abort in srandomdev if kern.arandom sysctl fails
ClosedPublic
Actions

Authored by emaste on Oct 3 2016, 1:44 PM.

Details

Reviewers

Summary

The sysctl cannot fail. If it does fail on some FreeBSD derivative or after some future change, just abort() so that the problem will be found and fixed.

While abort() is not normally suitable for a library, it makes sense here.

This is akin to D8077 for arc4random.

Diff Detail

Lint

Lint Skipped

Unit

Tests Skipped

Event Timeline

emaste updated this revision to Diff 20964.Oct 3 2016, 1:44 PM

emaste retitled this revision from to abort in srandomdev if kern.arandom sysctl fails.

emaste updated this object.

emaste edited the test plan for this revision. (Show Details)

emaste added reviewers: jonathan, ed.

emaste mentioned this in D1345: Capsicum support for jot(1).

ed accepted this revision.Oct 3 2016, 4:50 PM

ed edited edge metadata.

This revision is now accepted and ready to land.Oct 3 2016, 4:50 PM

Looks like a good idea to me. Perhaps it's worthy of a comment explaining why we use abort() within a library? It could contain the same text as at the top of this review, but it might be a slightly surprising thing to discover if you haven't been party to the review.

emaste mentioned this in rS307148: Add comment on use of abort() in libc.Oct 12 2016, 1:56 PM

ed removed a reviewer: ed.Nov 21 2017, 9:44 PM