powerpc: Use correct procedure call standard for getrandom vDSO call (bug 32440)

A plain indirect function call does not work on POWER because success and failure are signaled through a flag register, and not via the usual Linux negative return value convention. This has potential security impact, in two ways: the return value could be out of bounds (EAGAIN is 11 on powerpc6le), and no random bytes have been written despite the non-error return value. Fixes commit 461cab1de7 ("linux: Add support for getrandom vDSO"). Reported-by: Ján Stanček <jstancek@redhat.com> Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2025-08-01 10:06:57 +03:00 · 2024-12-10 16:17:06 +01:00
parent b79f257533
commit 4f5704ea34
3 changed files with 49 additions and 6 deletions
--- a/sysdeps/unix/sysv/linux/getrandom.c
+++ b/sysdeps/unix/sysv/linux/getrandom.c
@ -20,6 +20,8 @@
 #include <errno.h>
 #include <unistd.h>
 #include <sysdep-cancel.h>
+#include <sysdep.h>
+#include <sysdep-vdso.h>

 static inline ssize_t
 getrandom_syscall (void *buffer, size_t length, unsigned int flags,
@ -201,11 +203,12 @@ getrandom_vdso (void *buffer, size_t length, unsigned int flags, bool cancel)
     cancellation bridge (__syscall_cancel_arch), use GRND_NONBLOCK so there
     is no potential unbounded blocking in the kernel.  It should be a rare
     situation, only at system startup when RNG is not initialized.  */
-  ssize_t ret = GLRO (dl_vdso_getrandom) (buffer,
-					  length,
-					  flags | GRND_NONBLOCK,
-					  state,
-					  state_size);
+  long int ret = INTERNAL_VSYSCALL_CALL (GLRO (dl_vdso_getrandom), 5,
+					 buffer,
+					 length,
+					 flags | GRND_NONBLOCK,
+					 state,
+					 state_size);
  if (INTERNAL_SYSCALL_ERROR_P (ret))
    {
      /* Fallback to the syscall if the kernel would block.  */
@ -241,7 +244,9 @@ __getrandom_early_init (_Bool initial)
 	uint32_t mmap_flags;
 	uint32_t reserved[13];
      } params;
-      if (GLRO(dl_vdso_getrandom) (NULL, 0, 0, &params, ~0UL) == 0)
+      long int ret = INTERNAL_VSYSCALL_CALL (GLRO(dl_vdso_getrandom),
+					     5, NULL, 0, 0, &params, ~0UL);
+      if (! INTERNAL_SYSCALL_ERROR_P (ret))
 	{
 	  /* Align each opaque state to L1 data cache size to avoid false
 	     sharing.  If the size can not be obtained, use the kernel