From: Kees Cook <keescook@chromium.org>
To: Emese Revfy <re.emese@gmail.com>
Cc: "kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>,
PaX Team <pageexec@freemail.hu>,
Brad Spengler <spender@grsecurity.net>,
Michal Marek <mmarek@suse.com>,
LKML <linux-kernel@vger.kernel.org>,
Masahiro Yamada <yamada.masahiro@socionext.com>,
linux-kbuild <linux-kbuild@vger.kernel.org>,
"Theodore Ts'o" <tytso@mit.edu>,
Andrew Morton <akpm@linux-foundation.org>,
Linux-MM <linux-mm@kvack.org>, Jens Axboe <axboe@kernel.dk>,
Al Viro <viro@zeniv.linux.org.uk>,
Paul McKenney <paulmck@linux.vnet.ibm.com>,
Ingo Molnar <mingo@redhat.com>,
Thomas Gleixner <tglx@linutronix.de>,
bart.vanassche@sandisk.com,
"David S. Miller" <davem@davemloft.net>
Subject: Re: [PATCH v1 1/3] Add the latent_entropy gcc plugin
Date: Tue, 24 May 2016 10:32:15 -0700 [thread overview]
Message-ID: <CAGXu5jJHenHARDZt=51m1XbSStTxpG90Dv=Fpkn79A6pZYtGOw@mail.gmail.com> (raw)
In-Reply-To: <20160524001529.0e69232eff0b1b5bc566a763@gmail.com>
On Mon, May 23, 2016 at 3:15 PM, Emese Revfy <re.emese@gmail.com> wrote:
> This plugin mitigates the problem of the kernel having too little entropy during
> and after boot for generating crypto keys.
>
> It creates a local variable in every marked function. The value of this variable is
> modified by randomly chosen operations (add, xor and rol) and
> random values (gcc generates them at compile time and the stack pointer at runtime).
> It depends on the control flow (e.g., loops, conditions).
>
> Before the function returns the plugin writes this local variable
> into the latent_entropy global variable. The value of this global variable is
> added to the kernel entropy pool in do_one_initcall() and _do_fork().
I'm excited to see this! This looks like it'll help a lot with early
entropy, which is something that'll be a problem for some
architectures that are trying to do early randomish things (e.g. the
heap layout randomization, various canaries, etc).
Do you have any good examples of a before/after case of early
randomness being fixed by this?
> Based on work created by the PaX Team.
>
> Signed-off-by: Emese Revfy <re.emese@gmail.com>
> ---
> arch/Kconfig | 17 ++
> arch/powerpc/kernel/Makefile | 8 +-
> include/linux/random.h | 8 +
> init/main.c | 1 +
> kernel/fork.c | 1 +
> mm/page_alloc.c | 5 +
> scripts/Makefile.gcc-plugins | 10 +-
> scripts/gcc-plugins/Makefile | 1 +
> scripts/gcc-plugins/latent_entropy_plugin.c | 446 ++++++++++++++++++++++++++++
> 9 files changed, 491 insertions(+), 6 deletions(-)
> create mode 100644 scripts/gcc-plugins/latent_entropy_plugin.c
>
> diff --git a/arch/Kconfig b/arch/Kconfig
> index 5feadad..74489df 100644
> --- a/arch/Kconfig
> +++ b/arch/Kconfig
> @@ -393,6 +393,23 @@ config GCC_PLUGIN_SANCOV
> gcc-4.5 on). It is based on the commit "Add fuzzing coverage support"
> by Dmitry Vyukov <dvyukov@google.com>.
>
> +config GCC_PLUGIN_LATENT_ENTROPY
> + bool "latent entropy"
> + depends on GCC_PLUGINS
> + help
> + By saying Y here the kernel will instrument some kernel code to
> + extract some entropy from both original and artificially created
> + program state. This will help especially embedded systems where
> + there is little 'natural' source of entropy normally. The cost
> + is some slowdown of the boot process and fork and irq processing.
Can "some" be more well quantified?
> +
> + Note that entropy extracted this way is not known to be cryptographically
> + secure!
maybe add ", but should be good enough for canaries and other secrets." ?
