Skip to content



Getrandom - Retrieves randomness from the kernel entropy pool


The getrandom() system call returns up to buflen bytes of randomness from the kernel entropy pool into the buffer pointed to by buf. The returned value is internally generated.

This function has the advantage of providing a cryptographically secure source of randomness as it is based on an entropy pool of randomness that is maintained in the kernel. It is also faster than other random number generation functions as it does not have to perform any computationally intensive calculations.

There are some potential drawbacks to using the getrandom() system call such as potential race conditions, where two or more processes are using the same getrandom() system call and may end up getting the same data in the same buffer. This means that the data returned by getrandom() can potentially be compromised. Additionally, the getrandom() system call will return an error instead of waiting for enough entropy to become available, so if it is called in a situation where there is not enough entropy available it will fail.


  • buf:void*[K] - Pointer to the buffer which will hold the random data.
  • buflen:size_t[K] - Size of the buffer pointed to by buf, in bytes.
  • flags:unsigned int[K] - If flags is set to 0, getrandom() will not return until it has retrieved the requested amount of data. If flags is set to GRND_NONBLOCK, getrandom() will return instantly, with the actual amount of retrieved data stored in the buffer pointed to by buf. If there is not enough entropy available immediately, getrandom will return -1 with errno set to EAGAIN.

Available Tags

  • K - Originated from kernel-space.




Kprobes + Kretprobes


To monitor the results of the getrandom() system call and log any attempts to retrieve random data from the kernel entropy pool.

Example Use Case

This is often used for cryptographic operations, or when developers need a secure source of randomness for their application.


The getrandom() system call does not guarantee that the randomness returned will be unique as there is a potential for race conditions during execution. Additionally, there may not be enough entropy available when the call is made, so it is important to check that enough entropy is available before the call is made.

  • getentropy() - similar system call - but with different parameters.

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.