[PATCH v2] malloc: Fix clobbered errno when getrandom failed [BZ #29624]

public inbox for libc-alpha@sourceware.org
 help / color / mirror / Atom feed

* [PATCH v2] malloc: Fix clobbered errno when getrandom failed [BZ #29624]
@ 2022-09-29 11:13 Yu Chien Peter Lin
  2022-09-29 11:39 ` Adhemerval Zanella Netto
  0 siblings, 1 reply; 4+ messages in thread
From: Yu Chien Peter Lin @ 2022-09-29 11:13 UTC (permalink / raw)
  To: libc-alpha; +Cc: alankao, ycliang, fw, dylan, Yu Chien Peter Lin

Save and restore errno when getrandom failed. On failure it will result
in errno clobbered at statically linked program startup. This scenario
is possible if getrandom is called by tcache_key_initialize when crng is
not ready thus EAGAIN is returned.

Fixes bug 29624.

Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com>
---
 malloc/malloc.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/malloc/malloc.c b/malloc/malloc.c
index 953183e956..823d454c99 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -3133,9 +3133,11 @@ static uintptr_t tcache_key;
 static void
 tcache_key_initialize (void)
 {
+  int saved_errno = errno;
   if (__getrandom_nocancel (&tcache_key, sizeof(tcache_key), GRND_NONBLOCK)
       != sizeof (tcache_key))
     {
+      __set_errno(saved_errno);
       tcache_key = random_bits ();
 #if __WORDSIZE == 64
       tcache_key = (tcache_key << 32) | random_bits ();
-- 
2.34.1


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH v2] malloc: Fix clobbered errno when getrandom failed [BZ #29624]
  2022-09-29 11:13 [PATCH v2] malloc: Fix clobbered errno when getrandom failed [BZ #29624] Yu Chien Peter Lin
@ 2022-09-29 11:39 ` Adhemerval Zanella Netto
  2022-09-29 13:31   ` Florian Weimer
  0 siblings, 1 reply; 4+ messages in thread
From: Adhemerval Zanella Netto @ 2022-09-29 11:39 UTC (permalink / raw)
  To: Yu Chien Peter Lin, libc-alpha; +Cc: fw, ycliang, dylan, alankao



On 29/09/22 08:13, Yu Chien Peter Lin wrote:
> Save and restore errno when getrandom failed. On failure it will result
> in errno clobbered at statically linked program startup. This scenario
> is possible if getrandom is called by tcache_key_initialize when crng is
> not ready thus EAGAIN is returned.
> 
> Fixes bug 29624.
> 
> Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com>
> ---
>  malloc/malloc.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/malloc/malloc.c b/malloc/malloc.c
> index 953183e956..823d454c99 100644
> --- a/malloc/malloc.c
> +++ b/malloc/malloc.c
> @@ -3133,9 +3133,11 @@ static uintptr_t tcache_key;
>  static void
>  tcache_key_initialize (void)
>  {
> +  int saved_errno = errno;
>    if (__getrandom_nocancel (&tcache_key, sizeof(tcache_key), GRND_NONBLOCK)
>        != sizeof (tcache_key))
>      {
> +      __set_errno(saved_errno);
>        tcache_key = random_bits ();
>  #if __WORDSIZE == 64
>        tcache_key = (tcache_key << 32) | random_bits ();

I think it would be better to just use INTERNAL_SYSCALL now that we have all
architecture to return a negative value in case of error:

diff --git a/stdlib/arc4random.c b/stdlib/arc4random.c
index e417ef624d..20886e0445 100644
--- a/stdlib/arc4random.c
+++ b/stdlib/arc4random.c
@@ -34,7 +34,7 @@ void
 __arc4random_buf (void *p, size_t n)
 {
   static int seen_initialized;
-  size_t l;
+  int l;
   int fd;

