* [XEN PATCH v1] libxl: use getrandom() syscall for random data extraction
@ 2021-05-24 8:58 Sergiy Kibrik
2021-05-24 12:54 ` Julien Grall
0 siblings, 1 reply; 5+ messages in thread
From: Sergiy Kibrik @ 2021-05-24 8:58 UTC (permalink / raw)
To: xen-devel; +Cc: Ian Jackson, Wei Liu, Sergiy Kibrik
Simplify libxl__random_bytes() routine by using a newer dedicated syscall.
This allows not only to substantially reduce its footprint, but syscall also
considered to be safer and generally better solution:
https://lwn.net/Articles/606141/
getrandom() available on Linux, FreeBSD and NetBSD.
Signed-off-by: Sergiy Kibrik <Sergiy_Kibrik@epam.com>
---
tools/libxl/libxl_utils.c | 23 ++++-------------------
1 file changed, 4 insertions(+), 19 deletions(-)
diff --git a/tools/libxl/libxl_utils.c b/tools/libxl/libxl_utils.c
index b039143b8a..f3e56a4026 100644
--- a/tools/libxl/libxl_utils.c
+++ b/tools/libxl/libxl_utils.c
@@ -16,6 +16,7 @@
#include "libxl_osdeps.h" /* must come before any other headers */
#include <ctype.h>
+#include <sys/random.h>
#include "libxl_internal.h"
#include "_paths.h"
@@ -1226,26 +1227,10 @@ void libxl_string_copy(libxl_ctx *ctx, char **dst, char * const*src)
*/
int libxl__random_bytes(libxl__gc *gc, uint8_t *buf, size_t len)
{
- static const char *dev = "/dev/urandom";
- int fd;
- int ret;
-
- fd = open(dev, O_RDONLY);
- if (fd < 0) {
- LOGE(ERROR, "failed to open \"%s\"", dev);
+ ssize_t ret = getrandom(buf, len, 0);
+ if (ret != len)
return ERROR_FAIL;
- }
- ret = libxl_fd_set_cloexec(CTX, fd, 1);
- if (ret) {
- close(fd);
- return ERROR_FAIL;
- }
-
- ret = libxl_read_exactly(CTX, fd, buf, len, dev, NULL);
-
- close(fd);
-
- return ret;
+ return 0;
}
int libxl__prepare_sockaddr_un(libxl__gc *gc,
--
2.25.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [XEN PATCH v1] libxl: use getrandom() syscall for random data extraction
2021-05-24 8:58 [XEN PATCH v1] libxl: use getrandom() syscall for random data extraction Sergiy Kibrik
@ 2021-05-24 12:54 ` Julien Grall
2021-05-26 9:31 ` Sergiy Kibrik
0 siblings, 1 reply; 5+ messages in thread
From: Julien Grall @ 2021-05-24 12:54 UTC (permalink / raw)
To: Sergiy Kibrik, xen-devel; +Cc: Ian Jackson, Wei Liu
Hi,
On 24/05/2021 09:58, Sergiy Kibrik wrote:
> Simplify libxl__random_bytes() routine by using a newer dedicated syscall.
> This allows not only to substantially reduce its footprint, but syscall also
> considered to be safer and generally better solution:
>
> https://lwn.net/Articles/606141/
>
> getrandom() available on Linux, FreeBSD and NetBSD.
From the man:
VERSIONS
getrandom() was introduced in version 3.17 of the Linux kernel.
Support was added to glibc in version 2.25.
If I am not mistaken glibc 2.25 was released in 2017. Also, the call was
only introduced in FreeBSD 12.
So I think we want to check if getrandom() can be used. We may also want
to consider to fallback to read /dev/urandom if the call return ENOSYS.
Cheers,
--
Julien Grall
^ permalink raw reply [flat|nested] 5+ messages in thread
* RE: [XEN PATCH v1] libxl: use getrandom() syscall for random data extraction
2021-05-24 12:54 ` Julien Grall
@ 2021-05-26 9:31 ` Sergiy Kibrik
2021-05-26 16:17 ` Julien Grall
0 siblings, 1 reply; 5+ messages in thread
From: Sergiy Kibrik @ 2021-05-26 9:31 UTC (permalink / raw)
To: Julien Grall, xen-devel; +Cc: Ian Jackson, Wei Liu
Hi Julien,
>
> From the man:
>
> VERSIONS
> getrandom() was introduced in version 3.17 of the Linux kernel.
> Support was added to glibc in version 2.25.
>
> If I am not mistaken glibc 2.25 was released in 2017. Also, the call was only
> introduced in FreeBSD 12.
>
> So I think we want to check if getrandom() can be used. We may also want to
> consider to fallback to read /dev/urandom if the call return ENOSYS.
>
You mean its availability should be checked both at build and runtime?
--
regards,
Sergiy
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [XEN PATCH v1] libxl: use getrandom() syscall for random data extraction
2021-05-26 9:31 ` Sergiy Kibrik
@ 2021-05-26 16:17 ` Julien Grall
2021-05-26 18:41 ` Sergiy Kibrik
0 siblings, 1 reply; 5+ messages in thread
From: Julien Grall @ 2021-05-26 16:17 UTC (permalink / raw)
To: Sergiy Kibrik, xen-devel; +Cc: Ian Jackson, Wei Liu
Hi,
On 26/05/2021 10:31, Sergiy Kibrik wrote:
> Hi Julien,
>
>>
>> From the man:
>>
>> VERSIONS
>> getrandom() was introduced in version 3.17 of the Linux kernel.
>> Support was added to glibc in version 2.25.
>>
>> If I am not mistaken glibc 2.25 was released in 2017. Also, the call was only
>> introduced in FreeBSD 12.
>>
>> So I think we want to check if getrandom() can be used. We may also want to
>> consider to fallback to read /dev/urandom if the call return ENOSYS.
>>
>
> You mean its availability should be checked both at build and runtime?
Correct. You can have a libc suporting getrandom() but a kernel that
doesn't provide the syscall.
Cheers,
--
Julien Grall
^ permalink raw reply [flat|nested] 5+ messages in thread
* RE: [XEN PATCH v1] libxl: use getrandom() syscall for random data extraction
2021-05-26 16:17 ` Julien Grall
@ 2021-05-26 18:41 ` Sergiy Kibrik
0 siblings, 0 replies; 5+ messages in thread
From: Sergiy Kibrik @ 2021-05-26 18:41 UTC (permalink / raw)
To: Julien Grall, xen-devel; +Cc: Ian Jackson, Wei Liu
> > You mean its availability should be checked both at build and runtime?
>
> Correct. You can have a libc suporting getrandom() but a kernel that doesn't
> provide the syscall.
>
Agree, I shall check this.
-Sergiy
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-05-26 18:41 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-24 8:58 [XEN PATCH v1] libxl: use getrandom() syscall for random data extraction Sergiy Kibrik
2021-05-24 12:54 ` Julien Grall
2021-05-26 9:31 ` Sergiy Kibrik
2021-05-26 16:17 ` Julien Grall
2021-05-26 18:41 ` Sergiy Kibrik
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.