[sanitizers] Add a blocking boolean to GetRandom prototype
Summary:
On platforms with `getrandom`, the system call defaults to blocking. This
becomes an issue in the very early stage of the boot for Scudo, when the RNG
source is not set-up yet: the syscall will block and we'll stall.
Introduce a parameter to specify that the function should not block, defaulting
to blocking as the underlying syscall does.
Update Scudo to use the non-blocking version.
Reviewers: alekseyshl
Reviewed By: alekseyshl
Subscribers: llvm-commits, kubamracek
Differential Revision: https://reviews.llvm.org/D36399
llvm-svn: 310839
diff --git a/compiler-rt/lib/scudo/scudo_utils.h b/compiler-rt/lib/scudo/scudo_utils.h
index 6c6c9d8..1326919 100644
--- a/compiler-rt/lib/scudo/scudo_utils.h
+++ b/compiler-rt/lib/scudo/scudo_utils.h
@@ -44,11 +44,14 @@
struct XoRoShiRo128Plus {
public:
void init() {
- if (UNLIKELY(!GetRandom(reinterpret_cast<void *>(State), sizeof(State)))) {
- // Early processes (eg: init) do not have /dev/urandom yet, but we still
- // have to provide them with some degree of entropy. Not having a secure
- // seed is not as problematic for them, as they are less likely to be
- // the target of heap based vulnerabilities exploitation attempts.
+ if (UNLIKELY(!GetRandom(reinterpret_cast<void *>(State), sizeof(State),
+ /*blocking=*/false))) {
+ // On some platforms, early processes like `init` do not have an
+ // initialized random pool (getrandom blocks and /dev/urandom doesn't
+ // exist yet), but we still have to provide them with some degree of
+ // entropy. Not having a secure seed is not as problematic for them, as
+ // they are less likely to be the target of heap based vulnerabilities
+ // exploitation attempts.
State[0] = NanoTime();
State[1] = 0;
}