tools/nolibc: stackprotector: Avoid stalling program startup if crng is not init yet

We are using the getrandom syscall to get a random seed for the
stack protector canary but we are calling it with no flags which means
it'll block until there is some real randomness to return.

This means that if the crng is not ready yet program startup will
block and if you are unlucky that could be for a long time and
look like the program has crashed.

Even if the call to getrandom does not yield any random data,
we will still initialize the canary.

Fixes: 7188d4637e95 ("tools/nolibc: add support for stack protector")
Signed-off-by: Daniel Palmer <daniel@thingy.jp>
Acked-by: Willy Tarreau <w@1wt.eu>
Link: https://patch.msgid.link/20260522090726.726985-1-daniel@thingy.jp
Signed-off-by: Thomas Weißschuh <linux@weissschuh.net>

diff --git a/tools/include/nolibc/stackprotector.h b/tools/include/nolibc/stackprotector.h
index e11c20c75465496a32f96bb8d4cfb304eb9bbf39..916a92062ba0d83a38bc0a577cb99e0e51f0d217 100644 (file)
--- a/tools/include/nolibc/stackprotector.h
+++ b/tools/include/nolibc/stackprotector.h
@@ -42,7 +42,8 @@ uintptr_t __stack_chk_guard;
 
 static __nolibc_no_stack_protector void __stack_chk_init(void)
 {
-       __nolibc_syscall3(__NR_getrandom, &__stack_chk_guard, sizeof(__stack_chk_guard), 0);
+       __nolibc_syscall3(__NR_getrandom, &__stack_chk_guard, sizeof(__stack_chk_guard),
+                         GRND_INSECURE | GRND_NONBLOCK);
        /* a bit more randomness in case getrandom() fails, ensure the guard is never 0 */
        if (__stack_chk_guard != (uintptr_t) &__stack_chk_guard)
                __stack_chk_guard ^= (uintptr_t) &__stack_chk_guard;