On Mon, Jan 09, 2023 at 08:28:58AM -0600, Linus Torvalds wrote: > On Mon, Jan 9, 2023 at 4:34 AM Florian Weimer <fweimer@xxxxxxxxxx> wrote: > > > > We did these changes on the glibc side because Jason sounded very > > confident that he's able to deliver vDSO acceleration for getrandom. If > > that fails to materialize, we'll just have to add back userspace > > buffering in glibc. > > My whole argument has been that user-space buffering is the sane thing > to do. Most definitely for something like glibc. > > The number of people who go "oh, no, my buffer or randomness could be > exposed by insert-odd-situation-here" is approximately zero, and then > the onus should be on *them* to do something special. > > Because *they* are special. Precious little snowflake special. > > Linus How would userspace decide when to reseed its CRNGs, then? IMO, the main benefit of the VDSO getrandom over a traditional userspace CRNG is that it makes reseeds of the kernel's CRNG take effect immediately. See the cover letter, where Jason explains this. It's definitely important to make the memory used by userspace CRNGs have appropriate semantics, but my understanding is that's not the main point. - Eric
