From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, PaX Team <pageexec@freemail.hu>,
"Jason A. Donenfeld" <Jason@zx2c4.com>,
Kees Cook <keescook@chromium.org>
Subject: [PATCH 4.19 26/32] gcc-plugins: latent_entropy: use /dev/urandom
Date: Mon, 18 Apr 2022 14:14:06 +0200 [thread overview]
Message-ID: <20220418121127.888590983@linuxfoundation.org> (raw)
In-Reply-To: <20220418121127.127656835@linuxfoundation.org>
From: Jason A. Donenfeld <Jason@zx2c4.com>
commit c40160f2998c897231f8454bf797558d30a20375 upstream.
While the latent entropy plugin mostly doesn't derive entropy from
get_random_const() for measuring the call graph, when __latent_entropy is
applied to a constant, then it's initialized statically to output from
get_random_const(). In that case, this data is derived from a 64-bit
seed, which means a buffer of 512 bits doesn't really have that amount
of compile-time entropy.
This patch fixes that shortcoming by just buffering chunks of
/dev/urandom output and doling it out as requested.
At the same time, it's important that we don't break the use of
-frandom-seed, for people who want the runtime benefits of the latent
entropy plugin, while still having compile-time determinism. In that
case, we detect whether gcc's set_random_seed() has been called by
making a call to get_random_seed(noinit=true) in the plugin init
function, which is called after set_random_seed() is called but before
anything that calls get_random_seed(noinit=false), and seeing if it's
zero or not. If it's not zero, we're in deterministic mode, and so we
just generate numbers with a basic xorshift prng.
Note that we don't detect if -frandom-seed is being used using the
documented local_tick variable, because it's assigned via:
local_tick = (unsigned) tv.tv_sec * 1000 + tv.tv_usec / 1000;
which may well overflow and become -1 on its own, and so isn't
reliable: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105171
[kees: The 256 byte rnd_buf size was chosen based on average (250),
median (64), and std deviation (575) bytes of used entropy for a
defconfig x86_64 build]
Fixes: 38addce8b600 ("gcc-plugins: Add latent_entropy plugin")
Cc: stable@vger.kernel.org
Cc: PaX Team <pageexec@freemail.hu>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20220405222815.21155-1-Jason@zx2c4.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
scripts/gcc-plugins/latent_entropy_plugin.c | 44 +++++++++++++++++-----------
1 file changed, 27 insertions(+), 17 deletions(-)
--- a/scripts/gcc-plugins/latent_entropy_plugin.c
+++ b/scripts/gcc-plugins/latent_entropy_plugin.c
@@ -86,25 +86,31 @@ static struct plugin_info latent_entropy
.help = "disable\tturn off latent entropy instrumentation\n",
};
-static unsigned HOST_WIDE_INT seed;
-/*
- * get_random_seed() (this is a GCC function) generates the seed.
- * This is a simple random generator without any cryptographic security because
- * the entropy doesn't come from here.
- */
+static unsigned HOST_WIDE_INT deterministic_seed;
+static unsigned HOST_WIDE_INT rnd_buf[32];
+static size_t rnd_idx = ARRAY_SIZE(rnd_buf);
+static int urandom_fd = -1;
+
static unsigned HOST_WIDE_INT get_random_const(void)
{
- unsigned int i;
- unsigned HOST_WIDE_INT ret = 0;
-
- for (i = 0; i < 8 * sizeof(ret); i++) {
- ret = (ret << 1) | (seed & 1);
- seed >>= 1;
- if (ret & 1)
- seed ^= 0xD800000000000000ULL;
+ if (deterministic_seed) {
+ unsigned HOST_WIDE_INT w = deterministic_seed;
+ w ^= w << 13;
+ w ^= w >> 7;
+ w ^= w << 17;
+ deterministic_seed = w;
+ return deterministic_seed;
}
- return ret;
+ if (urandom_fd < 0) {
+ urandom_fd = open("/dev/urandom", O_RDONLY);
+ gcc_assert(urandom_fd >= 0);
+ }
+ if (rnd_idx >= ARRAY_SIZE(rnd_buf)) {
+ gcc_assert(read(urandom_fd, rnd_buf, sizeof(rnd_buf)) == sizeof(rnd_buf));
+ rnd_idx = 0;
+ }
+ return rnd_buf[rnd_idx++];
}
static tree tree_get_random_const(tree type)
@@ -549,8 +555,6 @@ static void latent_entropy_start_unit(vo
tree type, id;
int quals;
- seed = get_random_seed(false);
-
if (in_lto_p)
return;
@@ -585,6 +589,12 @@ __visible int plugin_init(struct plugin_
const struct plugin_argument * const argv = plugin_info->argv;
int i;
+ /*
+ * Call get_random_seed() with noinit=true, so that this returns
+ * 0 in the case where no seed has been passed via -frandom-seed.
