WSL2-Linux-Kernel/scripts
Jason A. Donenfeld bd17422b9b gcc-plugins: latent_entropy: use /dev/urandom
commit c40160f299 upstream.

While the latent entropy plugin mostly doesn't derive entropy from
get_random_const() for measuring the call graph, when __latent_entropy is
applied to a constant, then it's initialized statically to output from
get_random_const(). In that case, this data is derived from a 64-bit
seed, which means a buffer of 512 bits doesn't really have that amount
of compile-time entropy.

This patch fixes that shortcoming by just buffering chunks of
/dev/urandom output and doling it out as requested.

At the same time, it's important that we don't break the use of
-frandom-seed, for people who want the runtime benefits of the latent
entropy plugin, while still having compile-time determinism. In that
case, we detect whether gcc's set_random_seed() has been called by
making a call to get_random_seed(noinit=true) in the plugin init
function, which is called after set_random_seed() is called but before
anything that calls get_random_seed(noinit=false), and seeing if it's
zero or not. If it's not zero, we're in deterministic mode, and so we
just generate numbers with a basic xorshift prng.

Note that we don't detect if -frandom-seed is being used using the
documented local_tick variable, because it's assigned via:
   local_tick = (unsigned) tv.tv_sec * 1000 + tv.tv_usec / 1000;
which may well overflow and become -1 on its own, and so isn't
reliable: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105171

[kees: The 256 byte rnd_buf size was chosen based on average (250),
 median (64), and std deviation (575) bytes of used entropy for a
 defconfig x86_64 build]

