Discussion:
[Unbound-users] Using the getrandom syscall introduced with kernel 3.17
Heiner Kallweit
2015-02-14 13:49:12 UTC
Permalink
compat/getentropy_linux.c tries to read from /dev/urandom and if this
fails (e.g. because running chroot'ed) it falls back to some more
or less messy sysctl's. If this also fails (e.g. because the sysctl
syscall is disabled in the kernel) it has to bail out.

Not only unbound suffers from this problem under Linux, therefore
with kernel 3.17 a new syscall getrandom was introduced.
IMHO we should try this option at first.

Works fine here with the latest next kernel and unbound 1.5.1.
And it also avoids the "using deprecated sysctl .." warning.

--- getentropy_linux.c.orig 2015-02-14 07:46:09.678095830 +0100
+++ getentropy_linux.c 2015-02-14 10:26:55.353630895 +0100
@@ -93,6 +93,13 @@
return -1;
}

+#ifdef SYS_getrandom
+ /* try to use getrandom syscall introduced with kernel 3.17 */
+ ret = syscall(SYS_getrandom, buf, len, 0);
+ if (ret != -1)
+ return (ret);
+#endif /* SYS_getrandom */
+
/*
* Try to get entropy with /dev/urandom
*
Brad Smith
2015-02-15 22:59:21 UTC
Permalink
Post by Heiner Kallweit
compat/getentropy_linux.c tries to read from /dev/urandom and if this
fails (e.g. because running chroot'ed) it falls back to some more
or less messy sysctl's. If this also fails (e.g. because the sysctl
syscall is disabled in the kernel) it has to bail out.
Not only unbound suffers from this problem under Linux, therefore
with kernel 3.17 a new syscall getrandom was introduced.
IMHO we should try this option at first.
Works fine here with the latest next kernel and unbound 1.5.1.
And it also avoids the "using deprecated sysctl .." warning.
--- getentropy_linux.c.orig 2015-02-14 07:46:09.678095830 +0100
+++ getentropy_linux.c 2015-02-14 10:26:55.353630895 +0100
@@ -93,6 +93,13 @@
return -1;
}
+#ifdef SYS_getrandom
+ /* try to use getrandom syscall introduced with kernel 3.17 */
+ ret = syscall(SYS_getrandom, buf, len, 0);
+ if (ret != -1)
+ return (ret);
+#endif /* SYS_getrandom */
+
/*
* Try to get entropy with /dev/urandom
*
The getentropy() code for Linux within the Unbound tree is old. The
upstream code from the OpenBSD tree has already dealt with using the
new system call 6 months ago. So Wouter just needs to re-sync with
the code from the OpenBSD tree.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Loading...