Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0766f788 authored Jun 20, 2016 by Emese Revfy Committed by Kees Cook Oct 10, 2016

latent_entropy: Mark functions with __latent_entropy



The __latent_entropy gcc attribute can be used only on functions and
variables.  If it is on a function then the plugin will instrument it for
gathering control-flow entropy. If the attribute is on a variable then
the plugin will initialize it with random contents.  The variable must
be an integer, an integer array type or a structure with integer fields.

These specific functions have been selected because they are init
functions (to help gather boot-time entropy), are called at unpredictable
times, or they have variable loops, each of which provide some level of
latent entropy.

Signed-off-by: Emese Revfy <re.emese@gmail.com>
[kees: expanded commit message]
Signed-off-by: Kees Cook <keescook@chromium.org>

parent 38addce8

block/blk-softirq.c

+1 −1

Original line number	Original line	Diff line number	Diff line
	@@ -18,7 +18,7 @@ static DEFINE_PER_CPU(struct list_head, blk_cpu_done);
	* Softirq action handler - move entries to local list and loop over them		* Softirq action handler - move entries to local list and loop over them
	* while passing them to the queue registered handler.		* while passing them to the queue registered handler.
	*/		*/
	static void blk_done_softirq(struct softirq_action *h)		static __latent_entropy void blk_done_softirq(struct softirq_action *h)
	{		{
	struct list_head *cpu_list, local_list;		struct list_head *cpu_list, local_list;

drivers/char/random.c

+2 −2

Original line number	Original line	Diff line number	Diff line
	@@ -479,8 +479,8 @@ static ssize_t _extract_entropy(struct entropy_store r, void buf,

	static void crng_reseed(struct crng_state crng, struct entropy_store r);		static void crng_reseed(struct crng_state crng, struct entropy_store r);
	static void push_to_pool(struct work_struct *work);		static void push_to_pool(struct work_struct *work);
	static __u32 input_pool_data[INPUT_POOL_WORDS];		static __u32 input_pool_data[INPUT_POOL_WORDS] __latent_entropy;
	static __u32 blocking_pool_data[OUTPUT_POOL_WORDS];		static __u32 blocking_pool_data[OUTPUT_POOL_WORDS] __latent_entropy;

	static struct entropy_store input_pool = {		static struct entropy_store input_pool = {
	.poolinfo = &poolinfo_table[0],		.poolinfo = &poolinfo_table[0],

fs/namespace.c

+1 −0

Original line number	Original line	Diff line number	Diff line
	@@ -2759,6 +2759,7 @@ static struct mnt_namespace alloc_mnt_ns(struct user_namespace user_ns)
	return new_ns;		return new_ns;
	}		}

			__latent_entropy
	struct mnt_namespace copy_mnt_ns(unsigned long flags, struct mnt_namespace ns,		struct mnt_namespace copy_mnt_ns(unsigned long flags, struct mnt_namespace ns,
	struct user_namespace user_ns, struct fs_struct new_fs)		struct user_namespace user_ns, struct fs_struct new_fs)
	{		{

include/linux/compiler-gcc.h

+7 −0

Original line number	Original line	Diff line number	Diff line
	@@ -188,6 +188,13 @@
	#endif /* GCC_VERSION >= 40300 */		#endif /* GCC_VERSION >= 40300 */

	#if GCC_VERSION >= 40500		#if GCC_VERSION >= 40500

			#ifndef __CHECKER__
			#ifdef LATENT_ENTROPY_PLUGIN
			#define __latent_entropy __attribute__((latent_entropy))
			#endif
			#endif

	/*		/*
	* Mark a position in code as unreachable. This can be used to		* Mark a position in code as unreachable. This can be used to
	* suppress control flow warnings after asm blocks that transfer		* suppress control flow warnings after asm blocks that transfer

include/linux/compiler.h

+4 −0

Original line number	Original line	Diff line number	Diff line
	@@ -406,6 +406,10 @@ static __always_inline void __write_once_size(volatile void p, void res, int s
	# define __attribute_const__ /* unimplemented */		# define __attribute_const__ /* unimplemented */
	#endif		#endif

			#ifndef __latent_entropy
			# define __latent_entropy
			#endif

	/*		/*
	* Tell gcc if a function is cold. The compiler will assume any path		* Tell gcc if a function is cold. The compiler will assume any path
	* directly leading to the call is unlikely.		* directly leading to the call is unlikely.