diff options
| author | Yann Droneaud <yann@droneaud.fr> | 2024-08-25 17:47:50 +0300 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2024-08-26 10:58:52 +0300 |
| commit | 28f5df210d06beb5920cf80446f1c27456c14b92 (patch) | |
| tree | 65fe8d080b492be9b1068f0af442848a0e459af5 | |
| parent | dc1c8034e31b14a2e5e212104ec508aec44ce1b9 (diff) | |
| download | linux-28f5df210d06beb5920cf80446f1c27456c14b92.tar.xz | |
random: vDSO: reject unknown getrandom() flags
Like the getrandom() syscall, vDSO getrandom() must also reject unknown
flags. [1]
It would be possible to return -EINVAL from vDSO itself, but in the
possible case that a new flag is added to getrandom() syscall in the
future, it would be easier to get the behavior from the syscall, instead
of erroring until the vDSO is extended to support the new flag or
explicitly falling back.
[1] Designing the API: Planning for Extension
https://docs.kernel.org/process/adding-syscalls.html#designing-the-api-planning-for-extension
Signed-off-by: Yann Droneaud <yann@droneaud.fr>
[Jason: reworded commit message]
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
| -rw-r--r-- | lib/vdso/getrandom.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/vdso/getrandom.c b/lib/vdso/getrandom.c index b230f0b10832..e1db228bc4f0 100644 --- a/lib/vdso/getrandom.c +++ b/lib/vdso/getrandom.c @@ -85,6 +85,10 @@ __cvdso_getrandom_data(const struct vdso_rng_data *rng_info, void *buffer, size_ if (unlikely(((unsigned long)opaque_state & ~PAGE_MASK) + sizeof(*state) > PAGE_SIZE)) return -EFAULT; + /* Handle unexpected flags by falling back to the kernel. */ + if (unlikely(flags & ~(GRND_NONBLOCK | GRND_RANDOM | GRND_INSECURE))) + goto fallback_syscall; + /* If the caller passes the wrong size, which might happen due to CRIU, fallback. */ if (unlikely(opaque_len != sizeof(*state))) goto fallback_syscall; |