contained herein.  The author(s) may.
> +.\" not have taken the same level of care in the production of this.
> +.\" manual, which is licensed free of charge, as they might when working.
> +.\" professionally.
> +.\"
> +.\" Formatted or processed versions of this manual, if unaccompanied by
> +.\" the source, must acknowledge the copyright and authors of this work.
> +.\" %%%LICENSE_END
> +
> +.TH GETRANDOM 2 2014-10-03 "Linux" "Linux Programmer's Manual"
> +.SH NAME
> +getrandom \- obtain a series of random bytes
> +.SH SYNOPSIS
> +.B #include <linux/random.h>
> +.sp
> +.BI "int getrandom(void *"buf ", size_t " buflen ", unsigned int " flags );
> +.SH DESCRIPTION
> +The system call
> +.BR getrandom ()
> +fills the buffer pointed to by
> +.I buf
> +with up to
> +.I buflen
> +random bytes.
> +These can be used to seed user-space random number generators
> +or for other cryptographic purposes.
> +.PP
> +.BR getrandom ()
> +relies on entropy gathered from device drivers and other sources of
> +environmental noise.
> +Unnecessarily reading large quantities of data will have a negative impact
> +on other users of the
> +.I /dev/random
> +and the
> +.I /dev/urandom
> +devices.
> +Therefore
> +.BR getrandom ()
> +should not be used for Monte Carlo simulations or other
> +programs/algorithms which are doing probabilistic sampling.
> +.PP
> +The
> +.I flags
> +argument is a bit mask that can contain zero or more of the following values
> +ORed together:
> +.TP
> +.B GRND_RANDOM
> +If this bit is set, then random bytes are drawn from the
> +.I /dev/random
> +pool instead of the
> +.I /dev/urandom
> +pool.
> +The
> +.I /dev/random
> +pool is limited based on the entropy that can be obtained from environmental
> +noise.
> +If less random bytes are available than are requested in argument
> +.IR buflen ,
> +the available random bytes will be copied and the call returns.
> +If no random byte is available, the response will depend on the
> +presence of
> +.B GRND_NONBLOCK
> +in the
> +.I flags
> +argument.
> +.TP
> +.B GRND_NONBLOCK
> +If this bit is set and there is no random byte available at all,
> +.BR getrandom ()
> +will return -1 with
> +.I errno
> +set to
> +.BR EAGAIN .
> +If the
> +.B GRND_NONBLOCK
> +bit is not set and there is no random byte available at all,
> +.BR getrandom ()
> +will block.
> +.SH RETURN VALUE
> +On success,
> +.BR getrandom ()
> +returns the number of bytes that were copied to the buffer
> +.IR buf .
> +This may be less than the bytes requested by the caller via
> +.I buflen
> +if insufficient entropy was present in the
> +.IR /dev/random
> +pool, or if the system call was interrupted by a signal.
> +.PP
> +On error, -1 is returned, and
> +.I errno
> +is set appropriately.
> +.SH ERRORS
> +.TP
> +.B EINVAL
> +An invalid flag was passed to
> +.BR getrandom ().
> +.TP
> +.B EFAULT
> +The address referenced in parameter
> +.I buf
> +is outside the accessible address space.
> +.TP
> +.B EAGAIN
> +The requested entropy was not available, and
> +.BR getrandom ()
> +would have blocked if the
> +.B GRND_NONBLOCK
> +flag was not set.
> +.TP
> +.B EINTR
> +While blocked waiting for entropy, the call was interrupted by a signal
> +handler; see the description of how interrupted
> +.BR read (2)
> +calls on "slow" devices are handled with and without the
> +.B SA_RESTART
> +flag in the
> +.BR signal (7)
> +man page.
> +.SH VERSIONS
> +.BR getrandom ()
> +was introduced in version 3.17 of the Linux kernel.
> +.SH CONFORMING TO
> +This system call is Linux-specific.
> +.SH NOTES
> +.SS Interruption by a signal handler
> +The reaction of
> +.BR getrandom ()
> +in case of an interruption of a blocking call by a signal
> +when reading from
> +.I /dev/urandom
> +.RB ( GRND_RANDOM
> +is not set)
> +depends on the initialization state of the entropy buffer
> +and on the request size
> +.IR buflen .
> +If the entropy is not yet initialized or the request size is large
> +.RI ( buflen
> +> 256),
> +.B EINTR
> +will be returned.
> +If the entropy pool has been intialized and the request size is small
> +.RI ( buflen
> +<= 256),
> +.BR getrandom ()
> +will not return
> +.BR EINTR .
> +Instead, it will return all of the bytes that have been requested.
> +.PP
> +When reading from
> +.I /dev/random
> +.RB ( GRND_RANDOM
> +is set)
> +these guarantees do
> +.I not
> +apply.
> +.PP
> +Calling
> +.BR getrandom ()
> +to read
> +.I /dev/urandom
> +for small values (<= 256) of
> +.I buflen
> +is the preferred mode of usage.
> +.PP
> +The special treatment of small values of
> +.I buflen
> +was designed for compatibility with
> +OpenBSD's
> +.BR getentropy ()
> +system call.
> +.PP
> +The user of
> +.BR getrandom ()
> +.I must
> +always check the return value, in case it indicates some error,
> +or if fewer bytes than requested were returned.
> +In the case where
> +.B GRND_RANDOM
> +is not specified and
> +.I buflen
> +is less than or equal to 256,
> +a return of fewer bytes than requested should never happen,
> +but the careful user-space code should check for this anyway!
> +.SS Choice of random device
> +Unless you are doing long-term key generation (and perhaps not even
> +then), you probably shouldn't be using
> +.B GRND_RANDOM.
> +The cryptographic algorithms used for
> +.I /dev/urandom
> +are quite conservative, and so should be sufficient for all purposes.
> +The disadvantage of
> +.B GRND_RANDOM
> +is that it can block.
> +Furthermore, dealing with partially fulfilled
> +.BR getrandom ()
> +requests increases code complexity.
> +.SS Emulating OpenBSD's getentropy()
> +The
> +.BR getentropy ()
> +system call in OpenBSD can be emulated using the following
> +function:
> +
> +.in +4n
> +.nf
> +int
> +getentropy(void *buf, size_t buflen)
> +{
> +    int ret;
> +
> +    if (buflen > 256)
> +        goto failure;
> +    ret = getrandom(buf, buflen, 0);
> +    if (ret < 0)
> +        return ret;
> +    if (ret == buflen)
> +        return 0;
> +failure:
> +    errno = EIO;
> +    return -1;
> +}
> +.fi
> +.in
> +.SH SEE ALSO
> +.BR random (4),
> +.BR urandom (4)
> --
> 2.1.0
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-man" in
> the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html



-- 
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 2/3] random.3: SEE ALSO getrandom.2

[Michael Kerrisk (man-pages)]

Applied in a local branch.

Thanks,

Michael


On 10/03/2014 02:15 AM, Heinrich Schuchardt wrote:
> Signed-off-by: Heinrich Schuchardt <xypron.glpk-Mmb7MZpHnFY@public.gmane.org>
> ---
>  man3/random.3 | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/man3/random.3 b/man3/random.3
> index dc6fa9f..9789cb6 100644
> --- a/man3/random.3
> +++ b/man3/random.3
> @@ -196,6 +196,7 @@ is (as specified) set on error, but the function does not return NULL.
>  .\" http://sourceware.org/bugzilla/show_bug.cgi?id=15380
>  .SH SEE ALSO
>  .BR drand48 (3),
> +.BR getrandom (2),
>  .BR rand (3),
>  .BR random_r (3),
>  .BR srand (3)




-- 
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 3/3] random.4: SEE ALSO getrandom.2

[Michael Kerrisk (man-pages)]

Applied in a local branch.

Cheers,

Michael

On 10/03/2014 02:15 AM, Heinrich Schuchardt wrote:
> Signed-off-by: Heinrich Schuchardt <xypron.glpk-Mmb7MZpHnFY@public.gmane.org>
> ---
>  man4/random.4 | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/man4/random.4 b/man4/random.4
> index a193ddf..9ec0341 100644
> --- a/man4/random.4
> +++ b/man4/random.4
> @@ -280,6 +280,7 @@ wall clock) to the pools.
>  .\" The kernel's random number generator was written by
>  .\" Theodore Ts'o (tytso-f/2Lh7Kzk888qNwGfFDJ/Q@public.gmane.org).
>  .SH SEE ALSO
> +.BR getrandom (2),
>  .BR mknod (1)
>  .br
>  RFC\ 1750, "Randomness Recommendations for Security"
> 


-- 
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 1/3] getrandom.2: new manpage

[Michael Kerrisk (man-pages)]

Heinrich,

On 10/03/2014 02:15 AM, Heinrich Schuchardt wrote:
> Kernel 3.17 introduces a new system call getrandom(2).
> 
> The man page in this patch is based on the commit message by
> Theodore Ts'o <tytso-3s7WtUTddSA@public.gmane.org> and suggestion by
> Michael Kerrisk <mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>.

Just to make sure this patch do slowly move toward release, 
I've applied it in a local branch, for release pending Ted's
input.