> +
> + This plugin was ported from grsecurity/PaX. More information at:
> + * https://grsecurity.net/
> + * https://pax.grsecurity.net/
> +
> config HAVE_CC_STACKPROTECTOR
> bool
> help
> diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile
> index 2da380f..6c7e448 100644
> --- a/arch/powerpc/kernel/Makefile
> +++ b/arch/powerpc/kernel/Makefile
> @@ -16,10 +16,10 @@ endif
>
> ifdef CONFIG_FUNCTION_TRACER
> # Do not trace early boot code
> -CFLAGS_REMOVE_cputable.o = -mno-sched-epilog $(CC_FLAGS_FTRACE)
> -CFLAGS_REMOVE_prom_init.o = -mno-sched-epilog $(CC_FLAGS_FTRACE)
> -CFLAGS_REMOVE_btext.o = -mno-sched-epilog $(CC_FLAGS_FTRACE)
> -CFLAGS_REMOVE_prom.o = -mno-sched-epilog $(CC_FLAGS_FTRACE)
> +CFLAGS_REMOVE_cputable.o = -mno-sched-epilog $(CC_FLAGS_FTRACE) $(DISABLE_LATENT_ENTROPY_PLUGIN)
> +CFLAGS_REMOVE_prom_init.o = -mno-sched-epilog $(CC_FLAGS_FTRACE) $(DISABLE_LATENT_ENTROPY_PLUGIN)
> +CFLAGS_REMOVE_btext.o = -mno-sched-epilog $(CC_FLAGS_FTRACE) $(DISABLE_LATENT_ENTROPY_PLUGIN)
> +CFLAGS_REMOVE_prom.o = -mno-sched-epilog $(CC_FLAGS_FTRACE) $(DISABLE_LATENT_ENTROPY_PLUGIN)
> # do not trace tracer code
> CFLAGS_REMOVE_ftrace.o = -mno-sched-epilog $(CC_FLAGS_FTRACE)
> # timers used by tracing
> diff --git a/include/linux/random.h b/include/linux/random.h
> index e47e533..379f4bc 100644
> --- a/include/linux/random.h
> +++ b/include/linux/random.h
> @@ -18,6 +18,14 @@ struct random_ready_callback {
> };
>
> extern void add_device_randomness(const void *, unsigned int);
> +
> +static inline void add_latent_entropy(void)
> +{
> +#ifdef CONFIG_GCC_PLUGIN_LATENT_ENTROPY
> + add_device_randomness((const void *)&latent_entropy, sizeof(latent_entropy));
> +#endif
> +}
> +
Traditionally the code style of #ifdef arrangement in header files
uses an "#else" since there's usually other code to wrap in it, and it
results in small future diffs:
#ifdef CONFIG_GCC_PLUGIN_LATENT_ENTROPY
static inline void add_latent_entropy(void)
{
add_device_randomness((const void *)&latent_entropy,
sizeof(latent_entropy));
}
#else
static inline void add_latent_entropy(void) { }
#endif
Also, does this matter that it's non-atomic? It seems like the u64
below is being written to by multiple threads and even read by
multiple threads. Am I misunderstanding something?
> [...]
> new file mode 100644
> index 0000000..7295c39
> --- /dev/null
> +++ b/scripts/gcc-plugins/latent_entropy_plugin.c
I feel like most of the functions in this plugin could use some more
comments about what each one does.
-Kees
--
Kees Cook
Chrome OS & Brillo Security
next prev parent reply other threads:[~2016-05-24 17:32 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-23 22:14 [PATCH v1 0/3] Introduce the latent_entropy gcc plugin Emese Revfy
2016-05-23 22:15 ` [PATCH v1 1/3] Add " Emese Revfy
2016-05-24 17:32 ` Kees Cook [this message]
2016-05-24 21:23 ` Emese Revfy
2016-05-24 23:40 ` PaX Team
2016-05-25 2:55 ` Kees Cook
2016-05-30 22:39 ` Emese Revfy
2016-05-23 22:16 ` [PATCH v1 2/3] Mark functions with the latent_entropy attribute Emese Revfy
2016-05-24 17:16 ` Kees Cook
2016-05-24 20:45 ` Emese Revfy
2016-05-24 20:55 ` Kees Cook
2016-05-23 22:17 ` [PATCH v1 3/3] Add the extra_latent_entropy kernel parameter Emese Revfy
2016-05-24 17:09 ` Kees Cook
2016-05-24 20:29 ` Emese Revfy
2016-05-29 17:59 [PATCH v1 1/3] Add the latent_entropy gcc plugin Hector Martin
2016-05-30 2:16 ` Kees Cook
2016-05-30 3:46 ` Hector Martin "marcan"
2016-05-30 15:40 ` Kees Cook
2016-05-30 20:24 ` Hector Martin "marcan"
2016-05-31 17:25 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAGXu5jJHenHARDZt=51m1XbSStTxpG90Dv=Fpkn79A6pZYtGOw@mail.gmail.com' \
--to=keescook@chromium.org \
--cc=akpm@linux-foundation.org \
--cc=axboe@kernel.dk \
--cc=bart.vanassche@sandisk.com \
--cc=davem@davemloft.net \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mingo@redhat.com \
--cc=mmarek@suse.com \
--cc=pageexec@freemail.hu \
--cc=paulmck@linux.vnet.ibm.com \
--cc=re.emese@gmail.com \
--cc=spender@grsecurity.net \
--cc=tglx@linutronix.de \
--cc=tytso@mit.edu \
--cc=viro@zeniv.linux.org.uk \
--cc=yamada.masahiro@socionext.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).