   if (n == 0)
@@ -51,7 +51,7 @@ __arc4random_buf (void *p, size_t n)
          n -= l;
          continue; /* Interrupted by a signal; keep going.  */
        }
-      else if (l < 0 && errno == ENOSYS)
+      else if (l < 0 && l == -ENOSYS)
        break; /* No syscall, so fallback to /dev/urandom.  */
       arc4random_getrandom_failure ();
     }
diff --git a/sysdeps/unix/sysv/linux/not-cancel.h b/sysdeps/unix/sysv/linux/not-cancel.h
index a263d294b1..00ab75a405 100644
--- a/sysdeps/unix/sysv/linux/not-cancel.h
+++ b/sysdeps/unix/sysv/linux/not-cancel.h
@@ -71,7 +71,7 @@ __writev_nocancel_nostatus (int fd, const struct iovec *iov, int iovcnt)
 static inline int
 __getrandom_nocancel (void *buf, size_t buflen, unsigned int flags)
 {
-  return INLINE_SYSCALL_CALL (getrandom, buf, buflen, flags);
+  return INTERNAL_SYSCALL_CALL (getrandom, buf, buflen, flags);
 }

 static inline int

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH v2] malloc: Fix clobbered errno when getrandom failed [BZ #29624]
  2022-09-29 11:39 ` Adhemerval Zanella Netto
@ 2022-09-29 13:31   ` Florian Weimer
  2022-09-29 13:51     ` Adhemerval Zanella Netto
  0 siblings, 1 reply; 4+ messages in thread
From: Florian Weimer @ 2022-09-29 13:31 UTC (permalink / raw)
  To: Adhemerval Zanella Netto
  Cc: Yu Chien Peter Lin, libc-alpha, ycliang, dylan, alankao

* Adhemerval Zanella Netto:

> diff --git a/sysdeps/unix/sysv/linux/not-cancel.h b/sysdeps/unix/sysv/linux/not-cancel.h
> index a263d294b1..00ab75a405 100644
> --- a/sysdeps/unix/sysv/linux/not-cancel.h
> +++ b/sysdeps/unix/sysv/linux/not-cancel.h
> @@ -71,7 +71,7 @@ __writev_nocancel_nostatus (int fd, const struct iovec *iov, int iovcnt)
>  static inline int
>  __getrandom_nocancel (void *buf, size_t buflen, unsigned int flags)
>  {
> -  return INLINE_SYSCALL_CALL (getrandom, buf, buflen, flags);
> +  return INTERNAL_SYSCALL_CALL (getrandom, buf, buflen, flags);
>  }
>
>  static inline int

Doesn't this need a matching change to sysdeps/mach/hurd/not-cancel.h?

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH v2] malloc: Fix clobbered errno when getrandom failed [BZ #29624]
  2022-09-29 13:31   ` Florian Weimer
@ 2022-09-29 13:51     ` Adhemerval Zanella Netto
  0 siblings, 0 replies; 4+ messages in thread
From: Adhemerval Zanella Netto @ 2022-09-29 13:51 UTC (permalink / raw)
  To: Florian Weimer; +Cc: Yu Chien Peter Lin, libc-alpha, ycliang, dylan, alankao



On 29/09/22 10:31, Florian Weimer wrote:
> * Adhemerval Zanella Netto:
> 
>> diff --git a/sysdeps/unix/sysv/linux/not-cancel.h b/sysdeps/unix/sysv/linux/not-cancel.h
>> index a263d294b1..00ab75a405 100644
>> --- a/sysdeps/unix/sysv/linux/not-cancel.h
>> +++ b/sysdeps/unix/sysv/linux/not-cancel.h
>> @@ -71,7 +71,7 @@ __writev_nocancel_nostatus (int fd, const struct iovec *iov, int iovcnt)
>>  static inline int
>>  __getrandom_nocancel (void *buf, size_t buflen, unsigned int flags)
>>  {
>> -  return INLINE_SYSCALL_CALL (getrandom, buf, buflen, flags);
>> +  return INTERNAL_SYSCALL_CALL (getrandom, buf, buflen, flags);
>>  }
>>
>>  static inline int
> 
> Doesn't this need a matching change to sysdeps/mach/hurd/not-cancel.h?

Yeah, it will to make __arc4random_buf use the /dev/random fallback. 

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2022-09-29 13:51 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-09-29 11:13 [PATCH v2] malloc: Fix clobbered errno when getrandom failed [BZ #29624] Yu Chien Peter Lin
2022-09-29 11:39 ` Adhemerval Zanella Netto
2022-09-29 13:31   ` Florian Weimer
2022-09-29 13:51     ` Adhemerval Zanella Netto

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).