Cheers,

Michael

> Signed-off-by: Heinrich Schuchardt <xypron.glpk-Mmb7MZpHnFY@public.gmane.org>
> ---
>  man2/getrandom.2 | 242 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 242 insertions(+)
>  create mode 100644 man2/getrandom.2
> 
> diff --git a/man2/getrandom.2 b/man2/getrandom.2
> new file mode 100644
> index 0000000..f6a8a1b
> --- /dev/null
> +++ b/man2/getrandom.2
> @@ -0,0 +1,242 @@
> +.\" Copyright (C) 2014, Theodore Ts'o <tytso-3s7WtUTddSA@public.gmane.org>
> +.\" Copyright (C) 2014, Heinrich Schuchardt <xypron.glpk-Mmb7MZpHnFY@public.gmane.org>
> +.\"
> +.\" %%%LICENSE_START(VERBATIM)
> +.\" Permission is granted to make and distribute verbatim copies of this
> +.\" manual provided the copyright notice and this permission notice are
> +.\" preserved on all copies.
> +.\"
> +.\" Permission is granted to copy and distribute modified versions of
> +.\" this manual under the conditions for verbatim copying, provided that
> +.\" the entire resulting derived work is distributed under the terms of
> +.\" a permission notice identical to this one.
> +.\"
> +.\" Since the Linux kernel and libraries are constantly changing, this
> +.\" manual page may be incorrect or out-of-date.  The author(s) assume.
> +.\" no responsibility for errors or omissions, or for damages resulting.
> +.\" from the use of the information contained herein.  The author(s) may.
> +.\" not have taken the same level of care in the production of this.
> +.\" manual, which is licensed free of charge, as they might when working.
> +.\" professionally.
> +.\"
> +.\" Formatted or processed versions of this manual, if unaccompanied by
> +.\" the source, must acknowledge the copyright and authors of this work.
> +.\" %%%LICENSE_END
> +
> +.TH GETRANDOM 2 2014-10-03 "Linux" "Linux Programmer's Manual"
> +.SH NAME
> +getrandom \- obtain a series of random bytes
> +.SH SYNOPSIS
> +.B #include <linux/random.h>
> +.sp
> +.BI "int getrandom(void *"buf ", size_t " buflen ", unsigned int " flags );
> +.SH DESCRIPTION
> +The system call
> +.BR getrandom ()
> +fills the buffer pointed to by
> +.I buf
> +with up to
> +.I buflen
> +random bytes.
> +These can be used to seed user-space random number generators
> +or for other cryptographic purposes.
> +.PP
> +.BR getrandom ()
> +relies on entropy gathered from device drivers and other sources of
> +environmental noise.
> +Unnecessarily reading large quantities of data will have a negative impact
> +on other users of the
> +.I /dev/random
> +and the
> +.I /dev/urandom
> +devices.
> +Therefore
> +.BR getrandom ()
> +should not be used for Monte Carlo simulations or other
> +programs/algorithms which are doing probabilistic sampling.
> +.PP
> +The
> +.I flags
> +argument is a bit mask that can contain zero or more of the following values
> +ORed together:
> +.TP
> +.B GRND_RANDOM
> +If this bit is set, then random bytes are drawn from the
> +.I /dev/random
> +pool instead of the
> +.I /dev/urandom
> +pool.
> +The
> +.I /dev/random
> +pool is limited based on the entropy that can be obtained from environmental
> +noise. 
> +If less random bytes are available than are requested in argument
> +.IR buflen ,
> +the available random bytes will be copied and the call returns.
> +If no random byte is available, the response will depend on the
> +presence of
> +.B GRND_NONBLOCK
> +in the
> +.I flags
> +argument.
> +.TP
> +.B GRND_NONBLOCK
> +If this bit is set and there is no random byte available at all,
> +.BR getrandom ()
> +will return -1 with
> +.I errno
> +set to
> +.BR EAGAIN .
> +If the
> +.B GRND_NONBLOCK
> +bit is not set and there is no random byte available at all,
> +.BR getrandom ()
> +will block.
> +.SH RETURN VALUE
> +On success,
> +.BR getrandom ()
> +returns the number of bytes that were copied to the buffer
> +.IR buf .
> +This may be less than the bytes requested by the caller via
> +.I buflen
> +if insufficient entropy was present in the
> +.IR /dev/random
> +pool, or if the system call was interrupted by a signal.
> +.PP
> +On error, -1 is returned, and
> +.I errno
> +is set appropriately.
> +.SH ERRORS
> +.TP
> +.B EINVAL
> +An invalid flag was passed to
> +.BR getrandom ().
> +.TP
> +.B EFAULT
> +The address referenced in parameter
> +.I buf
> +is outside the accessible address space.
> +.TP
> +.B EAGAIN
> +The requested entropy was not available, and
> +.BR getrandom ()
> +would have blocked if the
> +.B GRND_NONBLOCK
> +flag was not set.
> +.TP
> +.B EINTR
> +While blocked waiting for entropy, the call was interrupted by a signal
> +handler; see the description of how interrupted
> +.BR read (2)
> +calls on "slow" devices are handled with and without the
> +.B SA_RESTART
> +flag in the
> +.BR signal (7)
> +man page.
> +.SH VERSIONS
> +.BR getrandom ()
> +was introduced in version 3.17 of the Linux kernel.
> +.SH CONFORMING TO
> +This system call is Linux-specific.
> +.SH NOTES
> +.SS Interruption by a signal handler
> +The reaction of
> +.BR getrandom ()
> +in case of an interruption of a blocking call by a signal
> +when reading from
> +.I /dev/urandom
> +.RB ( GRND_RANDOM
> +is not set)
> +depends on the initialization state of the entropy buffer
> +and on the request size
> +.IR buflen .
> +If the entropy is not yet initialized or the request size is large
> +.RI ( buflen
> +> 256),
> +.B EINTR
> +will be returned.
> +If the entropy pool has been intialized and the request size is small
> +.RI ( buflen
> +<= 256),
> +.BR getrandom ()
> +will not return
> +.BR EINTR .
> +Instead, it will return all of the bytes that have been requested.
> +.PP
> +When reading from
> +.I /dev/random
> +.RB ( GRND_RANDOM
> +is set)
> +these guarantees do
> +.I not
> +apply.
> +.PP
> +Calling
> +.BR getrandom ()
> +to read
> +.I /dev/urandom
> +for small values (<= 256) of
> +.I buflen
> +is the preferred mode of usage.
> +.PP
> +The special treatment of small values of
> +.I buflen
> +was designed for compatibility with
> +OpenBSD's
> +.BR getentropy ()
> +system call.
> +.PP
> +The user of
> +.BR getrandom ()
> +.I must
> +always check the return value, in case it indicates some error,
> +or if fewer bytes than requested were returned.
> +In the case where
> +.B GRND_RANDOM
> +is not specified and
> +.I buflen
> +is less than or equal to 256,
> +a return of fewer bytes than requested should never happen,
> +but the careful user-space code should check for this anyway!
> +.SS Choice of random device
> +Unless you are doing long-term key generation (and perhaps not even
> +then), you probably shouldn't be using
> +.B GRND_RANDOM.
> +The cryptographic algorithms used for
> +.I /dev/urandom
> +are quite conservative, and so should be sufficient for all purposes.
> +The disadvantage of
> +.B GRND_RANDOM
> +is that it can block.
> +Furthermore, dealing with partially fulfilled
> +.BR getrandom ()
> +requests increases code complexity.
> +.SS Emulating OpenBSD's getentropy()
> +The
> +.BR getentropy ()
> +system call in OpenBSD can be emulated using the following
> +function:
> +
> +.in +4n
> +.nf
> +int
> +getentropy(void *buf, size_t buflen)
> +{
> +    int ret;
> +
> +    if (buflen > 256)
> +        goto failure;
> +    ret = getrandom(buf, buflen, 0);
> +    if (ret < 0)
> +        return ret;
> +    if (ret == buflen)
> +        return 0;
> +failure:
> +    errno = EIO;
> +    return -1;
> +}
> +.fi
> +.in
> +.SH SEE ALSO
> +.BR random (4),
> +.BR urandom (4)
> 


-- 
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 1/3] getrandom.2: new manpage

[Michael Kerrisk (man-pages)]

Hi Heinrich,

On Fri, Oct 3, 2014 at 2:15 AM, Heinrich Schuchardt <xypron.glpk@gmx.de> wrote:
> Kernel 3.17 introduces a new system call getrandom(2).
>
> The man page in this patch is based on the commit message by
> Theodore Ts'o <tytso@mit.edu> and suggestion by
> Michael Kerrisk <mtk.manpages@gmail.com>.

No word from Ted so far...

I've added LKML to CC, because I think it's worth getting wider review
of the page at this point.

