From patchwork Tue Sep 29 12:55:46 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella X-Patchwork-Id: 40543 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 307F7384B13C; Tue, 29 Sep 2020 12:55:56 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 307F7384B13C DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1601384156; bh=xl/4ckEQA77A186fg80DtKiNMejD6EFt2jLqbv0gjQY=; h=To:Subject:Date:In-Reply-To:References:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=QRMTxr7YShXT4B8bkU9JjdzewSXSoDATaYqBljFqnSwkOxwhFKZp9qx5JCOH7wPdg vUOKlL8qIjP1iLEaHgtOWu9zp6Nx6LISAC37XA+5k42O31wt21jubV+gCerwfeDbTt 1JM8ZaBOQs+2Kg/WfDxoLZW73oRbqZz8mhWpl0Lg= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-qv1-xf42.google.com (mail-qv1-xf42.google.com [IPv6:2607:f8b0:4864:20::f42]) by sourceware.org (Postfix) with ESMTPS id CD9543851C06 for ; Tue, 29 Sep 2020 12:55:53 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org CD9543851C06 Received: by mail-qv1-xf42.google.com with SMTP id cr8so2175310qvb.10 for ; Tue, 29 Sep 2020 05:55:53 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=xl/4ckEQA77A186fg80DtKiNMejD6EFt2jLqbv0gjQY=; b=meJ74VPTnoq4Dn0t8rlc8Sufpc83vpKhRQSZC4PF2F5PoA2xThlxX/czaHIZVMoHW2 ejTpvFxZBvKwojqldOkYGMac52PB498uyhfRfWFwQEswOYcNQaoqmGfpVSirfsu9Ba+1 kydHGVjyfYWONBvkSHGFNBv2qMn9PFufbVIbGJaCtq+5lmRzT4MSHRX3vOlqtyXMc+ju CM1c7F0huEOcD/hJGS3Hqg3fgc5PByZ2iQRMvyf1NBrBL/qcdkVY66/o55avxOw8huQJ bTIq4XK+37CcfEQ+H1sc/rK2AlnDUNqo9MY8m/8gIeYQfjjgdN+j2tE7brhu3NtgDGgs DoGg== X-Gm-Message-State: AOAM53290+tw3MlEw1yOjEFjwSIVDc4t6c26ExB4B47YhcFC/dK9u9xL Q66VCe4PtHAtj262yKKycOhVm+soQCJrtg== X-Google-Smtp-Source: ABdhPJzw3CNbBhrw7KuvMfj1GkVYX508aq51PTzmGN3B7Xfwt2Rky2gsmWNJLNwqXHOI9hvclVDlNg== X-Received: by 2002:ad4:4b34:: with SMTP id s20mr4446916qvw.51.1601384153020; Tue, 29 Sep 2020 05:55:53 -0700 (PDT) Received: from localhost.localdomain ([177.194.48.209]) by smtp.googlemail.com with ESMTPSA id l19sm5549658qtu.16.2020.09.29.05.55.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Sep 2020 05:55:52 -0700 (PDT) To: libc-alpha@sourceware.org Subject: [PATCH 2/2] posix: Improve randomness on try_tempname_len Date: Tue, 29 Sep 2020 09:55:46 -0300 Message-Id: <20200929125546.3413273-2-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200929125546.3413273-1-adhemerval.zanella@linaro.org> References: <20200929125546.3413273-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-13.4 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Adhemerval Zanella via Libc-alpha From: Adhemerval Zanella Reply-To: Adhemerval Zanella Cc: Jakub Jelinek Errors-To: libc-alpha-bounces@sourceware.org Sender: "Libc-alpha" For __GT_NOCREATE (mktemp, tempnam, tmpnam) getrandom is also used on first try, otherwise randomness is obtained using the clock plus a linear congruential generator. Also for getrandom GRND_NONBLOCK is used to avoid blocking indefinitely on some older kernels. Checked on x86_64-linux-gnu. --- sysdeps/posix/tempname.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/sysdeps/posix/tempname.c b/sysdeps/posix/tempname.c index 03426c23cf..5d6cf261fa 100644 --- a/sysdeps/posix/tempname.c +++ b/sysdeps/posix/tempname.c @@ -76,10 +76,11 @@ typedef uint_fast64_t random_value; #define BASE_62_POWER (62LL * 62 * 62 * 62 * 62 * 62 * 62 * 62 * 62 * 62) static random_value -random_bits (random_value var) +random_bits (random_value var, bool use_getrandom) { random_value r; - if (__getrandom (&r, sizeof r, 0) == sizeof r) + /* Without GRND_NONBLOCK it can be blocked for minutes on some systems. */ + if (use_getrandom && __getrandom (&r, sizeof r, GRND_NONBLOCK) == sizeof r) return r; #if _LIBC || (defined CLOCK_MONOTONIC && HAVE_CLOCK_GETTIME) /* Add entropy if getrandom is not supported. */ @@ -263,9 +264,10 @@ try_tempname_len (char *tmpl, int suffixlen, void *args, some entropy from the ASLR and ignore possible bits from the stack alignment. */ random_value v = ((uintptr_t) &v) / alignof (max_align_t); + v = random_bits (v, tryfunc == try_nocreate); /* How many random base-62 digits can currently be extracted from V. */ - int vdigits = 0; + int vdigits = BASE_62_DIGITS; /* Least unfair value for V. If V is less than this, V can generate BASE_62_DIGITS digits fairly. Otherwise it might be biased. */ @@ -290,7 +292,7 @@ try_tempname_len (char *tmpl, int suffixlen, void *args, if (vdigits == 0) { do - v = random_bits (v); + v = random_bits (v, true); while (unfair_min <= v); vdigits = BASE_62_DIGITS;