[Bug libc/17252] New: getrandom and getentropy syscall

[Bug libc/17252] New: getrandom and getentropy syscall

[crrodriguez at opensuse dot org]

https://sourceware.org/bugzilla/show_bug.cgi?id=17252

            Bug ID: 17252
           Summary: getrandom and getentropy syscall
           Product: glibc
           Version: unspecified
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: libc
          Assignee: unassigned at sourceware dot org
          Reporter: crrodriguez at opensuse dot org
                CC: drepper.fsp at gmail dot com

Hi:

Recently a getrandom() system call was added to the linux kernel

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c6e9d6f38894798696f23c8084ca7edbf16ee895

Please add the relevant system call wrappers to glibc under _GNU_SOURCE guard
and a getentropy() wrapper under _BSD_SOURCE for compatibility.

Ideally, if the system call is not found in the running kernel, fallback to
emulation by reading /dev/urandom in the default case or /dev/random if 
GRND_RANDOM is used.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug libc/17252] getrandom and getentropy syscall

[joseph at codesourcery dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=17252

--- Comment #1 from joseph at codesourcery dot com <joseph at codesourcery dot com> ---
If you wish to propose a new API for glibc, please make the proposal on 
libc-alpha, taking an active lead in driving the discussion to consensus.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug libc/17252] getrandom and getentropy syscall

[fweimer at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=17252

Florian Weimer <fweimer at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |fweimer at redhat dot com
              Flags|                            |security-

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug libc/17252] getrandom and getentropy syscall

[fweimer at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=17252

--- Comment #2 from Florian Weimer <fweimer at redhat dot com> ---
(In reply to Cristian Rodríguez from comment #0)
> Ideally, if the system call is not found in the running kernel, fallback to
> emulation by reading /dev/urandom in the default case or /dev/random if 
> GRND_RANDOM is used.

If GRND_NONBLOCK is not set and the buffer is proper, the system call cannot
fail.  It is impossible to achieve that with emulation.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
>From glibc-bugs-return-25986-listarch-glibc-bugs=sources.redhat.com@sourceware.org Sat Aug 16 22:19:28 2014
Return-Path: <glibc-bugs-return-25986-listarch-glibc-bugs=sources.redhat.com@sourceware.org>
Delivered-To: listarch-glibc-bugs@sources.redhat.com
Received: (qmail 11857 invoked by alias); 16 Aug 2014 22:19:28 -0000
Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <glibc-bugs.sourceware.org>
List-Subscribe: <mailto:glibc-bugs-subscribe@sourceware.org>
List-Post: <mailto:glibc-bugs@sourceware.org>
List-Help: <mailto:glibc-bugs-help@sourceware.org>, <http://sourceware.org/lists.html#faqs>
Sender: glibc-bugs-owner@sourceware.org
Delivered-To: mailing list glibc-bugs@sourceware.org
Received: (qmail 11812 invoked by uid 48); 16 Aug 2014 22:19:23 -0000
From: "bugdal at aerifal dot cx" <sourceware-bugzilla@sourceware.org>
To: glibc-bugs@sourceware.org
Subject: [Bug nptl/13165] pthread_cond_wait() can consume a signal that was sent before it started waiting
Date: Sat, 16 Aug 2014 22:19:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: glibc
X-Bugzilla-Component: nptl
X-Bugzilla-Version: 2.14
X-Bugzilla-Keywords:
X-Bugzilla-Severity: normal
X-Bugzilla-Who: bugdal at aerifal dot cx
X-Bugzilla-Status: ASSIGNED
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: triegel at redhat dot com
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: security-
X-Bugzilla-Changed-Fields:
Message-ID: <bug-13165-131-2qZOKapRcv@http.sourceware.org/bugzilla/>
In-Reply-To: <bug-13165-131@http.sourceware.org/bugzilla/>
References: <bug-13165-131@http.sourceware.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: http://sourceware.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-SW-Source: 2014-08/txt/msg00069.txt.bz2
Content-length: 879

https://sourceware.org/bugzilla/show_bug.cgi?id\x13165

--- Comment #38 from Rich Felker <bugdal at aerifal dot cx> ---
I just read the source for pthread_cond_wait and the cause of the bug is
obvious: the mutex is being unlocked before the current thread acquires the
internal lock in the cond var and adds itself as a waiter. Simply moving the
mutex unlock to somewhere after this point (e.g. right before the futex wait
loop) should fix the problem. This is necessary to meet the requirement that
formally becoming a waiter is atomic with unlocking of the mutex, rather than
happening at some time after unlocking the mutex with a race window in between.

If someone else could test this fix, I would appreciate it since I don't have
an environment setup for building and testing new glibc builds.

--
You are receiving this mail because:
You are on the CC list for the bug.

