Re: [PATCH] tools/nolibc: stackprotector: Avoid stalling program startup if crng is not init yet

Next message: kernel test robot: "Re: [PATCH] ext2: Remove deprecated DAX support"
Previous message: kernel test robot: "Re: [PATCH] HID: core: Fix bsize printk specifier in hid_report_raw_event()"
In reply to: Daniel Palmer: "Re: [PATCH] tools/nolibc: stackprotector: Avoid stalling program startup if crng is not init yet"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Daniel Palmer

Date: Sat May 23 2026 - 21:26:04 EST

Hi Thomas, Willy,

On Fri, 22 May 2026 at 23:46, Thomas Weißschuh <linux@xxxxxxxxxxxxxx> wrote:
>
> On 2026-05-22 11:39:27+0200, Willy Tarreau wrote:
> > > The insecure flag is apparently from 5.6, I think Willy said before
> > > we are trying to keep nolibc working on the oldest LTS kernel.
> > > That seems to be 5.10 so I think its ok?
> >
> > Sounds reasonable. We could also condition the flag to its existence
> > if it causes issues.
>
> IMO we could even not use GRND_INSECURE and only use GRND_NONBLOCK.

How about this:

static __nolibc_no_stack_protector void __stack_chk_init(void)
{
int ret = -EINVAL;

/* GRND_INSECURE is available in kernel 5.6+ */
#ifdef GRND_INSECURE
ret = __nolibc_syscall3(__NR_getrandom, &__stack_chk_guard,
sizeof(__stack_chk_guard),
GRND_INSECURE | GRND_NONBLOCK);
#endif

/* GRND_INSECURE wasn't defined at build time or the above call
to getrandom failed because
* the running kernel didn't understand it.
*/
if (ret == -EINVAL) {
__nolibc_syscall3(__NR_getrandom, &__stack_chk_guard,
sizeof(__stack_chk_guard),
GRND_NONBLOCK);
}

/* a bit more randomness in case getrandom() fails, ensure the
guard is never 0 */
if (__stack_chk_guard != (uintptr_t) &__stack_chk_guard)
__stack_chk_guard ^= (uintptr_t) &__stack_chk_guard;
}

I think that would allow building with >=5.6 headers and running on
<5.6 and building on <5.6.
Maybe its too much. :)

Thanks,

Daniel