This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH v7] getrandom system call wrapper [BZ #17252]

From: Zack Weinberg <zackw at panix dot com>
To: Florian Weimer <fweimer at redhat dot com>
Cc: GNU C Library <libc-alpha at sourceware dot org>
Date: Wed, 16 Nov 2016 11:41:29 -0500
Subject: Re: [PATCH v7] getrandom system call wrapper [BZ #17252]
Authentication-results: sourceware.org; auth=none
References: <3dd5d3b8-c196-98fb-1671-90cd90ab90c7@redhat.com> <244f578c-889a-a4cf-c686-bb2a5e49cca1@panix.com> <d14e4419-c1e5-ac38-9caa-688481a26464@redhat.com> <2d175242-1a82-9410-d01e-682ab4d9081e@panix.com> <c30852c5-9a52-83ea-4af1-310f97febccd@redhat.com>

On Wed, Nov 16, 2016 at 10:52 AM, Florian Weimer <fweimer@redhat.com> wrote:
> On 11/16/2016 04:20 PM, Zack Weinberg wrote:
>> I am seriously considering escalating my disagreement here to a
>> formal objection.  I would like to know why you think it is
>> NECESSARY - not merely convenient or consistent with other stuff -
>> for this function to be a cancellation point.
>
> It's necessary if you ever want to cancel a hanging getrandom in a
> context where you cannot install a signal handler (so that you can
> trigger EINTR when getrandom is stuck).

That only pushes the question back a level.  When would it ever be
necessary to do that?  Be as concrete as you possibly can.  Actual
code from a real program, if possible.

> I really don't understand why cancellation points are widely
> considered as evil.  Most code does not use cancellation in a
> correct way, and it will not improve if we simply stop adding new
> cancellation points.

I would argue that most code does not use cancellation correctly in
large part _because_ the set of cancellation points is so large and
amorphous.  It is the same problem that people have with exceptions in
C++; because practically everything you might do exposes you to
cancellation, it's so difficult to know how to write cancel-safe code
that people just apply the big hammer of not using it at all.  Another
useful example is multithreading versus coroutines with explicit yield
points---the latter can be less efficient and/or more verbose, but
it's so much easier to debug that it's worth it.

There's not a lot we can do about the cancellation-point set in POSIX
being so large, but we can at least not make things worse, by not
adding additional cancellation points.

> at least in library code, it is impossible to introduce cancellation
> into a system call where the wrapper does not support it (because
> you cannot fake your own version of cancellation with a do-nothing
> signal handler).

>From the perspective that as few operations as possible should be
cancellation points, this is a Good Thing.  And I don't see why it
would be a problem for getrandom in particular.

zw

Follow-Ups:
- Re: [PATCH v7] getrandom system call wrapper [BZ #17252]
  - From: Florian Weimer

References:
- [PATCH v7] getrandom system call wrapper [BZ #17252]
  - From: Florian Weimer
- Re: [PATCH v7] getrandom system call wrapper [BZ #17252]
  - From: Zack Weinberg
- Re: [PATCH v7] getrandom system call wrapper [BZ #17252]
  - From: Florian Weimer
- Re: [PATCH v7] getrandom system call wrapper [BZ #17252]
  - From: Zack Weinberg
- Re: [PATCH v7] getrandom system call wrapper [BZ #17252]
  - From: Florian Weimer

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]