I've done some further editing on the page, and pushed the current
version in public branch:
http://git.kernel.org/cgit/docs/man-pages/man-pages.git/log/?h=draft_getrandom

Could you please review the current version, appended below. Note that
there are a couple of FIXMEs there. Also, could you pay special
attention to the changes in these commits, to make sure I have not
injected any errors:

pick 0ef180e getrandom.2: Add a sentence to clarify the default behavior...
pick 62342ef getrandom.2: Reword GRND_NONBLOCK description
pick 0c90d3d getrandom.2: Reword GRND_RANDOM description

Cheers,

Michael

.\" Copyright (C) 2014, Theodore Ts'o <tytso@mit.edu>
.\" Copyright (C) 2014, Heinrich Schuchardt <xypron.glpk@gmx.de>
.\"
.\" %%%LICENSE_START(VERBATIM)
.\" Permission is granted to make and distribute verbatim copies of this
.\" manual provided the copyright notice and this permission notice are
.\" preserved on all copies.
.\"
.\" Permission is granted to copy and distribute modified versions of
.\" this manual under the conditions for verbatim copying, provided that
.\" the entire resulting derived work is distributed under the terms of
.\" a permission notice identical to this one.
.\"
.\" Since the Linux kernel and libraries are constantly changing, this
.\" manual page may be incorrect or out-of-date.  The author(s) assume.
.\" no responsibility for errors or omissions, or for damages resulting.
.\" from the use of the information contained herein.  The author(s) may.
.\" not have taken the same level of care in the production of this.
.\" manual, which is licensed free of charge, as they might when working.
.\" professionally.
.\"
.\" Formatted or processed versions of this manual, if unaccompanied by
.\" the source, must acknowledge the copyright and authors of this work.
.\" %%%LICENSE_END

.TH GETRANDOM 2 2014-10-03 "Linux" "Linux Programmer's Manual"
.SH NAME
getrandom \- obtain a series of random bytes
.SH SYNOPSIS
.B #include <linux/random.h>
.sp
.BI "int getrandom(void *"buf ", size_t " buflen ", unsigned int " flags );
.SH DESCRIPTION
The system call
.BR getrandom ()
fills the buffer pointed to by
.I buf
with up to
.I buflen
random bytes.
These can be used to seed user-space random number generators
or for other cryptographic purposes.
.PP
.BR getrandom ()
relies on entropy gathered from device drivers and other sources of
environmental noise.
Unnecessarily reading large quantities of data will have a negative impact
on other users of the
.I /dev/random
and
.I /dev/urandom
devices.
Therefore
.BR getrandom ()
should not be used for Monte Carlo simulations or other
programs/algorithms which are doing probabilistic sampling.

.\" FIXME is the following paragraph correct?
By default,
.BR getrandom ()
draws entropy from the
.IR /dev/urandom
pool, and, if that pool has been initialized and
.IR buflen
is less than or equal to 256 (see NOTES, below),
then the call never blocks when drawing from that pool
and always returns the number of bytes requested in
.IR buflen .
This behavior can be changed via the
.I flags
argument.

The
.I flags
argument is a bit mask that can contain zero or more of the following values
ORed together:
.TP
.B GRND_RANDOM
If this bit is set, then random bytes are drawn from the
.I /dev/random
pool instead of the
.I /dev/urandom
pool.
The
.I /dev/random
pool is limited based on the entropy that can be obtained from environmental
noise.
If the number of available bytes in
.I /dev/random
is less than requested in
.IR buflen ,
the call returns just the available random bytes.
If no random byte is available, the response will depend on the
presence of
.B GRND_NONBLOCK
in the
.I flags
argument.
.TP
.B GRND_NONBLOCK
By default, if there is no random byte available at all,
.BR getrandom ()
blocks until data is available.
If the
.B GRND_NONBLOCK
flag is set, then
.BR getrandom ()
instead immediately returns -1 with
.I errno
set to
.BR EAGAIN .
.SH RETURN VALUE
On success,
.BR getrandom ()
returns the number of bytes that were copied to the buffer
.IR buf .
This may be less than the number of bytes requested via
.I buflen
if insufficient entropy was present in the
.IR /dev/random
pool, or if the system call was interrupted by a signal.
.PP
On error, -1 is returned, and
.I errno
is set appropriately.
.SH ERRORS
.TP
.B EINVAL
An invalid flag was specified in
.IR flags .
.TP
.B EFAULT
The address referred to by
.I buf
is outside the accessible address space.
.TP
.B EAGAIN
The requested entropy was not available, and
.BR getrandom ()
would have blocked if the
.B GRND_NONBLOCK
flag was not set.
.TP
.B EINTR
While blocked waiting for entropy, the call was interrupted by a signal
handler; see the description of how interrupted
.BR read (2)
calls on "slow" devices are handled with and without the
.B SA_RESTART
flag in the
.BR signal (7)
man page.
.SH VERSIONS
.BR getrandom ()
was introduced in version 3.17 of the Linux kernel.
.SH CONFORMING TO
This system call is Linux-specific.
.SH NOTES
.SS Interruption by a signal handler
.\" FIXME Here, I think there needs to be an opening paragraph that describes
.\" the cases where getrandom() can block. This should cover the cases with
.\" GRND_RANDOM and without GRND_RANDOM. Reading the existing page, I am
.\" still not completely confident that I know what the cases are.
The reaction of
.BR getrandom ()
in case of an interruption of a blocking call by a signal
when reading from
.I /dev/urandom
.RB ( GRND_RANDOM
is not set)
depends on the initialization state of the entropy buffer
and on the request size
.IR buflen .
If the entropy is not yet initialized or the request size is large
.RI ( buflen "\ >\ 256),"
.B EINTR
will be returned.
If the entropy pool has been initialized and the request size is small
.RI ( buflen "\ <=\ 256),"
.BR getrandom ()
will not return
.BR EINTR .
Instead, it will return all of the bytes that have been requested.
.PP
When reading from
.I /dev/random
.RB ( GRND_RANDOM
is set)
these guarantees do
.I not
apply.
.PP
Calling
.BR getrandom ()
to read
.I /dev/urandom
for small values (<=\ 256) of
.I buflen
is the preferred mode of usage.
.PP
The special treatment of small values of
.I buflen
was designed for compatibility with
OpenBSD's
.BR getentropy ()
system call.
.PP
The user of
.BR getrandom ()
.I must
always check the return value,
to determine whether either an error occurred
or fewer bytes than requested were returned.
In the case where
.B GRND_RANDOM
is not specified and
.I buflen
is less than or equal to 256,
a return of fewer bytes than requested should never happen,
but the careful user-space code should check for this anyway!
.SS Choice of random device
Unless you are doing long-term key generation (and perhaps not even
then), you probably shouldn't be using
.B GRND_RANDOM.
The cryptographic algorithms used for
.I /dev/urandom
are quite conservative, and so should be sufficient for all purposes.
The disadvantage of
.B GRND_RANDOM
is that it can block.
Furthermore, dealing with partially fulfilled
.BR getrandom ()
requests increases code complexity.
.SS Emulating OpenBSD's getentropy()
The
.BR getentropy ()
system call in OpenBSD can be emulated using the following
function:

.in +4n
.nf
int
getentropy(void *buf, size_t buflen)
{
    int ret;

    if (buflen > 256)
        goto failure;
    ret = getrandom(buf, buflen, 0);
    if (ret < 0)
        return ret;
    if (ret == buflen)
        return 0;
failure:
    errno = EIO;
    return -1;
}
.fi
.in
.SH SEE ALSO
.BR random (4),
.BR urandom (4)

[PATCH] getrandom.2: treatment of interrupts

[Heinrich Schuchardt]

|| pick 0ef180e getrandom.2: Add a sentence to clarify the default behavior...
|| pick 62342ef getrandom.2: Reword GRND_NONBLOCK description
|| pick 0c90d3d getrandom.2: Reword GRND_RANDOM description
These patches look ok.

|| FIXME is the following paragraph correct?
Paragraph is correct. FIXME removed.

The appended patch removed two FIXMEs.
The description of the treatment of interrupts is updated.

|| FIXME Here, I think there needs to be an opening paragraph ...
The description of the treatment of interupts has been reworked.
FIXME removed.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
---
 man2/getrandom.2 | 21 ++++++++-------------
 1 file changed, 8 insertions(+), 13 deletions(-)

diff --git a/man2/getrandom.2 b/man2/getrandom.2
index 59ebbe0..5bf57b7 100644
--- a/man2/getrandom.2
+++ b/man2/getrandom.2
@@ -55,7 +55,6 @@ Therefore
 should not be used for Monte Carlo simulations or other
 programs/algorithms which are doing probabilistic sampling.
 
-.\" FIXME is the following paragraph correct?
 By default,
 .BR getrandom ()
 draws entropy from the
@@ -157,10 +156,14 @@ was introduced in version 3.17 of the Linux kernel.
 This system call is Linux-specific.
 .SH NOTES
 .SS Interruption by a signal handler
-.\" FIXME Here, I think there needs to be an opening paragraph that describes
-.\" the cases where getrandom() can block. This should cover the cases with
-.\" GRND_RANDOM and without GRND_RANDOM. Reading the existing page, I am
-.\" still not completely confident that I know what the cases are.
+If a blocking call is interrupted by a signal
+when reading from
+.I /dev/random
+.RB ( GRND_RANDOM
+is set),
+.B EINTR
+will be returned.
+.PP
 The reaction of
 .BR getrandom ()
 in case of an interruption of a blocking call by a signal
@@ -182,14 +185,6 @@ will not return
 .BR EINTR .
 Instead, it will return all of the bytes that have been requested.
 .PP
-When reading from
-.I /dev/random
-.RB ( GRND_RANDOM
-is set)
-these guarantees do
-.I not
-apply.
-.PP
 Calling
 .BR getrandom ()
 to read
-- 
2.1.1

[PATCH] getrandom.2: treatment of interrupts

[Heinrich Schuchardt]

|| pick 0ef180e getrandom.2: Add a sentence to clarify the default behavior...
|| pick 62342ef getrandom.2: Reword GRND_NONBLOCK description
|| pick 0c90d3d getrandom.2: Reword GRND_RANDOM description
These patches look ok.

|| FIXME is the following paragraph correct?
Paragraph is correct. FIXME removed.

The appended patch removed two FIXMEs.
The description of the treatment of interrupts is updated.

|| FIXME Here, I think there needs to be an opening paragraph ...
The description of the treatment of interupts has been reworked.
FIXME removed.

