Simplify libxl__random_bytes() routine by using a newer dedicated syscall.
This allows not only to substantially reduce its footprint, but syscall also
considered to be safer and generally better solution:

https://lwn.net/Articles/606141/

getrandom() available on Linux, FreeBSD and NetBSD.

Signed-off-by: Sergiy Kibrik <Sergiy_Kibrik@epam.com>
---
 tools/libxl/libxl_utils.c | 23 ++++-------------------
 1 file changed, 4 insertions(+), 19 deletions(-)

diff --git a/tools/libxl/libxl_utils.c b/tools/libxl/libxl_utils.c
index b039143b8a..f3e56a4026 100644
--- a/tools/libxl/libxl_utils.c
+++ b/tools/libxl/libxl_utils.c
@@ -16,6 +16,7 @@
 #include "libxl_osdeps.h" /* must come before any other headers */
 
 #include <ctype.h>
+#include <sys/random.h>
 
 #include "libxl_internal.h"
 #include "_paths.h"
@@ -1226,26 +1227,10 @@ void libxl_string_copy(libxl_ctx *ctx, char **dst, char * const*src)
  */
 int libxl__random_bytes(libxl__gc *gc, uint8_t *buf, size_t len)
 {
-    static const char *dev = "/dev/urandom";
-    int fd;
-    int ret;
-
-    fd = open(dev, O_RDONLY);
-    if (fd < 0) {
-        LOGE(ERROR, "failed to open \"%s\"", dev);
+    ssize_t ret = getrandom(buf, len, 0);
+    if (ret != len)
         return ERROR_FAIL;
-    }
-    ret = libxl_fd_set_cloexec(CTX, fd, 1);
-    if (ret) {
-        close(fd);
-        return ERROR_FAIL;
-    }
-
-    ret = libxl_read_exactly(CTX, fd, buf, len, dev, NULL);
-
-    close(fd);
-
-    return ret;
+    return 0;
 }
 
 int libxl__prepare_sockaddr_un(libxl__gc *gc,
-- 
2.25.1

Hi,

On 24/05/2021 09:58, Sergiy Kibrik wrote:
> Simplify libxl__random_bytes() routine by using a newer dedicated syscall.
> This allows not only to substantially reduce its footprint, but syscall also
> considered to be safer and generally better solution:
> 
> https://lwn.net/Articles/606141/
> 
> getrandom() available on Linux, FreeBSD and NetBSD.

 From the man:

VERSIONS
        getrandom() was introduced in version 3.17 of the Linux kernel. 
  Support was added to glibc in version 2.25.

If I am not mistaken glibc 2.25 was released in 2017. Also, the call was 
only introduced in FreeBSD 12.

So I think we want to check if getrandom() can be used. We may also want 
to consider to fallback to read /dev/urandom if the call return ENOSYS.

Cheers,

-- 
Julien Grall

Hi Julien,

> 
>  From the man:
> 
> VERSIONS
>         getrandom() was introduced in version 3.17 of the Linux kernel.
>   Support was added to glibc in version 2.25.
> 
> If I am not mistaken glibc 2.25 was released in 2017. Also, the call was only
> introduced in FreeBSD 12.
> 
> So I think we want to check if getrandom() can be used. We may also want to
> consider to fallback to read /dev/urandom if the call return ENOSYS.
> 

You mean its availability should be checked both at build and runtime?

--
regards,
  Sergiy

Hi,

On 26/05/2021 10:31, Sergiy Kibrik wrote:
> Hi Julien,
> 
>>
>>   From the man:
>>
>> VERSIONS
>>          getrandom() was introduced in version 3.17 of the Linux kernel.
>>    Support was added to glibc in version 2.25.
>>
>> If I am not mistaken glibc 2.25 was released in 2017. Also, the call was only
>> introduced in FreeBSD 12.
>>
>> So I think we want to check if getrandom() can be used. We may also want to
>> consider to fallback to read /dev/urandom if the call return ENOSYS.
>>
> 
> You mean its availability should be checked both at build and runtime?

Correct. You can have a libc suporting getrandom() but a kernel that 
doesn't provide the syscall.

Cheers,

-- 
Julien Grall

> > You mean its availability should be checked both at build and runtime?
> 
> Correct. You can have a libc suporting getrandom() but a kernel that doesn't
> provide the syscall.
> 

Agree, I shall check this.

  -Sergiy