diff options
| author | Florian Weimer <fweimer@redhat.com> | 2024-12-10 16:17:06 +0100 |
|---|---|---|
| committer | Florian Weimer <fweimer@redhat.com> | 2024-12-11 17:49:04 +0100 |
| commit | 4f5704ea347e52ac3f272d1341da10aed6e9973e (patch) | |
| tree | 507d1eee3b2833b08a6dd1bd50d4279e1b531dc3 /sysdeps/unix | |
| parent | b79f25753346a577c9ba0a3dca69bd9d9d72a020 (diff) | |
| download | glibc-4f5704ea347e52ac3f272d1341da10aed6e9973e.zip glibc-4f5704ea347e52ac3f272d1341da10aed6e9973e.tar.gz glibc-4f5704ea347e52ac3f272d1341da10aed6e9973e.tar.bz2 | |
powerpc: Use correct procedure call standard for getrandom vDSO call (bug 32440)
A plain indirect function call does not work on POWER because
success and failure are signaled through a flag register, and
not via the usual Linux negative return value convention.
This has potential security impact, in two ways: the return value
could be out of bounds (EAGAIN is 11 on powerpc6le), and no
random bytes have been written despite the non-error return value.
Fixes commit 461cab1de747f3842f27a5d24977d78d561d45f9 ("linux: Add
support for getrandom vDSO").
Reported-by: Ján Stanček <jstancek@redhat.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Diffstat (limited to 'sysdeps/unix')
| -rw-r--r-- | sysdeps/unix/sysv/linux/getrandom.c | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/sysdeps/unix/sysv/linux/getrandom.c b/sysdeps/unix/sysv/linux/getrandom.c index c8c5782..0dc8fa6 100644 --- a/sysdeps/unix/sysv/linux/getrandom.c +++ b/sysdeps/unix/sysv/linux/getrandom.c @@ -20,6 +20,8 @@ #include <errno.h> #include <unistd.h> #include <sysdep-cancel.h> +#include <sysdep.h> +#include <sysdep-vdso.h> static inline ssize_t getrandom_syscall (void *buffer, size_t length, unsigned int flags, @@ -201,11 +203,12 @@ getrandom_vdso (void *buffer, size_t length, unsigned int flags, bool cancel) cancellation bridge (__syscall_cancel_arch), use GRND_NONBLOCK so there is no potential unbounded blocking in the kernel. It should be a rare situation, only at system startup when RNG is not initialized. */ - ssize_t ret = GLRO (dl_vdso_getrandom) (buffer, - length, - flags | GRND_NONBLOCK, - state, - state_size); + long int ret = INTERNAL_VSYSCALL_CALL (GLRO (dl_vdso_getrandom), 5, + buffer, + length, + flags | GRND_NONBLOCK, + state, + state_size); if (INTERNAL_SYSCALL_ERROR_P (ret)) { /* Fallback to the syscall if the kernel would block. */ @@ -241,7 +244,9 @@ __getrandom_early_init (_Bool initial) uint32_t mmap_flags; uint32_t reserved[13]; } params; - if (GLRO(dl_vdso_getrandom) (NULL, 0, 0, ¶ms, ~0UL) == 0) + long int ret = INTERNAL_VSYSCALL_CALL (GLRO(dl_vdso_getrandom), + 5, NULL, 0, 0, ¶ms, ~0UL); + if (! INTERNAL_SYSCALL_ERROR_P (ret)) { /* Align each opaque state to L1 data cache size to avoid false sharing. If the size can not be obtained, use the kernel |