Signed-off-by: Heinrich Schuchardt <xypron.glpk-Mmb7MZpHnFY@public.gmane.org>
---
 man2/getrandom.2 | 21 ++++++++-------------
 1 file changed, 8 insertions(+), 13 deletions(-)

diff --git a/man2/getrandom.2 b/man2/getrandom.2
index 59ebbe0..5bf57b7 100644
--- a/man2/getrandom.2
+++ b/man2/getrandom.2
@@ -55,7 +55,6 @@ Therefore
 should not be used for Monte Carlo simulations or other
 programs/algorithms which are doing probabilistic sampling.
 
-.\" FIXME is the following paragraph correct?
 By default,
 .BR getrandom ()
 draws entropy from the
@@ -157,10 +156,14 @@ was introduced in version 3.17 of the Linux kernel.
 This system call is Linux-specific.
 .SH NOTES
 .SS Interruption by a signal handler
-.\" FIXME Here, I think there needs to be an opening paragraph that describes
-.\" the cases where getrandom() can block. This should cover the cases with
-.\" GRND_RANDOM and without GRND_RANDOM. Reading the existing page, I am
-.\" still not completely confident that I know what the cases are.
+If a blocking call is interrupted by a signal
+when reading from
+.I /dev/random
+.RB ( GRND_RANDOM
+is set),
+.B EINTR
+will be returned.
+.PP
 The reaction of
 .BR getrandom ()
 in case of an interruption of a blocking call by a signal
@@ -182,14 +185,6 @@ will not return
 .BR EINTR .
 Instead, it will return all of the bytes that have been requested.
 .PP
-When reading from
-.I /dev/random
-.RB ( GRND_RANDOM
-is set)
-these guarantees do
-.I not
-apply.
-.PP
 Calling
 .BR getrandom ()
 to read
-- 
2.1.1

--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] getrandom.2: treatment of interrupts

[Michael Kerrisk (man-pages)]

Hi Heinrich,

On Tue, Nov 11, 2014 at 5:19 PM, Heinrich Schuchardt <xypron.glpk@gmx.de> wrote:
> || pick 0ef180e getrandom.2: Add a sentence to clarify the default behavior...
> || pick 62342ef getrandom.2: Reword GRND_NONBLOCK description
> || pick 0c90d3d getrandom.2: Reword GRND_RANDOM description
> These patches look ok.
>
> || FIXME is the following paragraph correct?
> Paragraph is correct. FIXME removed.
>
> The appended patch removed two FIXMEs.
> The description of the treatment of interrupts is updated.
>
> || FIXME Here, I think there needs to be an opening paragraph ...
> The description of the treatment of interupts has been reworked.
> FIXME removed.
>
> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
> ---
>  man2/getrandom.2 | 21 ++++++++-------------
>  1 file changed, 8 insertions(+), 13 deletions(-)
>
> diff --git a/man2/getrandom.2 b/man2/getrandom.2
> index 59ebbe0..5bf57b7 100644
> --- a/man2/getrandom.2
> +++ b/man2/getrandom.2
> @@ -55,7 +55,6 @@ Therefore
>  should not be used for Monte Carlo simulations or other
>  programs/algorithms which are doing probabilistic sampling.
>
> -.\" FIXME is the following paragraph correct?
>  By default,
>  .BR getrandom ()
>  draws entropy from the
> @@ -157,10 +156,14 @@ was introduced in version 3.17 of the Linux kernel.
>  This system call is Linux-specific.
>  .SH NOTES
>  .SS Interruption by a signal handler
> -.\" FIXME Here, I think there needs to be an opening paragraph that describes
> -.\" the cases where getrandom() can block. This should cover the cases with
> -.\" GRND_RANDOM and without GRND_RANDOM. Reading the existing page, I am
> -.\" still not completely confident that I know what the cases are.
> +If a blocking call is interrupted by a signal
> +when reading from
> +.I /dev/random
> +.RB ( GRND_RANDOM
> +is set),
> +.B EINTR
> +will be returned.
> +.PP

What I was meaning with my FIXME was: please describe the various
cases where getrandom() can block, both with GRND_RANDOM and without
GRND_RANDOM. As I read the man page, I am not sure that I understand
which the cases are.

Thanks,

Michael



>  The reaction of
>  .BR getrandom ()
>  in case of an interruption of a blocking call by a signal
> @@ -182,14 +185,6 @@ will not return
>  .BR EINTR .
>  Instead, it will return all of the bytes that have been requested.
>  .PP
> -When reading from
> -.I /dev/random
> -.RB ( GRND_RANDOM
> -is set)
> -these guarantees do
> -.I not
> -apply.
> -.PP
>  Calling
>  .BR getrandom ()
>  to read
> --
> 2.1.1
>



-- 
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/

Re: [PATCH] getrandom.2: treatment of interrupts

[Michael Kerrisk (man-pages)]

Hi Heinrich,

On Tue, Nov 11, 2014 at 5:19 PM, Heinrich Schuchardt <xypron.glpk-Mmb7MZpHnFY@public.gmane.org> wrote:
> || pick 0ef180e getrandom.2: Add a sentence to clarify the default behavior...
> || pick 62342ef getrandom.2: Reword GRND_NONBLOCK description
> || pick 0c90d3d getrandom.2: Reword GRND_RANDOM description
> These patches look ok.
>
> || FIXME is the following paragraph correct?
> Paragraph is correct. FIXME removed.
>
> The appended patch removed two FIXMEs.
> The description of the treatment of interrupts is updated.
>
> || FIXME Here, I think there needs to be an opening paragraph ...
> The description of the treatment of interupts has been reworked.
> FIXME removed.
>
> Signed-off-by: Heinrich Schuchardt <xypron.glpk-Mmb7MZpHnFY@public.gmane.org>
> ---
>  man2/getrandom.2 | 21 ++++++++-------------
>  1 file changed, 8 insertions(+), 13 deletions(-)
>
> diff --git a/man2/getrandom.2 b/man2/getrandom.2
> index 59ebbe0..5bf57b7 100644
> --- a/man2/getrandom.2
> +++ b/man2/getrandom.2
> @@ -55,7 +55,6 @@ Therefore
>  should not be used for Monte Carlo simulations or other
>  programs/algorithms which are doing probabilistic sampling.
>
> -.\" FIXME is the following paragraph correct?
>  By default,
>  .BR getrandom ()
>  draws entropy from the
> @@ -157,10 +156,14 @@ was introduced in version 3.17 of the Linux kernel.
>  This system call is Linux-specific.
>  .SH NOTES
>  .SS Interruption by a signal handler
> -.\" FIXME Here, I think there needs to be an opening paragraph that describes
> -.\" the cases where getrandom() can block. This should cover the cases with
> -.\" GRND_RANDOM and without GRND_RANDOM. Reading the existing page, I am
> -.\" still not completely confident that I know what the cases are.
> +If a blocking call is interrupted by a signal
> +when reading from
> +.I /dev/random
> +.RB ( GRND_RANDOM
> +is set),
> +.B EINTR
> +will be returned.
> +.PP

What I was meaning with my FIXME was: please describe the various
cases where getrandom() can block, both with GRND_RANDOM and without
GRND_RANDOM. As I read the man page, I am not sure that I understand
which the cases are.

Thanks,

Michael



>  The reaction of
>  .BR getrandom ()
>  in case of an interruption of a blocking call by a signal
> @@ -182,14 +185,6 @@ will not return
>  .BR EINTR .
>  Instead, it will return all of the bytes that have been requested.
>  .PP
> -When reading from
> -.I /dev/random
> -.RB ( GRND_RANDOM
> -is set)
> -these guarantees do
> -.I not
> -apply.
> -.PP
>  Calling
>  .BR getrandom ()
>  to read
> --
> 2.1.1
>



-- 
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

getrandom.2: treatment of interrupts

[Heinrich Schuchardt]

Hello Theodore,

I created the test program below.

While running it I issued
kill -SIGUSR1 <pid>
and
kill -SIGUSR2 <pid>

What I found was rather strange.

No matter whether specifying GRND_NONBLOCK or not, signals do not 
interrupt the execution of getrandom() while reading from the 
/dev/urandom pool.

Only after getrandom has finished signals are handled.

I would have expected getrandom() to react to interrupts immediately and 
to return whatever number of random bytes have been collected before the 
interrupt.

A system call not reacting to interrupts for several seconds looks like 
a bug to me.

Tested on Linux 3.18.0-rc4 mips64.

