git.ipfire.org Git - thirdparty/glibc.git/commit

author	Florian Weimer <fweimer@redhat.com>
	Thu, 16 Jan 2025 17:45:25 +0000 (18:45 +0100)
committer	Florian Weimer <fweimer@redhat.com>
	Thu, 16 Jan 2025 18:58:09 +0000 (19:58 +0100)
commit	abeae3c0061c0599ac2f012b270d6b4c8f59c82f
tree	6c60a0211917dd4a4a010ebf6668c682abaf6b70	tree
parent	252fc3628bc2dd66b38dff7b5c22432bb34a8829	commit \| diff

Linux: Fixes for getrandom fork handling

Careful updates of grnd_alloc.len are required to ensure that
after fork, grnd_alloc.states does not contain entries that
are also encountered by __getrandom_reset_state in TCBs.
For the same reason, it is necessary to overwrite the TCB state
pointer with NULL before updating grnd_alloc.states in
__getrandom_vdso_release.

Before this change, different TCBs could share the same getrandom
state after multi-threaded fork.  This would be a critical security
bug (predictable randomness) if not caught during development.

The additional check in stdlib/tst-arc4random-thread makes it more
likely that the test fails due to the bugs mentioned above.

Both __getrandom_reset_state and __getrandom_vdso_release could
put reserved NULL pointers into the states array.  This is also
fixed with this commit.  After these changes, no null pointers were
observed in the states array during testing.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>

stdlib/tst-arc4random-thread.c		diff \| blob \| blame \| history
sysdeps/unix/sysv/linux/getrandom.c		diff \| blob \| blame \| history