+ */
+ deterministic_seed = get_random_seed(true);
+
static const struct ggc_root_tab gt_ggc_r_gt_latent_entropy[] = {
{
.base = &latent_entropy_decl,
next prev parent reply other threads:[~2022-04-18 13:32 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-18 12:13 [PATCH 4.19 00/32] 4.19.239-rc1 review Greg Kroah-Hartman
2022-04-18 12:13 ` [PATCH 4.19 01/32] memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe Greg Kroah-Hartman
2022-04-18 12:13 ` [PATCH 4.19 02/32] net/sched: flower: fix parsing of ethertype following VLAN header Greg Kroah-Hartman
2022-04-18 12:13 ` [PATCH 4.19 03/32] veth: Ensure eth header is in skbs linear part Greg Kroah-Hartman
2022-04-18 12:13 ` [PATCH 4.19 04/32] gpiolib: acpi: use correct format characters Greg Kroah-Hartman
2022-04-18 12:13 ` [PATCH 4.19 05/32] mlxsw: i2c: Fix initialization error flow Greg Kroah-Hartman
2022-04-18 12:13 ` [PATCH 4.19 06/32] net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link Greg Kroah-Hartman
2022-04-18 12:13 ` [PATCH 4.19 07/32] sctp: Initialize daddr on peeled off socket Greg Kroah-Hartman
2022-04-18 12:13 ` [PATCH 4.19 08/32] testing/selftests/mqueue: Fix mq_perf_tests to free the allocated cpu set Greg Kroah-Hartman
2022-04-18 12:13 ` [PATCH 4.19 09/32] nfc: nci: add flush_workqueue to prevent uaf Greg Kroah-Hartman
2022-04-18 12:13 ` [PATCH 4.19 10/32] cifs: potential buffer overflow in handling symlinks Greg Kroah-Hartman
2022-04-18 12:13 ` [PATCH 4.19 11/32] drm/amd: Add USBC connector ID Greg Kroah-Hartman
2022-04-18 12:13 ` [PATCH 4.19 12/32] drm/amdkfd: Check for potential null return of kmalloc_array() Greg Kroah-Hartman
2022-04-18 12:13 ` [PATCH 4.19 13/32] Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer Greg Kroah-Hartman
2022-04-18 12:13 ` [PATCH 4.19 14/32] scsi: target: tcmu: Fix possible page UAF Greg Kroah-Hartman
2022-04-18 12:13 ` [PATCH 4.19 15/32] scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 Greg Kroah-Hartman
2022-04-18 12:13 ` [PATCH 4.19 16/32] net: micrel: fix KS8851_MLL Kconfig Greg Kroah-Hartman
2022-04-18 12:13 ` [PATCH 4.19 17/32] ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs Greg Kroah-Hartman
2022-04-18 12:13 ` [PATCH 4.19 18/32] gpu: ipu-v3: Fix dev_dbg frequency output Greg Kroah-Hartman
2022-04-18 12:13 ` [PATCH 4.19 19/32] arm64: alternatives: mark patch_alternative() as `noinstr` Greg Kroah-Hartman
2022-04-18 12:14 ` [PATCH 4.19 20/32] drm/amd/display: Fix allocate_mst_payload assert on resume Greg Kroah-Hartman
2022-04-18 12:14 ` [PATCH 4.19 21/32] scsi: mvsas: Add PCI ID of RocketRaid 2640 Greg Kroah-Hartman
2022-04-18 12:14 ` [PATCH 4.19 22/32] drivers: net: slip: fix NPD bug in sl_tx_timeout() Greg Kroah-Hartman
2022-04-18 12:14 ` [PATCH 4.19 23/32] mm, page_alloc: fix build_zonerefs_node() Greg Kroah-Hartman
2022-04-18 12:14 ` [PATCH 4.19 24/32] mm: kmemleak: take a full lowmem check in kmemleak_*_phys() Greg Kroah-Hartman
2022-04-18 12:14 ` [PATCH 4.19 25/32] KVM: Dont create VM debugfs files outside of the VM directory Greg Kroah-Hartman
2022-04-18 12:14 ` Greg Kroah-Hartman [this message]
2022-04-18 12:14 ` [PATCH 4.19 27/32] ALSA: hda/realtek: Add quirk for Clevo PD50PNT Greg Kroah-Hartman
2022-04-18 12:14 ` [PATCH 4.19 28/32] ALSA: pcm: Test for "silence" field in struct "pcm_format_data" Greg Kroah-Hartman
2022-04-18 12:14 ` [PATCH 4.19 29/32] ipv6: fix panic when forwarding a pkt with no in6 dev Greg Kroah-Hartman
2022-04-18 12:14 ` [PATCH 4.19 30/32] ARM: davinci: da850-evm: Avoid NULL pointer dereference Greg Kroah-Hartman
2022-04-18 12:14 ` [PATCH 4.19 31/32] smp: Fix offline cpu check in flush_smp_call_function_queue() Greg Kroah-Hartman
2022-04-18 12:14 ` [PATCH 4.19 32/32] i2c: pasemi: Wait for write xfers to finish Greg Kroah-Hartman
2022-04-18 17:54 ` [PATCH 4.19 00/32] 4.19.239-rc1 review Pavel Machek
2022-04-19 0:05 ` Guenter Roeck
2022-04-19 0:09 ` Shuah Khan
2022-04-19 7:21 ` Samuel Zou
2022-04-19 8:57 ` Naresh Kamboju
2022-04-19 11:59 ` Sudip Mukherjee
2022-04-19 12:21 ` Jon Hunter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220418121127.888590983@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=Jason@zx2c4.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pageexec@freemail.hu \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.