From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from albireo.enyo.de (albireo.enyo.de [37.24.231.21]) by sourceware.org (Postfix) with ESMTPS id E62663858D28 for ; Thu, 29 Sep 2022 10:00:51 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org E62663858D28 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=deneb.enyo.de Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=deneb.enyo.de Received: from [172.17.203.2] (port=35929 helo=deneb.enyo.de) by albireo.enyo.de ([172.17.140.2]) with esmtps (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) id 1odqLY-003GvR-OD; Thu, 29 Sep 2022 10:00:48 +0000 Received: from fw by deneb.enyo.de with local (Exim 4.94.2) (envelope-from ) id 1odqLY-000A1F-Bl; Thu, 29 Sep 2022 12:00:48 +0200 From: Florian Weimer To: Yu Chien Peter Lin Cc: , ycliang@andestech.com, alankao@andestech.com Subject: Re: [PATCH] malloc: Fix clobbered errno when getrandom failed [BZ #29624] References: <20220929083352.11890-1-peterlin@andestech.com> Date: Thu, 29 Sep 2022 12:00:48 +0200 In-Reply-To: <20220929083352.11890-1-peterlin@andestech.com> (Yu Chien Peter Lin's message of "Thu, 29 Sep 2022 16:33:52 +0800") Message-ID: <87tu4q7b5b.fsf@mid.deneb.enyo.de> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Status: No, score=-11.9 required=5.0 tests=BAYES_00,GIT_PATCH_0,KAM_DMARC_STATUS,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: * Yu Chien Peter Lin: > The patch resets errno when getrandom syscall failed, which will > result in errno clobbered at statically linked program startup. This > scenario is possible if getrandom is called by tcache_key_initialize > when crng is not ready thus EAGAIN is returned. > > Fixes bug 29624. > > Signed-off-by: Yu Chien Peter Lin > --- > malloc/malloc.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/malloc/malloc.c b/malloc/malloc.c > index 953183e956..21f2bf5431 100644 > --- a/malloc/malloc.c > +++ b/malloc/malloc.c > @@ -3140,6 +3140,7 @@ tcache_key_initialize (void) > #if __WORDSIZE == 64 > tcache_key = (tcache_key << 32) | random_bits (); > #endif > + __set_errno(0); > } > } Sorry, this is wrong for the dynamically linked case because we do not call malloc before calling the main function. The first call to malloc will set errno to 0, which is observable by the application in this case. And such errno-setting behavior is not permitted by POSIX. You need to save and restore errno instead.