svn commit: r331279 - in head: include lib/libc/gen lib/libc/sys lib/libc/tests/gen sys/compat/freebsd32 sys/conf sys/kern sys/sys tests/sys/kern usr.bin/truss

[Xin LI]

On Wed, Mar 21, 2018 at 8:37 AM Conrad Meyer <cem at freebsd.org> wrote:

> On Wed, Mar 21, 2018 at 8:23 AM, Konstantin Belousov
> <kostikbel at gmail.com> wrote:
> > On Wed, Mar 21, 2018 at 08:03:16AM -0700, Conrad Meyer wrote:
> >> On Wed, Mar 21, 2018 at 3:33 AM, Konstantin Belousov
> >> > Libraries must not abort the application.
> >> > Esp. libc.
> >>
> >> What do you propose instead?  while (1); ?  I don't see that as
> >> obviously better.
> >
> > Return the error to caller, as all, well most, correct library functions
> > do.
>
> The abort() in case of ENOSYS was proposed by delphij at .  It is
> intended for users that getentropy() not fail.  Another possible
> fallback is to use the kern.arandom sysctl.  Would this be amenable to
> you?
>

​My proposal was: "Note that ENOSYS should be handled by fallback with
kern.arandom or an explicit abort() should be done.​".

It seems that a more graceful way of doing this should be something like:

if (sysctl({MIB: KERN, ARND}, 2, buf, &buflen_copy, NULL, 0) == -1 ||
buflen_copy != buflen) {
    /*
     * The sysctl cannot fail. If it does fail on some FreeBSD
     * derivative or after some future change, just abort so that
     * the problem will be found and fixed. abort is not normally
     * suitable for a library but makes sense here.
     */
    abort();
}

Like it was done in srandomdev().