From: Greg KH <gregkh@linuxfoundation.org>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: stable@vger.kernel.org, PaX Team <pageexec@freemail.hu>,
Kees Cook <keescook@chromium.org>
Subject: Re: [PATCH stable v4.9.y] gcc-plugins: latent_entropy: use /dev/urandom
Date: Mon, 18 Apr 2022 12:04:44 +0200 [thread overview]
Message-ID: <Yl03vITb4OSVSjCw@kroah.com> (raw)
In-Reply-To: <20220418094241.1484705-1-Jason@zx2c4.com>
On Mon, Apr 18, 2022 at 11:42:41AM +0200, Jason A. Donenfeld wrote:
> commit c40160f2998c897231f8454bf797558d30a20375 upstream.
>
> While the latent entropy plugin mostly doesn't derive entropy from
> get_random_const() for measuring the call graph, when __latent_entropy is
> applied to a constant, then it's initialized statically to output from
> get_random_const(). In that case, this data is derived from a 64-bit
> seed, which means a buffer of 512 bits doesn't really have that amount
> of compile-time entropy.
>
> This patch fixes that shortcoming by just buffering chunks of
> /dev/urandom output and doling it out as requested.
>
> At the same time, it's important that we don't break the use of
> -frandom-seed, for people who want the runtime benefits of the latent
> entropy plugin, while still having compile-time determinism. In that
> case, we detect whether gcc's set_random_seed() has been called by
> making a call to get_random_seed(noinit=true) in the plugin init
> function, which is called after set_random_seed() is called but before
> anything that calls get_random_seed(noinit=false), and seeing if it's
> zero or not. If it's not zero, we're in deterministic mode, and so we
> just generate numbers with a basic xorshift prng.
>
> Note that we don't detect if -frandom-seed is being used using the
> documented local_tick variable, because it's assigned via:
> local_tick = (unsigned) tv.tv_sec * 1000 + tv.tv_usec / 1000;
> which may well overflow and become -1 on its own, and so isn't
> reliable: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105171
>
> [kees: The 256 byte rnd_buf size was chosen based on average (250),
> median (64), and std deviation (575) bytes of used entropy for a
> defconfig x86_64 build]
>
> Fixes: 38addce8b600 ("gcc-plugins: Add latent_entropy plugin")
> Cc: stable@vger.kernel.org
> Cc: PaX Team <pageexec@freemail.hu>
> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
> Signed-off-by: Kees Cook <keescook@chromium.org>
> Link: https://lore.kernel.org/r/20220405222815.21155-1-Jason@zx2c4.com
> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
> ---
> scripts/gcc-plugins/latent_entropy_plugin.c | 44 +++++++++++++--------
> 1 file changed, 27 insertions(+), 17 deletions(-)
Queued this one up now instead, thanks for the backport!
greg k-h
prev parent reply other threads:[~2022-04-18 10:04 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-18 9:42 [PATCH stable v4.9.y] gcc-plugins: latent_entropy: use /dev/urandom Jason A. Donenfeld
2022-04-18 10:04 ` Greg KH [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Yl03vITb4OSVSjCw@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=Jason@zx2c4.com \
--cc=keescook@chromium.org \
--cc=pageexec@freemail.hu \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.