Best regards

Heinrich Schuchardt



#define _GNU_SOURCE
#include <errno.h>
#include <linux/unistd.h>
#include <linux/random.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/syscall.h>
#include <sys/types.h>

#if _MIPS_SIM == _MIPS_SIM_ABI32
#define __NR_getrandom                  (__NR_Linux + 353)
#endif /* _MIPS_SIM == _MIPS_SIM_ABI32 */

#if _MIPS_SIM == _MIPS_SIM_ABI64
#define __NR_getrandom                  (__NR_Linux + 313)
#endif /* _MIPS_SIM == _MIPS_SIM_ABI64 */

#if _MIPS_SIM == _MIPS_SIM_NABI32
#define __NR_getrandom                  (__NR_Linux + 317)
#endif /* _MIPS_SIM == _MIPS_SIM_NABI32 */

#ifdef __i386__
#define __NR_getrandom                  (355)
#endif /* __i386__ */

#ifdef __x86_64__
#define __NR_getrandom                  (318)
#endif /* __x86_64__ */

#define SYS_getrandom __NR_getrandom

#define GRND_NONBLOCK   0x0001
#define GRND_RANDOM     0x0002

#define BUFLEN 0x12345678

int getrandom(void *buf, size_t buflen, unsigned int flags)
{
         return syscall(SYS_getrandom, buf, buflen, flags);
}

/**
  * Handles signal.
  *
  * @param sig signal
  */


int do_print = 0;

static void hdl(int sig)
{
         if (sig == SIGUSR1) {
                 fprintf(stderr, "Main received SIGUSR1\n");
                 do_print = 1;
         }
}

int
main(int argc, char *argv[])
{

         char *buf;
         size_t buflen = BUFLEN;
         int ret;
         pid_t pid;
         // action to take when signal occurs
         struct sigaction act;
         // signal mask
         sigset_t blockset;


         pid = getpid();

         printf("PID = %u\n", pid);

         printf("__NR_getrandom = %u\n", __NR_getrandom);

         // Set handler for SIGUSR1
         act.sa_handler = hdl;
         sigemptyset(&act.sa_mask);
         act.sa_flags = 0;
         if (sigaction(SIGUSR1, &act, NULL)) {
                 perror("sigaction");
                 exit(EXIT_FAILURE);
         }

         buf = (char *) malloc(buflen);
         if (buf == NULL) {
                 perror("malloc");
                 exit(EXIT_FAILURE);
         }

         buf = (char *) malloc(buflen);

         for (;;) {
                 ret = getrandom(buf, buflen, GRND_NONBLOCK);
                 if (ret == -1) {
                         fprintf(stderr, "errno = %d\n", errno);
                         perror("getrandom");
                         exit(EXIT_FAILURE);
                 }
                 if (do_print) {
                         do_print = 0;
                         printf("ret = %d\n", ret);
                 }

         }
         printf("ret = %d\n", ret);

         free(buf);

         return EXIT_SUCCESS;
}

getrandom.2: treatment of interrupts

[Heinrich Schuchardt]

Hello Theodore,

I created the test program below.

While running it I issued
kill -SIGUSR1 <pid>
and
kill -SIGUSR2 <pid>

What I found was rather strange.

No matter whether specifying GRND_NONBLOCK or not, signals do not 
interrupt the execution of getrandom() while reading from the 
/dev/urandom pool.

Only after getrandom has finished signals are handled.

I would have expected getrandom() to react to interrupts immediately and 
to return whatever number of random bytes have been collected before the 
interrupt.

A system call not reacting to interrupts for several seconds looks like 
a bug to me.

Tested on Linux 3.18.0-rc4 mips64.

Best regards

Heinrich Schuchardt



#define _GNU_SOURCE
#include <errno.h>
#include <linux/unistd.h>
#include <linux/random.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/syscall.h>
#include <sys/types.h>

#if _MIPS_SIM == _MIPS_SIM_ABI32
#define __NR_getrandom                  (__NR_Linux + 353)
#endif /* _MIPS_SIM == _MIPS_SIM_ABI32 */

#if _MIPS_SIM == _MIPS_SIM_ABI64
#define __NR_getrandom                  (__NR_Linux + 313)
#endif /* _MIPS_SIM == _MIPS_SIM_ABI64 */

#if _MIPS_SIM == _MIPS_SIM_NABI32
#define __NR_getrandom                  (__NR_Linux + 317)
#endif /* _MIPS_SIM == _MIPS_SIM_NABI32 */

#ifdef __i386__
#define __NR_getrandom                  (355)
#endif /* __i386__ */

#ifdef __x86_64__
#define __NR_getrandom                  (318)
#endif /* __x86_64__ */

#define SYS_getrandom __NR_getrandom

#define GRND_NONBLOCK   0x0001
#define GRND_RANDOM     0x0002

#define BUFLEN 0x12345678

int getrandom(void *buf, size_t buflen, unsigned int flags)
{
         return syscall(SYS_getrandom, buf, buflen, flags);
}

/**
  * Handles signal.
  *
  * @param sig signal
  */


int do_print = 0;

static void hdl(int sig)
{
         if (sig == SIGUSR1) {
                 fprintf(stderr, "Main received SIGUSR1\n");
                 do_print = 1;
         }
}

int
main(int argc, char *argv[])
{

         char *buf;
         size_t buflen = BUFLEN;
         int ret;
         pid_t pid;
         // action to take when signal occurs
         struct sigaction act;
         // signal mask
         sigset_t blockset;


         pid = getpid();

         printf("PID = %u\n", pid);

         printf("__NR_getrandom = %u\n", __NR_getrandom);

         // Set handler for SIGUSR1
         act.sa_handler = hdl;
         sigemptyset(&act.sa_mask);
         act.sa_flags = 0;
         if (sigaction(SIGUSR1, &act, NULL)) {
                 perror("sigaction");
                 exit(EXIT_FAILURE);
         }

         buf = (char *) malloc(buflen);
         if (buf == NULL) {
                 perror("malloc");
                 exit(EXIT_FAILURE);
         }

         buf = (char *) malloc(buflen);

         for (;;) {
                 ret = getrandom(buf, buflen, GRND_NONBLOCK);
                 if (ret == -1) {
                         fprintf(stderr, "errno = %d\n", errno);
                         perror("getrandom");
                         exit(EXIT_FAILURE);
                 }
                 if (do_print) {
                         do_print = 0;
                         printf("ret = %d\n", ret);
                 }

         }
         printf("ret = %d\n", ret);

         free(buf);

         return EXIT_SUCCESS;
}

--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 1/1] urandom: handle signals immediately

[Heinrich Schuchardt]

Without the patch device /dev/urandom only considers signals when a
rescheduling of the thread is requested. This may imply that
signals will not be handled for time intervals in excess of 30s.

With the patch signals are handled in every round copying 10 bytes if more
than 256 bytes have been collected. This 256 byte limit ensures the
guarantee given by system call getrandom().

With the patch rescheduling may occur even when reading less than 257 bytes.
This restores the logic before the introduction of the getrandom() system
call. getrandom() provides no guarantee concerning rescheduling.

An example code for testing is provided in
https://lkml.org/lkml/2014/11/22/41

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
---
 drivers/char/random.c | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/drivers/char/random.c b/drivers/char/random.c
index 04645c0..75e96c1 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -1189,21 +1189,20 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
 {
 	ssize_t ret = 0, i;
 	__u8 tmp[EXTRACT_SIZE];
-	int large_request = (nbytes > 256);
 
 	trace_extract_entropy_user(r->name, nbytes, ENTROPY_BITS(r), _RET_IP_);
 	xfer_secondary_pool(r, nbytes);
 	nbytes = account(r, nbytes, 0, 0);
 
 	while (nbytes) {
-		if (large_request && need_resched()) {
-			if (signal_pending(current)) {
-				if (ret == 0)
-					ret = -ERESTARTSYS;
-				break;
-			}
+		/*
+		 * getrandom must not be interrupted by a signal while
+		 * reading up to 256 bytes.
+		 */
+		if (signal_pending(current) && ret > 256)
+			break;
+		if (need_resched())
 			schedule();
-		}
 
 		extract_buf(r, tmp);
 		i = min_t(int, nbytes, EXTRACT_SIZE);
-- 
2.1.3

Re: [PATCH 1/1] urandom: handle signals immediately

[Theodore Ts'o]

On Sat, Nov 29, 2014 at 10:12:29AM +0100, Heinrich Schuchardt wrote:
> Without the patch device /dev/urandom only considers signals when a
> rescheduling of the thread is requested. This may imply that
> signals will not be handled for time intervals in excess of 30s.

Sorry, I didn't see your e-mail for a while; it got lost in my inbox
due to my being travelling for Thanksgiving weeksend.

I'm not sure where you are getting 30 seconds from, but you're right
that it would be better to check signal_pending() on each loop.  That
being said, your patch isn't right.

> +		/*
> +		 * getrandom must not be interrupted by a signal while
> +		 * reading up to 256 bytes.
> +		 */
> +		if (signal_pending(current) && ret > 256)
> +			break;
> +		if (need_resched())
>  			schedule();
> -		}

This means that we can reschedule even for small requests, and that's
no good; getrandom *must* be atomic.  You also need to return
-ERESTARTSYS if we get interrupted with no bytes.  So this needs to be
something like this:

		if (ret > 256) {
			if (signal_pending(current)) {
				if (ret == 0)
					ret = -ERESTARTSYS;
				break;
			}
			if (need_resched())
				schedule();
		}

Cheers,

					- Ted

Re: [PATCH 1/1] urandom: handle signals immediately

[Heinrich Schuchardt]

Hello Ted,

thanks for the review.

On 19.12.2014 17:57, Theodore Ts'o wrote:
> On Sat, Nov 29, 2014 at 10:12:29AM +0100, Heinrich Schuchardt wrote:
>...
> I'm not sure where you are getting 30 seconds from,

The example code is in https://lkml.org/lkml/2014/11/22/41 .
Running it on an EdgeRouter Lite which has a Cavium Octeon MIPS 
processor, it took more than 30s to get a response for an interrupt 
(after creating of 0x12345678 = 305,419,896 pseudo random bytes).

> but you're right
> that it would be better to check signal_pending() on each loop.  That
> being said, your patch isn't right.
>
>> +		/*
>> +		 * getrandom must not be interrupted by a signal while
>> +		 * reading up to 256 bytes.
>> +		 */
>> +		if (signal_pending(current) && ret > 256)
>> +			break;
>> +		if (need_resched())
>>   			schedule();
>> -		}
>
> This means that we can reschedule even for small requests, and that's
> no good; getrandom *must* be atomic.

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c6e9d6f38894798696f23c8084ca7edbf16ee895
does not indicate this as a necessary property.

Could you, please, explain why getrandom must be atomic.
I would like to add a comment line with the next version of my patch.

