From nobody Sun May 24 18:41:13 2026
Received: from mail-pf1-f181.google.com (mail-pf1-f181.google.com
 [209.85.210.181])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 48F11364053
	for <linux-kernel@vger.kernel.org>; Fri, 22 May 2026 09:07:38 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.210.181
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1779440859; cv=none;
 b=nSne81ijDkYdh4qXRhKQOZA/D37PgZG+2K78G4RY/9MOLVbzxq6M4+fDPUfGugI40/58hMtvMLJV7SfzotmEVraaWbfk+R63G90I+QJP+EB/86l52rSDgnygbY56mc/GCG4QWZjRKV90GNxebBUPjQVn/2yWqBWHChuWxkqA6gY=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1779440859; c=relaxed/simple;
	bh=zRwGdJ/JIXhQDaiY0+bKqYMkNGMpbxBy41rxTThTxB4=;
	h=From:To:Cc:Subject:Date:Message-ID:MIME-Version;
 b=NQaEVVpJLVmt4jSpVHgLoZDmly3kwqgTv08A2DZmCnlmpI2PXbIcVGce3jPeEkknnzEqQSmFpLMwPy95IHz04SKt/133AsICFJISUlm0e7fZdgecWKLY0DP8tNq6fiKlPoHE3GAA5Jbg8etx+V98cMJPMxzu+gAGTYGxjH+MqSc=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=none (p=none dis=none) header.from=thingy.jp;
 spf=pass smtp.mailfrom=0x0f.com;
 dkim=pass (1024-bit key) header.d=thingy.jp header.i=@thingy.jp
 header.b=aLKL9kzw; arc=none smtp.client-ip=209.85.210.181
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=none (p=none dis=none) header.from=thingy.jp
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=0x0f.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=thingy.jp header.i=@thingy.jp
 header.b="aLKL9kzw"
Received: by mail-pf1-f181.google.com with SMTP id
 d2e1a72fcca58-8353ca0f1f1so3101391b3a.1
        for <linux-kernel@vger.kernel.org>;
 Fri, 22 May 2026 02:07:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=thingy.jp; s=google; t=1779440857; x=1780045657;
 darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:from:to:cc:subject:date:message-id:reply-to;
        bh=Pj0WAMzJVTmf6cS6uOm2dlhhbWzEjvkJ9YvwP08iKK0=;
        b=aLKL9kzwaO3+8C3RYtj/3i7SO6kX/Dciu/xMQD2zzGsho0SooCdIBqxjLclN3sEDwT
         D+56IYtJR1fVK9eEQTf8HoWtK0TLlVUymuoaBBtcFfhDYc5ypIEFo81yKASf+HF39dKw
         /0SqWfKu8Onk1YEddabSxq01lJR6+NWaagRSY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1779440857; x=1780045657;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=Pj0WAMzJVTmf6cS6uOm2dlhhbWzEjvkJ9YvwP08iKK0=;
        b=NRACS2vlqNJd+wVCCUkvFNlmSAVXKJF4eA5TQRrLzeZuSTlKjeTsX3YSWFeQtRaFNg
         ymjIgKo/00SsKpE/NMgDsV8F/h1HeVdH4+cMohE/Ntz7fF5jtJiTU+NG6hzgvFg2NFK0
         BOcJT/foa5WzVw4A5uWq8lScVRNBqDZQrj72250cPlNjDtfhjxdmsTaQeMCbRePuVLIX
         OowSGEioXs99AlhgCaYQeh8Cb9Gd6yvePcX750Mw4kIqzNH5eDbEA/DC1OngjRIpb1sN
         XqpMGI5gHauAG2NoWRj70cyCjcvLj/zKSsdjFbwzrGD6EuMahiTPh4i1DARJssfYSMCF
         MrOg==
X-Gm-Message-State: AOJu0YwdySllJ7Sie4CLefpgSK4+5PrDvkfTxWPbTscWR5wbetCKuJWo
	F7NFM4IB8yhkZ/SPT9Wp0sz2kkOjpuMq1QY/QIhg+HsVDZr5i3GTdlyyzZUrPrMhqFxA2RXjNdW
	a2/kN
X-Gm-Gg: Acq92OFjLH8r7TrthH0mbfL/yOQbS4dwymNnLGNedzk6M0TLGTAY6V+7uzPUDd4l8VQ
	UHIvUfRWmK6HBUK+wkqY/5AC++1One9WRVUZxGanYkAmqWRsF7msYIlSwSG+DtAcJwXf/QI4g+J
	iQT/xGwnVVQZqUjBsySkHmeMKiJmetc7ciLqZqe1deLsdsPCabJ/tpsHtpUirn+N6FrtvYy96nY
	7jNaTo9QYb5BBb2ZNWvgOXf4lteYZ444jRGlpDfXUQBkHIlRHcIXTQO/5zsyJq7/xz59nSWSeEA
	sSb8RfHJbWTw1eXHDbuw4GbzOtSAXZhwHYxiuhc8iZW4I31hZf3q7Vhcw8D9yga9o1la4VhikPD
	mX2chw5gBMILs5dvHHtYneyiz1dRX7Q7ilYkY7w3KpVPiN8RHZLiDlJvNvmsWfL9jiU23zkEciL
	Co+Iu2MBOwHPniS6wYzKMt53z3P1A5dEI1kiuNQXAKeJzs1JF7ut5s57TK06KSRRHwr2mB6+Z7k
	ROaA00MBPS3lg==
X-Received: by 2002:a05:6a00:4503:b0:837:c1f8:6e55 with SMTP id
 d2e1a72fcca58-8416112c734mr2038867b3a.14.1779440857360;
        Fri, 22 May 2026 02:07:37 -0700 (PDT)
Received: from kinako.work.home.arpa
 (p1620034-ipxg00d01sizuokaden.shizuoka.ocn.ne.jp. [122.29.136.34])
        by smtp.googlemail.com with ESMTPSA id
 d2e1a72fcca58-84164ff7d80sm1465577b3a.56.2026.05.22.02.07.36
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 22 May 2026 02:07:36 -0700 (PDT)
From: Daniel Palmer <daniel@thingy.jp>
To: w@1wt.eu,
	linux@weissschuh.net
Cc: linux-kernel@vger.kernel.org,
	Daniel Palmer <daniel@thingy.jp>
Subject: [PATCH] tools/nolibc: stackprotector: Avoid stalling program startup
 if crng is not init yet
Date: Fri, 22 May 2026 18:07:26 +0900
Message-ID: <20260522090726.726985-1-daniel@thingy.jp>
X-Mailer: git-send-email 2.53.0
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

