Re: lib/59124: arc4random(3): first call in process races with concurrent fork

["Robert Elz via gnats" <gnats-admin%NetBSD.org@localhost>]

The following reply was made to PR lib/59124; it has been noted by GNATS.

From: Robert Elz <kre%munnari.OZ.AU@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: 
Subject: Re: lib/59124: arc4random(3): first call in process races with concurrent fork
Date: Tue, 04 Mar 2025 10:29:36 +0700

     Date:        Mon,  3 Mar 2025 21:05:00 +0000 (UTC)
     From:        campbell+netbsd%mumble.net@localhost
     Message-ID:  <20250303210500.63C301A923F%mollari.NetBSD.org@localhost>
 
   | arc4random will (a) take the global arc4random lock and (b) call pthre=
 ad_atfork to make itself fork-safe.
   |
   | But if the fork happens between (a) and (b), the child will see the lo=
 ck held with no threads running to release it.
 
 
   | One way we could address this is by creating a variant of pthread_atfo=
 rk
   | with caller-supplied storage, and using it in an ELF constructor routi=
 ne
 
 Or, arc4random() could just call pthread_atfork() before it takes its own
 private lock.   That has to be simpler.   Just reverse (a) and (b).
 
 All that's needed is for the callback functions it supplies to able to tel=
 l
 if the lock is held or not, before attempting to release it - which is nee=
 ded
 anyway, as a more likely case is some thread forking, sometime after a cal=
 l
 to arc4random, when no call to that is active, and no lock is held.
 
 kre