>  You also need to return
> -ERESTARTSYS if we get interrupted with no bytes.  So this needs to be
> something like this:
>
> 		if (ret > 256) {
> 			if (signal_pending(current)) {
> 				if (ret == 0)

This line will never be reached because ret > 256.

The idea in my patch was, that we will not react to an interrupt during
the generation of the first 256 bytes. Hence there is not need to return 
ERESTARTSYS. Instead we will always return a positive number except if 
the entropy buffer is not yet intialized.

This just removes the inconsistency that ERESTARTSYS may arise for calls 
for more than 256 bytes, but not for calls up to 256 bytes.

Do you see any need to react to an interrupt before copying the first byte?

> 					ret = -ERESTARTSYS;
> 				break;
> 			}
> 			if (need_resched())
> 				schedule();
> 		}

Best regards

Heinrich Schuchardt

Re: [PATCH 1/3] getrandom.2: new manpage

[Michael Kerrisk (man-pages)]

Hi Heinrich,

Things seem to have stalled on the getrandom(2) man page (no response
to my mail below), and also in your conversation with Ted regarding
the 29 Nov patch proposal "urandom: handle signals immediately".
What's the current status?

Cheers,

Michael


On 11 November 2014 at 12:44, Michael Kerrisk (man-pages)
<mtk.manpages@gmail.com> wrote:
> Hi Heinrich,
>
> On Fri, Oct 3, 2014 at 2:15 AM, Heinrich Schuchardt <xypron.glpk@gmx.de> wrote:
>> Kernel 3.17 introduces a new system call getrandom(2).
>>
>> The man page in this patch is based on the commit message by
>> Theodore Ts'o <tytso@mit.edu> and suggestion by
>> Michael Kerrisk <mtk.manpages@gmail.com>.
>
> No word from Ted so far...
>
> I've added LKML to CC, because I think it's worth getting wider review
> of the page at this point.
>
> I've done some further editing on the page, and pushed the current
> version in public branch:
> http://git.kernel.org/cgit/docs/man-pages/man-pages.git/log/?h=draft_getrandom
>
> Could you please review the current version, appended below. Note that
> there are a couple of FIXMEs there. Also, could you pay special
> attention to the changes in these commits, to make sure I have not
> injected any errors:
>
> pick 0ef180e getrandom.2: Add a sentence to clarify the default behavior...
> pick 62342ef getrandom.2: Reword GRND_NONBLOCK description
> pick 0c90d3d getrandom.2: Reword GRND_RANDOM description
>
> Cheers,
>
> Michael
>
> .\" Copyright (C) 2014, Theodore Ts'o <tytso@mit.edu>
> .\" Copyright (C) 2014, Heinrich Schuchardt <xypron.glpk@gmx.de>
> .\"
> .\" %%%LICENSE_START(VERBATIM)
> .\" Permission is granted to make and distribute verbatim copies of this
> .\" manual provided the copyright notice and this permission notice are
> .\" preserved on all copies.
> .\"
> .\" Permission is granted to copy and distribute modified versions of
> .\" this manual under the conditions for verbatim copying, provided that
> .\" the entire resulting derived work is distributed under the terms of
> .\" a permission notice identical to this one.
> .\"
> .\" Since the Linux kernel and libraries are constantly changing, this
> .\" manual page may be incorrect or out-of-date.  The author(s) assume.
> .\" no responsibility for errors or omissions, or for damages resulting.
> .\" from the use of the information contained herein.  The author(s) may.
> .\" not have taken the same level of care in the production of this.
> .\" manual, which is licensed free of charge, as they might when working.
> .\" professionally.
> .\"
> .\" Formatted or processed versions of this manual, if unaccompanied by
> .\" the source, must acknowledge the copyright and authors of this work.
> .\" %%%LICENSE_END
>
> .TH GETRANDOM 2 2014-10-03 "Linux" "Linux Programmer's Manual"
> .SH NAME
> getrandom \- obtain a series of random bytes
> .SH SYNOPSIS
> .B #include <linux/random.h>
> .sp
> .BI "int getrandom(void *"buf ", size_t " buflen ", unsigned int " flags );
> .SH DESCRIPTION
> The system call
> .BR getrandom ()
> fills the buffer pointed to by
> .I buf
> with up to
> .I buflen
> random bytes.
> These can be used to seed user-space random number generators
> or for other cryptographic purposes.
> .PP
> .BR getrandom ()
> relies on entropy gathered from device drivers and other sources of
> environmental noise.
> Unnecessarily reading large quantities of data will have a negative impact
> on other users of the
> .I /dev/random
> and
> .I /dev/urandom
> devices.
> Therefore
> .BR getrandom ()
> should not be used for Monte Carlo simulations or other
> programs/algorithms which are doing probabilistic sampling.
>
> .\" FIXME is the following paragraph correct?
> By default,
> .BR getrandom ()
> draws entropy from the
> .IR /dev/urandom
> pool, and, if that pool has been initialized and
> .IR buflen
> is less than or equal to 256 (see NOTES, below),
> then the call never blocks when drawing from that pool
> and always returns the number of bytes requested in
> .IR buflen .
> This behavior can be changed via the
> .I flags
> argument.
>
> The
> .I flags
> argument is a bit mask that can contain zero or more of the following values
> ORed together:
> .TP
> .B GRND_RANDOM
> If this bit is set, then random bytes are drawn from the
> .I /dev/random
> pool instead of the
> .I /dev/urandom
> pool.
> The
> .I /dev/random
> pool is limited based on the entropy that can be obtained from environmental
> noise.
> If the number of available bytes in
> .I /dev/random
> is less than requested in
> .IR buflen ,
> the call returns just the available random bytes.
> If no random byte is available, the response will depend on the
> presence of
> .B GRND_NONBLOCK
> in the
> .I flags
> argument.
> .TP
> .B GRND_NONBLOCK
> By default, if there is no random byte available at all,
> .BR getrandom ()
> blocks until data is available.
> If the
> .B GRND_NONBLOCK
> flag is set, then
> .BR getrandom ()
> instead immediately returns -1 with
> .I errno
> set to
> .BR EAGAIN .
> .SH RETURN VALUE
> On success,
> .BR getrandom ()
> returns the number of bytes that were copied to the buffer
> .IR buf .
> This may be less than the number of bytes requested via
> .I buflen
> if insufficient entropy was present in the
> .IR /dev/random
> pool, or if the system call was interrupted by a signal.
> .PP
> On error, -1 is returned, and
> .I errno
> is set appropriately.
> .SH ERRORS
> .TP
> .B EINVAL
> An invalid flag was specified in
> .IR flags .
> .TP
> .B EFAULT
> The address referred to by
> .I buf
> is outside the accessible address space.
> .TP
> .B EAGAIN
> The requested entropy was not available, and
> .BR getrandom ()
> would have blocked if the
> .B GRND_NONBLOCK
> flag was not set.
> .TP
> .B EINTR
> While blocked waiting for entropy, the call was interrupted by a signal
> handler; see the description of how interrupted
> .BR read (2)
> calls on "slow" devices are handled with and without the
> .B SA_RESTART
> flag in the
> .BR signal (7)
> man page.
> .SH VERSIONS
> .BR getrandom ()
> was introduced in version 3.17 of the Linux kernel.
> .SH CONFORMING TO
> This system call is Linux-specific.
> .SH NOTES
> .SS Interruption by a signal handler
> .\" FIXME Here, I think there needs to be an opening paragraph that describes
> .\" the cases where getrandom() can block. This should cover the cases with
> .\" GRND_RANDOM and without GRND_RANDOM. Reading the existing page, I am
> .\" still not completely confident that I know what the cases are.
> The reaction of
> .BR getrandom ()
> in case of an interruption of a blocking call by a signal
> when reading from
> .I /dev/urandom
> .RB ( GRND_RANDOM
> is not set)
> depends on the initialization state of the entropy buffer
> and on the request size
> .IR buflen .
> If the entropy is not yet initialized or the request size is large
> .RI ( buflen "\ >\ 256),"
> .B EINTR
> will be returned.
> If the entropy pool has been initialized and the request size is small
> .RI ( buflen "\ <=\ 256),"
> .BR getrandom ()
> will not return
> .BR EINTR .
> Instead, it will return all of the bytes that have been requested.
> .PP
> When reading from
> .I /dev/random
> .RB ( GRND_RANDOM
> is set)
> these guarantees do
> .I not
> apply.
> .PP
> Calling
> .BR getrandom ()
> to read
> .I /dev/urandom
> for small values (<=\ 256) of
> .I buflen
> is the preferred mode of usage.
> .PP
> The special treatment of small values of
> .I buflen
> was designed for compatibility with
> OpenBSD's
> .BR getentropy ()
> system call.
> .PP
> The user of
> .BR getrandom ()
> .I must
> always check the return value,
> to determine whether either an error occurred
> or fewer bytes than requested were returned.
> In the case where
> .B GRND_RANDOM
> is not specified and
> .I buflen
> is less than or equal to 256,
> a return of fewer bytes than requested should never happen,
> but the careful user-space code should check for this anyway!
> .SS Choice of random device
> Unless you are doing long-term key generation (and perhaps not even
> then), you probably shouldn't be using
> .B GRND_RANDOM.
> The cryptographic algorithms used for
> .I /dev/urandom
> are quite conservative, and so should be sufficient for all purposes.
> The disadvantage of
> .B GRND_RANDOM
> is that it can block.
> Furthermore, dealing with partially fulfilled
> .BR getrandom ()
> requests increases code complexity.
> .SS Emulating OpenBSD's getentropy()
> The
> .BR getentropy ()
> system call in OpenBSD can be emulated using the following
> function:
>
> .in +4n
> .nf
> int
> getentropy(void *buf, size_t buflen)
> {
>     int ret;
>
>     if (buflen > 256)
>         goto failure;
>     ret = getrandom(buf, buflen, 0);
>     if (ret < 0)
>         return ret;
>     if (ret == buflen)
>         return 0;
> failure:
>     errno = EIO;
>     return -1;
> }
> .fi
> .in
> .SH SEE ALSO
> .BR random (4),
> .BR urandom (4)



-- 
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/

Re: [PATCH 1/3] getrandom.2: new manpage

[Michael Kerrisk (man-pages)]

Hi Heinrich,

Things seem to have stalled on the getrandom(2) man page (no response
to my mail below), and also in your conversation with Ted regarding
the 29 Nov patch proposal "urandom: handle signals immediately".
What's the current status?