[Bug libc/17252] getrandom and getentropy syscall

[alex.gaynor at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=17252

Alex Gaynor <alex.gaynor at gmail dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |alex.gaynor at gmail dot com

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug libc/17252] getrandom and getentropy syscall

[victor.stinner at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=17252

Victor Stinner <victor.stinner at gmail dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |victor.stinner at gmail dot com

--- Comment #3 from Victor Stinner <victor.stinner at gmail dot com> ---
Any progress on this issue? I would be interested to use it in Python to avoid
issues with the /dev/urandom file descriptor:
http://bugs.python.org/issue22181

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug libc/17252] getrandom and getentropy syscall

[crrodriguez at opensuse dot org]

https://sourceware.org/bugzilla/show_bug.cgi?id=17252

--- Comment #4 from Cristian Rodríguez <crrodriguez at opensuse dot org> ---
(In reply to Victor Stinner from comment #3)
> Any progress on this issue? I would be interested to use it in Python to
> avoid issues with the /dev/urandom file descriptor:
> http://bugs.python.org/issue22181

use the syscall() interface for now.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
>From glibc-bugs-return-27610-listarch-glibc-bugs=sources.redhat.com@sourceware.org Tue Feb 24 15:38:34 2015
Return-Path: <glibc-bugs-return-27610-listarch-glibc-bugs=sources.redhat.com@sourceware.org>
Delivered-To: listarch-glibc-bugs@sources.redhat.com
Received: (qmail 95606 invoked by alias); 24 Feb 2015 15:38:34 -0000
Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <glibc-bugs.sourceware.org>
List-Subscribe: <mailto:glibc-bugs-subscribe@sourceware.org>
List-Post: <mailto:glibc-bugs@sourceware.org>
List-Help: <mailto:glibc-bugs-help@sourceware.org>, <http://sourceware.org/lists.html#faqs>
Sender: glibc-bugs-owner@sourceware.org
Delivered-To: mailing list glibc-bugs@sourceware.org
Received: (qmail 95562 invoked by uid 48); 24 Feb 2015 15:38:30 -0000
From: "fweimer at redhat dot com" <sourceware-bugzilla@sourceware.org>
To: glibc-bugs@sourceware.org
Subject: [Bug network/14889] svc_run() produces high cpu usage when accept() fails with EMFILE (CVE-2011-4609)
Date: Tue, 24 Feb 2015 15:38:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: glibc
X-Bugzilla-Component: network
X-Bugzilla-Version: 2.17
X-Bugzilla-Keywords:
X-Bugzilla-Severity: normal
X-Bugzilla-Who: fweimer at redhat dot com
X-Bugzilla-Status: RESOLVED
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: unassigned at sourceware dot org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: security+
X-Bugzilla-Changed-Fields: short_desc alias
Message-ID: <bug-14889-131-Rlu5c5GpN9@http.sourceware.org/bugzilla/>
In-Reply-To: <bug-14889-131@http.sourceware.org/bugzilla/>
References: <bug-14889-131@http.sourceware.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: http://sourceware.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-SW-Source: 2015-02/txt/msg00345.txt.bz2
Content-length: 661

https://sourceware.org/bugzilla/show_bug.cgi?id\x14889

Florian Weimer <fweimer at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|CVE-2011-4609 svc_run()     |svc_run() produces high cpu
                   |produces high cpu usage     |usage when accept() fails
                   |when accept() fails with    |with EMFILE (CVE-2011-4609)
                   |EMFILE                      |
              Alias|                            |CVE-2011-4609

--
You are receiving this mail because:
You are on the CC list for the bug.

[Bug libc/17252] getrandom and getentropy syscall

[nmav at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=17252

Nikos Mavrogiannopoulos <nmav at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |nmav at redhat dot com

--- Comment #6 from Nikos Mavrogiannopoulos <nmav at redhat dot com> ---
There is a very long and interesting discussion at the thread above that is
very high level, but there is nothing to the point for this API. At the moment
the Linux kernel offers a new system call getrandom() which solves several
problems of /dev/urandom approach (see [0] for some affecting gnutls), but
userspace cannot access it in reasonable way. syscall() is not a reasonable
way.

To clarify; until now userspace is using autoconf macros to detect
capabilities, e.g., a function in libc, libwhatever. With the approach of
having useful kernel calls which don't map to libc we are unfortunately
breaking this detection and forcing them to do some compile/runtime detection
of system calls(?). That's pretty ugly.

My suggestion would be for glibc to duplicate the OpenBSD API [1], and not
provide any API for kernels without this capability (you can't duplicate these
semantics). The whole reason, for this system call is that the semantics of
/dev/urandom were too unreliable to simulate a getrandom() function.
Nevertheless, I wouldn't object in any other solution which brings the system
call.

I just believe that this system call to is too good to ignore for so long.

[0]. https://bugzilla.redhat.com/show_bug.cgi?id=1253474
[1].
http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/getentropy.2?query=getentropy&sec=2

-- 
You are receiving this mail because:
You are on the CC list for the bug.