Fix incorrect inline assembly usage in s2n_rand_rdrand_impl #4310
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of changes:
This PR fixes an incorrect inline assembly usage in s2n_rand_rdrand_impl.
The compiler may reuse a register for both input and output of an inline assembly statement, and the input should be consumed before writing to any output registers.
In s2n_rand_rdrand_impl there is an implicit input (an address of success variable) that is read by
setc
instruction afterrdrand
had already written to an output register. If the compiler reuses a register for input and output in that case, thesetc
instruction will try to write to an incorrect memory address, causing SIGSEGV or memory corruption.Marking the output register as earlyclobber (
&
) prevents the compiler from reusing the output register for input.We've encountered such SIGSEGV in s2n_rand_rdrand_impl during running our application under ASAN build, which actually produced the binary code described above.
Here is the related issue with the explanation of the bug:
google/sanitizers#1629
And here is a more detailed explanation from gcc documentaion on how to use inline assembly:
Testing:
I've build our application with s2n-tls under ASAN and checked that the SIGSEGV has gone away.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.