Cheers,

Michael


On 11 November 2014 at 12:44, Michael Kerrisk (man-pages)
<mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> Hi Heinrich,
>
> On Fri, Oct 3, 2014 at 2:15 AM, Heinrich Schuchardt <xypron.glpk-Mmb7MZpHnFY@public.gmane.org> wrote:
>> Kernel 3.17 introduces a new system call getrandom(2).
>>
>> The man page in this patch is based on the commit message by
>> Theodore Ts'o <tytso-3s7WtUTddSA@public.gmane.org> and suggestion by
>> Michael Kerrisk <mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>.
>
> No word from Ted so far...
>
> I've added LKML to CC, because I think it's worth getting wider review
> of the page at this point.
>
> I've done some further editing on the page, and pushed the current
> version in public branch:
> http://git.kernel.org/cgit/docs/man-pages/man-pages.git/log/?h=draft_getrandom
>
> Could you please review the current version, appended below. Note that
> there are a couple of FIXMEs there. Also, could you pay special
> attention to the changes in these commits, to make sure I have not
> injected any errors:
>
> pick 0ef180e getrandom.2: Add a sentence to clarify the default behavior...
> pick 62342ef getrandom.2: Reword GRND_NONBLOCK description
> pick 0c90d3d getrandom.2: Reword GRND_RANDOM description
>
> Cheers,
>
> Michael
>
> .\" Copyright (C) 2014, Theodore Ts'o <tytso-3s7WtUTddSA@public.gmane.org>
> .\" Copyright (C) 2014, Heinrich Schuchardt <xypron.glpk-Mmb7MZpHnFY@public.gmane.org>
> .\"
> .\" %%%LICENSE_START(VERBATIM)
> .\" Permission is granted to make and distribute verbatim copies of this
> .\" manual provided the copyright notice and this permission notice are
> .\" preserved on all copies.
> .\"
> .\" Permission is granted to copy and distribute modified versions of
> .\" this manual under the conditions for verbatim copying, provided that
> .\" the entire resulting derived work is distributed under the terms of
> .\" a permission notice identical to this one.
> .\"
> .\" Since the Linux kernel and libraries are constantly changing, this
> .\" manual page may be incorrect or out-of-date.  The author(s) assume.
> .\" no responsibility for errors or omissions, or for damages resulting.
> .\" from the use of the information contained herein.  The author(s) may.
> .\" not have taken the same level of care in the production of this.
> .\" manual, which is licensed free of charge, as they might when working.
> .\" professionally.
> .\"
> .\" Formatted or processed versions of this manual, if unaccompanied by
> .\" the source, must acknowledge the copyright and authors of this work.
> .\" %%%LICENSE_END
>
> .TH GETRANDOM 2 2014-10-03 "Linux" "Linux Programmer's Manual"
> .SH NAME
> getrandom \- obtain a series of random bytes
> .SH SYNOPSIS
> .B #include <linux/random.h>
> .sp
> .BI "int getrandom(void *"buf ", size_t " buflen ", unsigned int " flags );
> .SH DESCRIPTION
> The system call
> .BR getrandom ()
> fills the buffer pointed to by
> .I buf
> with up to
> .I buflen
> random bytes.
> These can be used to seed user-space random number generators
> or for other cryptographic purposes.
> .PP
> .BR getrandom ()
> relies on entropy gathered from device drivers and other sources of
> environmental noise.
> Unnecessarily reading large quantities of data will have a negative impact
> on other users of the
> .I /dev/random
> and
> .I /dev/urandom
> devices.
> Therefore
> .BR getrandom ()
> should not be used for Monte Carlo simulations or other
> programs/algorithms which are doing probabilistic sampling.
>
> .\" FIXME is the following paragraph correct?
> By default,
> .BR getrandom ()
> draws entropy from the
> .IR /dev/urandom
> pool, and, if that pool has been initialized and
> .IR buflen
> is less than or equal to 256 (see NOTES, below),
> then the call never blocks when drawing from that pool
> and always returns the number of bytes requested in
> .IR buflen .
> This behavior can be changed via the
> .I flags
> argument.
>
> The
> .I flags
> argument is a bit mask that can contain zero or more of the following values
> ORed together:
> .TP
> .B GRND_RANDOM
> If this bit is set, then random bytes are drawn from the
> .I /dev/random
> pool instead of the
> .I /dev/urandom
> pool.
> The
> .I /dev/random
> pool is limited based on the entropy that can be obtained from environmental
> noise.
> If the number of available bytes in
> .I /dev/random
> is less than requested in
> .IR buflen ,
> the call returns just the available random bytes.
> If no random byte is available, the response will depend on the
> presence of
> .B GRND_NONBLOCK
> in the
> .I flags
> argument.
> .TP
> .B GRND_NONBLOCK
> By default, if there is no random byte available at all,
> .BR getrandom ()
> blocks until data is available.
> If the
> .B GRND_NONBLOCK
> flag is set, then
> .BR getrandom ()
> instead immediately returns -1 with
> .I errno
> set to
> .BR EAGAIN .
> .SH RETURN VALUE
> On success,
> .BR getrandom ()
> returns the number of bytes that were copied to the buffer
> .IR buf .
> This may be less than the number of bytes requested via
> .I buflen
> if insufficient entropy was present in the
> .IR /dev/random
> pool, or if the system call was interrupted by a signal.
> .PP
> On error, -1 is returned, and
> .I errno
> is set appropriately.
> .SH ERRORS
> .TP
> .B EINVAL
> An invalid flag was specified in
> .IR flags .
> .TP
> .B EFAULT
> The address referred to by
> .I buf
> is outside the accessible address space.
> .TP
> .B EAGAIN
> The requested entropy was not available, and
> .BR getrandom ()
> would have blocked if the
> .B GRND_NONBLOCK
> flag was not set.
> .TP
> .B EINTR
> While blocked waiting for entropy, the call was interrupted by a signal
> handler; see the description of how interrupted
> .BR read (2)
> calls on "slow" devices are handled with and without the
> .B SA_RESTART
> flag in the
> .BR signal (7)
> man page.
> .SH VERSIONS
> .BR getrandom ()
> was introduced in version 3.17 of the Linux kernel.
> .SH CONFORMING TO
> This system call is Linux-specific.
> .SH NOTES
> .SS Interruption by a signal handler
> .\" FIXME Here, I think there needs to be an opening paragraph that describes
> .\" the cases where getrandom() can block. This should cover the cases with
> .\" GRND_RANDOM and without GRND_RANDOM. Reading the existing page, I am
> .\" still not completely confident that I know what the cases are.
> The reaction of
> .BR getrandom ()
> in case of an interruption of a blocking call by a signal
> when reading from
> .I /dev/urandom
> .RB ( GRND_RANDOM
> is not set)
> depends on the initialization state of the entropy buffer
> and on the request size
> .IR buflen .
> If the entropy is not yet initialized or the request size is large
> .RI ( buflen "\ >\ 256),"
> .B EINTR
> will be returned.
> If the entropy pool has been initialized and the request size is small
> .RI ( buflen "\ <=\ 256),"
> .BR getrandom ()
> will not return
> .BR EINTR .
> Instead, it will return all of the bytes that have been requested.
> .PP
> When reading from
> .I /dev/random
> .RB ( GRND_RANDOM
> is set)
> these guarantees do
> .I not
> apply.
> .PP
> Calling
> .BR getrandom ()
> to read
> .I /dev/urandom
> for small values (<=\ 256) of
> .I buflen
> is the preferred mode of usage.
> .PP
> The special treatment of small values of
> .I buflen
> was designed for compatibility with
> OpenBSD's
> .BR getentropy ()
> system call.
> .PP
> The user of
> .BR getrandom ()
> .I must
> always check the return value,
> to determine whether either an error occurred
> or fewer bytes than requested were returned.
> In the case where
> .B GRND_RANDOM
> is not specified and
> .I buflen
> is less than or equal to 256,
> a return of fewer bytes than requested should never happen,
> but the careful user-space code should check for this anyway!
> .SS Choice of random device
> Unless you are doing long-term key generation (and perhaps not even
> then), you probably shouldn't be using
> .B GRND_RANDOM.
> The cryptographic algorithms used for
> .I /dev/urandom
> are quite conservative, and so should be sufficient for all purposes.
> The disadvantage of
> .B GRND_RANDOM
> is that it can block.
> Furthermore, dealing with partially fulfilled
> .BR getrandom ()
> requests increases code complexity.
> .SS Emulating OpenBSD's getentropy()
> The
> .BR getentropy ()
> system call in OpenBSD can be emulated using the following
> function:
>
> .in +4n
> .nf
> int
> getentropy(void *buf, size_t buflen)
> {
>     int ret;
>
>     if (buflen > 256)
>         goto failure;
>     ret = getrandom(buf, buflen, 0);
>     if (ret < 0)
>         return ret;
>     if (ret == buflen)
>         return 0;
> failure:
>     errno = EIO;
>     return -1;
> }
> .fi
> .in
> .SH SEE ALSO
> .BR random (4),
> .BR urandom (4)



-- 
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 1/1] getrandom.2: mention bug concerning treatment of interrupts

[Heinrich Schuchardt]

Theodore Ts'o confirmed the bug described in
https://lkml.org/lkml/2014/11/29/16

It should be mentioned in the manpage.

