Maintained by: NLnet Labs

[Unbound-users] Using the getrandom syscall introduced with kernel 3.17

Brad Smith
Sun Feb 15 23:59:21 CET 2015


On 02/14/15 08:49, Heiner Kallweit wrote:
> compat/getentropy_linux.c tries to read from /dev/urandom and if this
> fails (e.g. because running chroot'ed) it falls back to some more
> or less messy sysctl's. If this also fails (e.g. because the sysctl
> syscall is disabled in the kernel) it has to bail out.
>
> Not only unbound suffers from this problem under Linux, therefore
> with kernel 3.17 a new syscall getrandom was introduced.
> IMHO we should try this option at first.
>
> Works fine here with the latest next kernel and unbound 1.5.1.
> And it also avoids the "using deprecated sysctl .." warning.
>
> --- getentropy_linux.c.orig     2015-02-14 07:46:09.678095830 +0100
> +++ getentropy_linux.c  2015-02-14 10:26:55.353630895 +0100
> @@ -93,6 +93,13 @@
>                  return -1;
>          }
>
> +#ifdef SYS_getrandom
> +       /* try to use getrandom syscall introduced with kernel 3.17 */
> +       ret = syscall(SYS_getrandom, buf, len, 0);
> +       if (ret != -1)
> +               return (ret);
> +#endif /* SYS_getrandom */
> +
>          /*
>           * Try to get entropy with /dev/urandom
>           *

The getentropy() code for Linux within the Unbound tree is old. The
upstream code from the OpenBSD tree has already dealt with using the
new system call 6 months ago. So Wouter just needs to re-sync with
the code from the OpenBSD tree.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.