We are using the getrandom syscall to get a random seed for the
stack protector canary but we are calling it with no flags which means
it'll block until there is some real randomness to return.

This means that if the crng is not ready yet program startup will
block and if you are unlucky that could be for a long time and
look like the program has crashed.

There is a comment in the code about mixing in the pid to make
sure the canary isn't 0 even if getrandom fails so it seems ok
to pass the non-blocking and insecure flags so it doesn't block
and potentially return something even if the crng is not init
yet.

Fixes: 7188d4637e95 ("tools/nolibc: add support for stack protector")
Signed-off-by: Daniel Palmer <daniel@thingy.jp>
Acked-by: Willy Tarreau <w@1wt.eu>
---

The insecure flag is apparently from 5.6, I think Willy said before
we are trying to keep nolibc working on the oldest LTS kernel.
That seems to be 5.10 so I think its ok?

Anyhow, I switched compilers for my nommu target and everything
stopped working, tracked it down to this. my other compiler must
have not supported the stack protector.

 tools/include/nolibc/stackprotector.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tools/include/nolibc/stackprotector.h b/tools/include/nolibc/s=
tackprotector.h
index e11c20c75465..916a92062ba0 100644
--- a/tools/include/nolibc/stackprotector.h
+++ b/tools/include/nolibc/stackprotector.h
@@ -42,7 +42,8 @@ uintptr_t __stack_chk_guard;
=20
 static __nolibc_no_stack_protector void __stack_chk_init(void)
 {
-	__nolibc_syscall3(__NR_getrandom, &__stack_chk_guard, sizeof(__stack_chk_=
guard), 0);
+	__nolibc_syscall3(__NR_getrandom, &__stack_chk_guard, sizeof(__stack_chk_=
guard),
+			  GRND_INSECURE | GRND_NONBLOCK);
 	/* a bit more randomness in case getrandom() fails, ensure the guard is n=
ever 0 */
 	if (__stack_chk_guard !=3D (uintptr_t) &__stack_chk_guard)
 		__stack_chk_guard ^=3D (uintptr_t) &__stack_chk_guard;
--=20
2.53.0