Signed-off-by: Heinrich Schuchardt <xypron.glpk-Mmb7MZpHnFY@public.gmane.org>
---
 man2/getrandom.2 | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/man2/getrandom.2 b/man2/getrandom.2
index 5bf57b7..e9f62c5 100644
--- a/man2/getrandom.2
+++ b/man2/getrandom.2
@@ -23,7 +23,7 @@
 .\" the source, must acknowledge the copyright and authors of this work.
 .\" %%%LICENSE_END
 
-.TH GETRANDOM 2 2014-10-03 "Linux" "Linux Programmer's Manual"
+.TH GETRANDOM 2 2015-01-22 "Linux" "Linux Programmer's Manual"
 .SH NAME
 getrandom \- obtain a series of random bytes
 .SH SYNOPSIS
@@ -252,6 +252,13 @@ failure:
 }
 .fi
 .in
+.SH BUGS
+As of Linux 3.19, the following bug exists:
+.PP
+.\" FIXME patch proposed https://lkml.org/lkml/2014/11/29/16
+Depending on CPU load
+.BR getrandom ()
+does not react to interrupts before reading all bytes requested.
 .SH SEE ALSO
 .BR random (4),
 .BR urandom (4)
-- 
2.1.4

--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 1/1] getrandom.2: rework paragraphs marked with FIXME

[Heinrich Schuchardt]

The patch clarifies when blocking may occur while calling
getrandom().

Signed-off-by: Heinrich Schuchardt <xypron.glpk-Mmb7MZpHnFY@public.gmane.org>
---
 man2/getrandom.2 | 35 ++++++++++++++++++++---------------
 1 file changed, 20 insertions(+), 15 deletions(-)

diff --git a/man2/getrandom.2 b/man2/getrandom.2
index d01502e..cfbbf5f 100644
--- a/man2/getrandom.2
+++ b/man2/getrandom.2
@@ -55,20 +55,17 @@ Therefore
 should not be used for Monte Carlo simulations or other
 programs/algorithms which are doing probabilistic sampling.
 
-.\" FIXME is the following paragraph correct?
 By default,
 .BR getrandom ()
 draws entropy from the
 .IR /dev/urandom
-pool, and, if that pool has been initialized and
-.IR buflen
-is less than or equal to 256 (see NOTES, below),
-then the call never blocks when drawing from that pool
-and always returns the number of bytes requested in
-.IR buflen .
+pool.
 This behavior can be changed via the
 .I flags
 argument.
+If the
+.IR /dev/urandom
+pool has been initialized, reading from that pool never blocks.
 
 The
 .I flags
@@ -157,17 +154,27 @@ was introduced in version 3.17 of the Linux kernel.
 This system call is Linux-specific.
 .SH NOTES
 .SS Interruption by a signal handler
-.\" FIXME Here, I think there needs to be an opening paragraph that describes
-.\" the cases where getrandom() can block. This should cover the cases with
-.\" GRND_RANDOM and without GRND_RANDOM. Reading the existing page, I am
-.\" still not completely confident that I know what the cases are.
+A call to
+.BR getrandom ()
+can only block when called without the
+.B GRND_NONBLOCK
+flag.
+When reading from
+.I /dev/urandom
+.RB ( GRND_RANDOM
+is not set)
+blocking only occurs if the entropy pool has not been initialized yet.
+When reading from
+.I /dev/random
+.RB ( GRND_RANDOM
+is set)
+blocking occurs if not enough random bytes are available.
+
 The reaction of
 .BR getrandom ()
 in case of an interruption of a blocking call by a signal
 when reading from
 .I /dev/urandom
-.RB ( GRND_RANDOM
-is not set)
 depends on the initialization state of the entropy buffer
 and on the request size
 .IR buflen .
@@ -184,8 +191,6 @@ Instead, it will return all of the bytes that have been requested.
 .PP
 When reading from
 .I /dev/random
-.RB ( GRND_RANDOM
-is set)
 these guarantees do
 .I not
 apply.
-- 
2.1.4

--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 1/1] getrandom.2: mention bug concerning treatment of interrupts

[Michael Kerrisk (man-pages)]

On 01/22/2015 07:30 PM, Heinrich Schuchardt wrote:
> Theodore Ts'o confirmed the bug described in
> https://lkml.org/lkml/2014/11/29/16
> 
> It should be mentioned in the manpage.

Thanks, Heinrich. Applied.

Cheers,

Michael



> Signed-off-by: Heinrich Schuchardt <xypron.glpk-Mmb7MZpHnFY@public.gmane.org>
> ---
>  man2/getrandom.2 | 9 ++++++++-
>  1 file changed, 8 insertions(+), 1 deletion(-)
> 
> diff --git a/man2/getrandom.2 b/man2/getrandom.2
> index 5bf57b7..e9f62c5 100644
> --- a/man2/getrandom.2
> +++ b/man2/getrandom.2
> @@ -23,7 +23,7 @@
>  .\" the source, must acknowledge the copyright and authors of this work.
>  .\" %%%LICENSE_END
>  
> -.TH GETRANDOM 2 2014-10-03 "Linux" "Linux Programmer's Manual"
> +.TH GETRANDOM 2 2015-01-22 "Linux" "Linux Programmer's Manual"
>  .SH NAME
>  getrandom \- obtain a series of random bytes
>  .SH SYNOPSIS
> @@ -252,6 +252,13 @@ failure:
>  }
>  .fi
>  .in
> +.SH BUGS
> +As of Linux 3.19, the following bug exists:
> +.PP
> +.\" FIXME patch proposed https://lkml.org/lkml/2014/11/29/16
> +Depending on CPU load
> +.BR getrandom ()
> +does not react to interrupts before reading all bytes requested.
>  .SH SEE ALSO
>  .BR random (4),
>  .BR urandom (4)
> 


-- 
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 1/1] getrandom.2: rework paragraphs marked with FIXME

[Michael Kerrisk (man-pages)]

On 22 January 2015 at 20:30, Heinrich Schuchardt <xypron.glpk-Mmb7MZpHnFY@public.gmane.org> wrote:
> The patch clarifies when blocking may occur while calling
> getrandom().

Applied in the draft_getrandom branch. Thanks, Heinrich.

Cheers,

Michael

> Signed-off-by: Heinrich Schuchardt <xypron.glpk-Mmb7MZpHnFY@public.gmane.org>
> ---
>  man2/getrandom.2 | 35 ++++++++++++++++++++---------------
>  1 file changed, 20 insertions(+), 15 deletions(-)
>
> diff --git a/man2/getrandom.2 b/man2/getrandom.2
> index d01502e..cfbbf5f 100644
> --- a/man2/getrandom.2
> +++ b/man2/getrandom.2
> @@ -55,20 +55,17 @@ Therefore
>  should not be used for Monte Carlo simulations or other
>  programs/algorithms which are doing probabilistic sampling.
>
> -.\" FIXME is the following paragraph correct?
>  By default,
>  .BR getrandom ()
>  draws entropy from the
>  .IR /dev/urandom
> -pool, and, if that pool has been initialized and
> -.IR buflen
> -is less than or equal to 256 (see NOTES, below),
> -then the call never blocks when drawing from that pool
> -and always returns the number of bytes requested in
> -.IR buflen .
> +pool.
>  This behavior can be changed via the
>  .I flags
>  argument.
> +If the
> +.IR /dev/urandom
> +pool has been initialized, reading from that pool never blocks.
>
>  The
>  .I flags
> @@ -157,17 +154,27 @@ was introduced in version 3.17 of the Linux kernel.
>  This system call is Linux-specific.
>  .SH NOTES
>  .SS Interruption by a signal handler
> -.\" FIXME Here, I think there needs to be an opening paragraph that describes
> -.\" the cases where getrandom() can block. This should cover the cases with
> -.\" GRND_RANDOM and without GRND_RANDOM. Reading the existing page, I am
> -.\" still not completely confident that I know what the cases are.
> +A call to
> +.BR getrandom ()
> +can only block when called without the
> +.B GRND_NONBLOCK
> +flag.
> +When reading from
> +.I /dev/urandom
> +.RB ( GRND_RANDOM
> +is not set)
> +blocking only occurs if the entropy pool has not been initialized yet.
> +When reading from
> +.I /dev/random
> +.RB ( GRND_RANDOM
> +is set)
> +blocking occurs if not enough random bytes are available.
> +
>  The reaction of
>  .BR getrandom ()
>  in case of an interruption of a blocking call by a signal
>  when reading from
>  .I /dev/urandom
> -.RB ( GRND_RANDOM
> -is not set)
>  depends on the initialization state of the entropy buffer
>  and on the request size
>  .IR buflen .
> @@ -184,8 +191,6 @@ Instead, it will return all of the bytes that have been requested.
>  .PP
>  When reading from
>  .I /dev/random
> -.RB ( GRND_RANDOM
> -is set)
>  these guarantees do
>  .I not
>  apply.
> --
> 2.1.4
>



-- 
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html