From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-vk1-xa35.google.com (mail-vk1-xa35.google.com [IPv6:2607:f8b0:4864:20::a35]) by sourceware.org (Postfix) with ESMTPS id B83C33858D3C for ; Thu, 29 Sep 2022 11:39:29 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org B83C33858D3C Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org Received: by mail-vk1-xa35.google.com with SMTP id s12so501563vkn.11 for ; Thu, 29 Sep 2022 04:39:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=content-transfer-encoding:in-reply-to:organization:from:references :cc:to:content-language:subject:user-agent:mime-version:date :message-id:from:to:cc:subject:date; bh=z5iHtDSi9ajpwNUJTAxh4PNSDDfeJd+Uw3XUbXGSD1Y=; b=MvVJO8ZXX07ojlV2hBUjNBJaIRUs2sq8uv40OFKP4QR/XR3NPAIxr324Bw6qTR2lbc BRniFI1EECfjGi+3q2mVmZgJtkX4j8pxPaUEJv9D2eMX39ZGnMNj5UPbXcg5e3qzNlJH lk5UfmcnMkK5tK2LmkEPAIWGpWEBUxTczI+yN+hnFtuWr4wZi2U/y1ArxqDOFVrk+/Gc OCOycxN8u8bIWcS/lOPSXrDhSOUeYMlOTvYTtOQnhq9xREL49mzTS4VBD8TRmv9bDCex HiDVfu1bTwYqczbMSP6N11G5unWzakTR4ItnO73Ej469E34Tg8QxUP1lF85mN2Hv/V5K MCKA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:in-reply-to:organization:from:references :cc:to:content-language:subject:user-agent:mime-version:date :message-id:x-gm-message-state:from:to:cc:subject:date; bh=z5iHtDSi9ajpwNUJTAxh4PNSDDfeJd+Uw3XUbXGSD1Y=; b=HfIIZN2vF0rDoi4Vu7R6TQji4Up+q/ZqYb49CluX81ZYGdI7Qc7GSadp5ctZI4enZk 8wBvnoJyxpxcxZP9/vyrScOzN3ueFOyifKflIUrvcKCpcAW3EyeLHyuL5qLfGOF1kX86 8fBFbiFfdBLJ/dSzbd7QvM4+wW6SGwquT6qIB5Yn3AIDwCrt4gj9xCAw5nM05hQz0Ty5 vdP+XkMcDbDuhrNSt70H2eufuKqSpXFdYABeYwndgr/BG0UBQrkOQNtLSO+zvdluDe8I VQ2bt9KsjU2x2GesfSLLDTL1QPuLGHN3ZsoyaNSPE6BoIQlrCkWq562tOAHclVWrXgeo P5jA== X-Gm-Message-State: ACrzQf1gtW/e4oQ0TrlqzoBVweuDiYPF5z7cGm/yBZSd8EumkM8fx0hI L+VvrGaU5C4uHV4LWeTU2TqxdPracnBfRtDp X-Google-Smtp-Source: AMsMyM44Vf+Olzfs8ELeZzxgHpnT4c9kCp3J4mvOUk9H5enY3r0HYyJwQeTFHN/NMn+7XwrZYRB1Tg== X-Received: by 2002:a1f:454a:0:b0:39e:d250:ede1 with SMTP id s71-20020a1f454a000000b0039ed250ede1mr1055046vka.30.1664451569003; Thu, 29 Sep 2022 04:39:29 -0700 (PDT) Received: from ?IPV6:2804:1b3:a7c2:3736:1cf0:b6ef:db77:c498? ([2804:1b3:a7c2:3736:1cf0:b6ef:db77:c498]) by smtp.gmail.com with ESMTPSA id q2-20020a1f5c02000000b0039eb0da4dcasm1582464vkb.1.2022.09.29.04.39.27 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 29 Sep 2022 04:39:28 -0700 (PDT) Message-ID: Date: Thu, 29 Sep 2022 08:39:25 -0300 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.3.0 Subject: Re: [PATCH v2] malloc: Fix clobbered errno when getrandom failed [BZ #29624] Content-Language: en-US To: Yu Chien Peter Lin , libc-alpha@sourceware.org Cc: fw@deneb.enyo.de, ycliang@andestech.com, dylan@andestech.com, alankao@andestech.com References: <20220929111323.12670-1-peterlin@andestech.com> From: Adhemerval Zanella Netto Organization: Linaro In-Reply-To: <20220929111323.12670-1-peterlin@andestech.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-15.5 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,GIT_PATCH_0,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On 29/09/22 08:13, Yu Chien Peter Lin wrote: > Save and restore errno when getrandom failed. On failure it will result > in errno clobbered at statically linked program startup. This scenario > is possible if getrandom is called by tcache_key_initialize when crng is > not ready thus EAGAIN is returned. > > Fixes bug 29624. > > Signed-off-by: Yu Chien Peter Lin > --- > malloc/malloc.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/malloc/malloc.c b/malloc/malloc.c > index 953183e956..823d454c99 100644 > --- a/malloc/malloc.c > +++ b/malloc/malloc.c > @@ -3133,9 +3133,11 @@ static uintptr_t tcache_key; > static void > tcache_key_initialize (void) > { > + int saved_errno = errno; > if (__getrandom_nocancel (&tcache_key, sizeof(tcache_key), GRND_NONBLOCK) > != sizeof (tcache_key)) > { > + __set_errno(saved_errno); > tcache_key = random_bits (); > #if __WORDSIZE == 64 > tcache_key = (tcache_key << 32) | random_bits (); I think it would be better to just use INTERNAL_SYSCALL now that we have all architecture to return a negative value in case of error: diff --git a/stdlib/arc4random.c b/stdlib/arc4random.c index e417ef624d..20886e0445 100644 --- a/stdlib/arc4random.c +++ b/stdlib/arc4random.c @@ -34,7 +34,7 @@ void __arc4random_buf (void *p, size_t n) { static int seen_initialized; - size_t l; + int l; int fd; if (n == 0) @@ -51,7 +51,7 @@ __arc4random_buf (void *p, size_t n) n -= l; continue; /* Interrupted by a signal; keep going. */ } - else if (l < 0 && errno == ENOSYS) + else if (l < 0 && l == -ENOSYS) break; /* No syscall, so fallback to /dev/urandom. */ arc4random_getrandom_failure (); } diff --git a/sysdeps/unix/sysv/linux/not-cancel.h b/sysdeps/unix/sysv/linux/not-cancel.h index a263d294b1..00ab75a405 100644 --- a/sysdeps/unix/sysv/linux/not-cancel.h +++ b/sysdeps/unix/sysv/linux/not-cancel.h @@ -71,7 +71,7 @@ __writev_nocancel_nostatus (int fd, const struct iovec *iov, int iovcnt) static inline int __getrandom_nocancel (void *buf, size_t buflen, unsigned int flags) { - return INLINE_SYSCALL_CALL (getrandom, buf, buflen, flags); + return INTERNAL_SYSCALL_CALL (getrandom, buf, buflen, flags); } static inline int