Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9ffc6694 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'gcc-plugins-v4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux 

Pull gcc plugins update from Kees Cook:
 "This adds a new gcc plugin named "latent_entropy". It is designed to
  extract as much possible uncertainty from a running system at boot
  time as possible, hoping to capitalize on any possible variation in
  CPU operation (due to runtime data differences, hardware differences,
  SMP ordering, thermal timing variation, cache behavior, etc).

  At the very least, this plugin is a much more comprehensive example
  for how to manipulate kernel code using the gcc plugin internals"

* tag 'gcc-plugins-v4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
  latent_entropy: Mark functions with __latent_entropy
  gcc-plugins: Add latent_entropy plugin
parents 133d970e 0766f788

arch/Kconfig

+18 −0
Original line number Diff line number Diff line
@@ -383,6 +383,24 @@ config GCC_PLUGIN_SANCOV 
	  gcc-4.5 on). It is based on the commit "Add fuzzing coverage support"

	  by Dmitry Vyukov <dvyukov@google.com>.



config GCC_PLUGIN_LATENT_ENTROPY

	bool "Generate some entropy during boot and runtime"

	depends on GCC_PLUGINS

	help

	  By saying Y here the kernel will instrument some kernel code to

	  extract some entropy from both original and artificially created

	  program state.  This will help especially embedded systems where

	  there is little 'natural' source of entropy normally.  The cost

	  is some slowdown of the boot process (about 0.5%) and fork and

	  irq processing.



	  Note that entropy extracted this way is not cryptographically

	  secure!



	  This plugin was ported from grsecurity/PaX. More information at:

	   * https://grsecurity.net/

	   * https://pax.grsecurity.net/



config HAVE_CC_STACKPROTECTOR

	bool

	help

arch/powerpc/kernel/Makefile

+5 −0
Original line number Diff line number Diff line
@@ -14,6 +14,11 @@ CFLAGS_prom_init.o += -fPIC 
CFLAGS_btext.o		+= -fPIC

endif



CFLAGS_cputable.o += $(DISABLE_LATENT_ENTROPY_PLUGIN)

CFLAGS_init.o += $(DISABLE_LATENT_ENTROPY_PLUGIN)

CFLAGS_btext.o += $(DISABLE_LATENT_ENTROPY_PLUGIN)

CFLAGS_prom.o += $(DISABLE_LATENT_ENTROPY_PLUGIN)



ifdef CONFIG_FUNCTION_TRACER

# Do not trace early boot code

CFLAGS_REMOVE_cputable.o = -mno-sched-epilog $(CC_FLAGS_FTRACE)

block/blk-softirq.c

+1 −1
Original line number Diff line number Diff line
@@ -18,7 +18,7 @@ static DEFINE_PER_CPU(struct list_head, blk_cpu_done); 
 * Softirq action handler - move entries to local list and loop over them

 * while passing them to the queue registered handler.

 */

static void blk_done_softirq(struct softirq_action *h)

static __latent_entropy void blk_done_softirq(struct softirq_action *h)

{

	struct list_head *cpu_list, local_list;

drivers/char/random.c

+2 −2
Original line number Diff line number Diff line
@@ -479,8 +479,8 @@ static ssize_t _extract_entropy(struct entropy_store *r, void *buf, 


static void crng_reseed(struct crng_state *crng, struct entropy_store *r);

static void push_to_pool(struct work_struct *work);

static __u32 input_pool_data[INPUT_POOL_WORDS];

static __u32 blocking_pool_data[OUTPUT_POOL_WORDS];

static __u32 input_pool_data[INPUT_POOL_WORDS] __latent_entropy;

static __u32 blocking_pool_data[OUTPUT_POOL_WORDS] __latent_entropy;



static struct entropy_store input_pool = {

	.poolinfo = &poolinfo_table[0],

fs/namespace.c

+1 −0
Original line number Diff line number Diff line
@@ -2824,6 +2824,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) 
	return new_ns;

}



__latent_entropy

struct mnt_namespace *copy_mnt_ns(unsigned long flags, struct mnt_namespace *ns,

		struct user_namespace *user_ns, struct fs_struct *new_fs)

{