The patch resets errno when getrandom syscall failed, which will result in errno clobbered at statically linked program startup. This scenario is possible if getrandom is called by tcache_key_initialize when crng is not ready thus EAGAIN is returned. Fixes bug 29624. Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com> --- malloc/malloc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/malloc/malloc.c b/malloc/malloc.c index 953183e956..21f2bf5431 100644 --- a/malloc/malloc.c +++ b/malloc/malloc.c @@ -3140,6 +3140,7 @@ tcache_key_initialize (void) #if __WORDSIZE == 64 tcache_key = (tcache_key << 32) | random_bits (); #endif + __set_errno(0); } } -- 2.34.1
* Yu Chien Peter Lin:
> The patch resets errno when getrandom syscall failed, which will
> result in errno clobbered at statically linked program startup. This
> scenario is possible if getrandom is called by tcache_key_initialize
> when crng is not ready thus EAGAIN is returned.
>
> Fixes bug 29624.
>
> Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com>
> ---
> malloc/malloc.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/malloc/malloc.c b/malloc/malloc.c
> index 953183e956..21f2bf5431 100644
> --- a/malloc/malloc.c
> +++ b/malloc/malloc.c
> @@ -3140,6 +3140,7 @@ tcache_key_initialize (void)
> #if __WORDSIZE == 64
> tcache_key = (tcache_key << 32) | random_bits ();
> #endif
> + __set_errno(0);
> }
> }
Sorry, this is wrong for the dynamically linked case because we do not
call malloc before calling the main function. The first call to
malloc will set errno to 0, which is observable by the application in
this case. And such errno-setting behavior is not permitted by POSIX.
You need to save and restore errno instead.
Hi, Also note the getrandom syscall is redundant since random_bits uses clock_gettime. There is no need for a cryptographic random number here, so the syscall can be removed. And in places where we do want to use getrandom, it makes sense to wrap the syscall so that we avoid introducing this bug in more places. Cheers, Wilco
On 29/09/22 09:42, Wilco Dijkstra via Libc-alpha wrote: > Hi, > > Also note the getrandom syscall is redundant since random_bits uses > clock_gettime. There is no need for a cryptographic random number here, > so the syscall can be removed. It will be a syscall on some architecture anyway (although very unlikely to fail). But I agree it make sense to use random_bits here. > > And in places where we do want to use getrandom, it makes sense to > wrap the syscall so that we avoid introducing this bug in more places. Yeah, I will send a patch to fix both issues.