Re: [PATCH] tools/nolibc: stackprotector: Avoid stalling program startup if crng is not init yet

[Thomas Weißschuh]

On 2026-05-22 11:39:27+0200, Willy Tarreau wrote:
> On Fri, May 22, 2026 at 06:07:26PM +0900, Daniel Palmer wrote:
> > We are using the getrandom syscall to get a random seed for the
> > stack protector canary but we are calling it with no flags which means
> > it'll block until there is some real randomness to return.
> > 
> > This means that if the crng is not ready yet program startup will
> > block and if you are unlucky that could be for a long time and
> > look like the program has crashed.
> > 
> > There is a comment in the code about mixing in the pid to make
> > sure the canary isn't 0 even if getrandom fails so it seems ok
> > to pass the non-blocking and insecure flags so it doesn't block
> > and potentially return something even if the crng is not init
> > yet.
> > 
> > Fixes: 7188d4637e95 ("tools/nolibc: add support for stack protector")
> > Signed-off-by: Daniel Palmer <daniel@xxxxxxxxx>
> 
> Acked-by: Willy Tarreau <w@xxxxxx>
> 
> > ---
> > 
> > The insecure flag is apparently from 5.6, I think Willy said before
> > we are trying to keep nolibc working on the oldest LTS kernel.
> > That seems to be 5.10 so I think its ok?
> 
> Sounds reasonable. We could also condition the flag to its existence
> if it causes issues.

IMO we could even not use GRND_INSECURE and only use GRND_NONBLOCK.

> > Anyhow, I switched compilers for my nommu target and everything
> > stopped working, tracked it down to this. my other compiler must
> > have not supported the stack protector.

Did the random pool *never* fully initialize?
That sounds weird.

(...)


Thomas