From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from buffalo.ash.relay.mailchannels.net (buffalo.ash.relay.mailchannels.net [23.83.222.24]) by sourceware.org (Postfix) with ESMTPS id EBE95396E02B for ; Wed, 7 Jul 2021 17:59:06 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org EBE95396E02B X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 53DE4341C03; Wed, 7 Jul 2021 17:59:03 +0000 (UTC) Received: from pdx1-sub0-mail-a24.g.dreamhost.com (100-96-16-89.trex-nlb.outbound.svc.cluster.local [100.96.16.89]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id DB00C341E5B; Wed, 7 Jul 2021 17:59:02 +0000 (UTC) X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from pdx1-sub0-mail-a24.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384) by 100.96.16.89 (trex/6.3.3); Wed, 07 Jul 2021 17:59:03 +0000 X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|siddhesh@gotplt.org X-MailChannels-Auth-Id: dreamhost X-Abaft-Hysterical: 770a84435bcf9c9a_1625680743152_4227773081 X-MC-Loop-Signature: 1625680743152:776158718 X-MC-Ingress-Time: 1625680743152 Received: from pdx1-sub0-mail-a24.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a24.g.dreamhost.com (Postfix) with ESMTP id 9805E8AD25; Wed, 7 Jul 2021 10:59:02 -0700 (PDT) Received: from [192.168.1.137] (unknown [1.186.101.110]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: siddhesh@gotplt.org) by pdx1-sub0-mail-a24.g.dreamhost.com (Postfix) with ESMTPSA id 6E2BF8C177; Wed, 7 Jul 2021 10:58:59 -0700 (PDT) Subject: Re: [PATCH] Harden tcache double-free check To: Adhemerval Zanella , libc-alpha@sourceware.org Cc: fweimer@redhat.com, Eyal Itkin References: <20210707012919.1298612-1-siddhesh@sourceware.org> X-DH-BACKEND: pdx1-sub0-mail-a24 From: Siddhesh Poyarekar Message-ID: Date: Wed, 7 Jul 2021 23:28:54 +0530 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.10.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-3486.8 required=5.0 tests=BAYES_00, JMQ_SPF_NEUTRAL, KAM_DMARC_NONE, KAM_DMARC_STATUS, NICE_REPLY_A, RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_NEUTRAL, TXREP autolearn=no autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Jul 2021 17:59:09 -0000 On 7/7/21 11:05 PM, Adhemerval Zanella via Libc-alpha wrote: > > > On 06/07/2021 22:29, Siddhesh Poyarekar via Libc-alpha wrote: > >> +/* Process-wide key to try and catch a double-free in the same thread. */ >> +static uintptr_t tcache_key; >> + >> +/* The value of tcache_key does not really have to be a cryptographically >> + secure random number. It only needs to be arbitrary enough so that it does >> + not collide with values present in applications, which would be quite rare, >> + about 1 in 2^wordsize. */ >> +static void >> +tcache_key_initialize (void) >> +{ >> + if (__getrandom (&tcache_key, sizeof(tcache_key), GRND_NONBLOCK) >> + != sizeof (tcache_key)) >> + { >> + tcache_key = random_bits (); >> +#if __WORDSIZE == 64 >> + tcache_key = (tcache_key << 32) | random_bits (); >> +#endif > > The other usage for ramdom_bits at sysdeps/posix/tempname.c already uses tempname.c seems to have its own random_bits function (i.e. it just happens to have the same name); it doesn't use the one in random_bits.h AFAICT. All other users of random_bits() use 32-bit. Entropy isn't really a concern in the above use case, it's just a key to avoid collisions. Siddhesh