dhcpcd crashes with SIGSYS with latest Ferdora 41 glibc

[sshambar]

The latest patch to glibc 2.40 in Fedora 41 has added a vDSO getrandom() user-space implementation, ref:

• LWN coverage of new getrandom(): https://lwn.net/Articles/983186/
• Fedora 41 patch: https://src.fedoraproject.org/rpms/glibc/c/507c4d0566108946e98cb3820b08bc35dc6b898b?branch=f41

The new patch calls internal_signal_block_all() in vgetrandom_get_state(), which attempts to call syscall rt_sigprocmask, and seccomp denies it leading to a crash:

dhcpcd terminated abnormally with signal 31/SYS
        #0  0x00007ffff7dd8521 getrandom_vdso (libc.so.6 + 0x1d521)
        #1  0x00007ffff7dd5f01 __GI___arc4random_buf.part.0 (libc.so.6 + 0x1af0>
        #2  0x00007ffff7dd6107 arc4random (libc.so.6 + 0x1b107)
        #3  0x00007ffff7dd6164 arc4random_uniform (libc.so.6 + 0x1b164)
        #4  0x000000000042a133 n/a (/home/devel/work/dhcpcd/src/dhcpcd + 0x2a13>
        ELF object binary architecture: AMD x86-64

Adding a simple patch to allow the syscall appears to fix the crash:

--- a/src/privsep-linux.c
+++ b/src/privsep-linux.c
@@ -349,6 +349,9 @@ static struct sock_filter ps_seccomp_filter[] = {
 #ifdef __NR_getrandom
        SECCOMP_ALLOW(__NR_getrandom),
 #endif
+#ifdef __NR_rt_sigprocmask
+       SECCOMP_ALLOW(__NR_rt_sigprocmask),
+#endif
 #ifdef __NR_getsockopt
        /* For route socket overflow */
        SECCOMP_ALLOW_ARG(__NR_getsockopt, 1, SOL_SOCKET),

[rsmarples]

Thanks for the patch!

Hopefully this also fixes #410 and maybe #405

[sshambar]

Thanks for the patch!
Anytime! - probably should have just submitted a patch to make your life easier :)

Hopefully this also fixes #410 and maybe #405
Appears likely to fix 410, but I think 405 may be something else...

[rsmarples]

I do strive for the easy life :)