Fixes: 38addce8b6 ("gcc-plugins: Add latent_entropy plugin")
Cc: stable@vger.kernel.org
Cc: PaX Team <pageexec@freemail.hu>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20220405222815.21155-1-Jason@zx2c4.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-04-20 09:34:18 +02:00
..
atomic atomics: Fix atomic64_{read_acquire,set_release} fallbacks 2022-04-08 14:23:57 +02:00
basic .gitignore: prefix local generated files with a slash 2021-05-02 00:43:35 +09:00
clang-tools gen_compile_commands: fix missing 'sys' package 2021-09-19 10:13:03 +09:00
coccinelle scripts: coccinelle: allow list_entry_is_head() to use pos 2021-08-08 22:00:49 +02:00
dtc scripts/dtc: Call pkg-config POSIXly correct 2022-04-08 14:23:29 +02:00
dummy-tools kbuild: dummy-tools: adjust to stricter stackprotector check 2021-05-17 12:10:03 +09:00
gcc-plugins gcc-plugins: latent_entropy: use /dev/urandom 2022-04-20 09:34:18 +02:00
gdb scripts/gdb: add lx_current support for arm64 2021-05-07 00:26:33 -07:00
genksyms .gitignore: prefix local generated files with a slash 2021-05-02 00:43:35 +09:00
kconfig kconfig: fix failing to generate auto.conf 2022-02-23 12:03:20 +01:00
ksymoops Fix dead URLs to ftp.kernel.org 2017-03-28 16:16:52 +02:00
mod modpost: restore the warning message for missing symbol versions 2022-04-08 14:24:10 +02:00
package kbuild: buildtar: add riscv support 2021-03-29 23:13:30 -07:00
selinux scripts/selinux,selinux: update mdp to enable policy capabilities 2020-08-17 20:42:00 -04:00
tracing scripts/tracing: fix the bug that can't parse raw_trace_func 2021-08-04 17:49:26 -04:00
.gitignore .gitignore: prefix local generated files with a slash 2021-05-02 00:43:35 +09:00
Kbuild.include kbuild: warn if FORCE is missing for if_changed(_dep,_rule) and filechk 2021-09-03 08:17:19 +09:00
Kconfig.include kbuild: check the minimum assembler version in Kconfig 2021-04-25 05:14:41 +09:00
Lindent License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
Makefile Fix CVE-2020-26541 2021-04-26 08:38:10 -07:00
Makefile.asm-generic kbuild: prefix $(srctree)/ to some included Makefiles 2021-03-15 19:20:48 +09:00
Makefile.build kbuild: remove stale *.symversions 2021-09-03 08:17:20 +09:00
Makefile.clang kbuild: Add -Werror=ignored-optimization-argument to CLANG_FLAGS 2021-09-19 10:55:18 +09:00
Makefile.clean kbuild: prefix $(srctree)/ to some included Makefiles 2021-03-15 19:20:48 +09:00
Makefile.compiler kbuild: remove TMPO from try-run 2021-04-25 05:25:56 +09:00
Makefile.dtbinst kbuild: prefix $(srctree)/ to some included Makefiles 2021-03-15 19:20:48 +09:00
Makefile.extrawarn Makefile.extrawarn: Move -Wunaligned-access to W=1 2022-02-16 12:56:39 +01:00
Makefile.gcc-plugins gcc-plugins/structleak: add makefile var for disabling structleak 2021-10-06 17:53:29 -06:00
Makefile.headersinst kbuild: prefix $(srctree)/ to some included Makefiles 2021-03-15 19:20:48 +09:00
Makefile.host kbuild: sort hostprogs before passing it to ifneq 2020-08-10 01:32:59 +09:00
Makefile.kasan kasan: always respect CONFIG_KASAN_STACK 2021-09-24 16:13:35 -07:00
Makefile.kcov kbuild: include scripts/Makefile.* only when relevant CONFIG is enabled 2020-08-10 01:32:59 +09:00
Makefile.kcsan Kbuild updates for v5.10 2020-10-22 13:13:57 -07:00
Makefile.lib Kbuild updates for v5.15 2021-09-03 15:33:47 -07:00
Makefile.modfinal kbuild: Fix TRIM_UNUSED_KSYMS with LTO_CLANG 2021-09-03 08:12:39 +09:00
Makefile.modinst kbuild: add support for zstd compressed modules 2021-04-25 05:25:06 +09:00
Makefile.modpost kbuild: Fix comment typo in scripts/Makefile.modpost 2021-09-19 10:14:19 +09:00
Makefile.package kbuild: deb-pkg: change the source package name to linux-upstream 2021-04-25 05:30:45 +09:00
Makefile.ubsan ubsan: remove CONFIG_UBSAN_OBJECT_SIZE 2022-04-13 20:59:27 +02:00
Makefile.userprogs kbuild: add infrastructure to build userspace programs 2020-05-17 18:52:01 +09:00
adjust_autoksyms.sh kbuild: redo fake deps at include/ksym/*.h 2021-09-03 08:17:21 +09:00
as-version.sh kbuild: Switch to 'f' variants of integrated assembler flag 2021-09-03 08:17:20 +09:00
asn1_compiler.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36 2019-05-24 17:27:11 +02:00
bin2c.c kbuild: move bin2c back to scripts/ from scripts/basic/ 2018-07-18 01:18:05 +09:00
bloat-o-meter scripts: switch explicitly to Python 3 2021-01-22 06:34:44 +09:00
bootgraph.pl treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 391 2019-06-05 17:37:11 +02:00
bpf_doc.py bpf: Introduce bpf timers. 2021-07-15 22:31:10 +02:00
cc-can-link.sh bpfilter: check compiler capability in Kconfig 2018-06-28 13:36:39 +09:00
cc-version.sh kbuild: collect minimum tool versions into scripts/min-tool-version.sh 2021-04-25 05:14:26 +09:00
check-sysctl-docs docs: add a script to check sysctl docs 2020-02-25 03:35:16 -07:00
check_extable.sh scripts: check_extable: fix typo in user error message 2021-09-08 11:50:28 -07:00
checkdeclares.pl scripts: make some scripts executable 2021-08-10 09:13:25 +09:00
checkincludes.pl License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
checkkconfigsymbols.py checkkconfigsymbols.py: Remove skipping of help lines in parse_kconfig_file 2021-09-19 10:13:03 +09:00
checkpatch.pl checkpatch: improve GIT_COMMIT_ID test 2021-09-08 11:50:27 -07:00
checkstack.pl scripts/checkstack.pl: fix arm sp regex 2020-05-26 00:03:16 +09:00
checksyscalls.sh checksyscalls: Unconditionally ignore fstat{,at}64 2021-10-07 17:16:28 -07:00
checkversion.pl scripts: checkversion: modernize linux/version.h search strings 2021-08-05 20:55:39 +09:00
cleanfile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
cleanpatch License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
coccicheck scripts: coccicheck: fix troubles on non-English builds 2021-05-18 11:09:59 +02:00
config kconfig: config script: add a little user help 2021-01-04 10:38:11 +09:00
const_structs.checkpatch const_structs.checkpatch: add pinctrl_ops and pinmux_ops 2020-10-16 11:11:21 -07:00
decode_stacktrace.sh scripts/decode_stacktrace.sh: indicate 'auto' can be used for base path 2021-07-08 11:48:22 -07:00
decodecode scripts/decodecode: add the capability to supply the program counter 2020-10-13 18:38:26 -07:00
depmod.sh depmod: handle the case of /sbin/depmod without /sbin in PATH 2021-01-01 12:26:39 -08:00
dev-needs.sh scripts/dev-needs: Add script to list device dependencies 2020-09-04 18:19:37 +02:00
diffconfig scripts: switch explicitly to Python 3 2021-01-22 06:34:44 +09:00
documentation-file-ref-check documentation-file-ref-check: Make git check work for multiple working directories 2021-06-04 11:20:52 -06:00
export_report.pl modpost: move the namespace field in Module.symvers last 2020-03-17 08:59:03 +09:00
extract-cert.c extract-cert: add static to local data 2020-08-18 20:16:46 +09:00
extract-ikconfig
extract-module-sig.pl License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
extract-sys-certs.pl License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
extract-vmlinux treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 378 2019-06-05 17:37:10 +02:00
extract_xc3028.pl treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 339 2019-06-05 17:37:07 +02:00
faddr2line scripts/faddr2line: fix location of start_kernel in comment 2018-11-18 10:15:09 -08:00
file-size.sh kbuild: Use ls(1) instead of stat(1) to obtain file size 2018-03-26 02:01:24 +09:00
find-unused-docs.sh scripts/find-unused-docs: Fix massive false positives 2020-01-27 14:25:06 -07:00
gcc-goto.sh jump_label: move 'asm goto' support test to Kconfig 2019-01-06 09:46:51 +09:00
gcc-ld License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
gcc-x86_32-has-stack-protector.sh x86/stackprotector/32: Make the canary into a regular percpu variable 2021-03-08 13:19:05 +01:00
gcc-x86_64-has-stack-protector.sh stack-protector: Fix test with 32-bit userland and CONFIG_64BIT=y 2018-06-25 23:21:13 +09:00
gen_autoksyms.sh kbuild: Fix TRIM_UNUSED_KSYMS with LTO_CLANG 2021-09-03 08:12:39 +09:00
gen_ksymdeps.sh kbuild: redo fake deps at include/ksym/*.h 2021-09-03 08:17:21 +09:00
generate_initcall_order.pl init: lto: ensure initcall ordering 2021-01-14 08:21:09 -08:00
get_abi.pl scripts: get_abi: ignore code blocks for cross-references 2021-03-31 13:53:16 -06:00
get_dvb_firmware treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 61 2019-05-24 17:36:45 +02:00
get_feat.pl scripts: get_feat.pl: reduce table width for all features output 2020-12-04 14:34:27 -07:00
get_maintainer.pl get_maintainer: exclude MAINTAINERS file(s) from --git-fallback 2020-10-16 11:11:19 -07:00
gfp-translate treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 166 2019-05-30 11:26:39 -07:00
headerdep.pl License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
headers_check.pl License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
headers_install.sh Merge branch 'work.fdpic' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2020-08-07 13:29:39 -07:00
insert-sys-cert.c
jobserver-exec scripts/jobserver-exec: Fix a typo ("envirnoment") 2021-05-17 12:10:03 +09:00
kallsyms.c kallsyms: fix nonconverging kallsyms table with lld 2021-02-05 17:53:28 +09:00
kernel-doc scripts/kernel-doc: Override -Werror from KCFLAGS with KDOC_WERROR 2021-08-12 08:58:13 -06:00
ld-version.sh kbuild: collect minimum tool versions into scripts/min-tool-version.sh 2021-04-25 05:14:26 +09:00
leaking_addresses.pl leaking_addresses: Always print a trailing newline 2021-11-18 19:16:16 +01:00
link-vmlinux.sh kbuild: merge vmlinux_link() between ARCH=um and other architectures 2021-09-03 08:17:21 +09:00
makelst License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
markup_oops.pl treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 373 2019-06-05 17:37:10 +02:00
min-tool-version.sh Documentation: raise minimum supported version of GCC to 5.1 2021-09-13 10:18:28 -07:00
mkcompile_h kbuild: mkcompile_h: consider timestamp if KBUILD_BUILD_TIMESTAMP is set 2021-06-17 10:01:12 +09:00
mksysmap mksysmap: Fix the mismatch of '.L' symbols in System.map 2020-06-06 23:39:20 +09:00
mkuboot.sh License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
module.lds.S module: combine constructors in module linker script 2021-07-19 14:51:40 +02:00
modules-check.sh kbuild: check module name conflict for external modules as well 2021-04-25 05:22:42 +09:00
nsdeps kbuild: replace LANG=C with LC_ALL=C 2021-05-02 00:43:35 +09:00
objdiff treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 199 2019-05-30 11:29:23 -07:00
parse-maintainers.pl parse-maintainers: Do not sort section content by default 2020-03-26 15:08:27 -07:00
patch-kernel License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
profile2linkerlist.pl License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
prune-kernel License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
recordmcount.c ftrace: Have recordmcount use w8 to read relp->r_info in arm64_is_fake_mcount 2021-03-02 17:27:18 -05:00
recordmcount.h recordmcount: Correct st_shndx handling 2021-06-18 09:09:17 -04:00
recordmcount.pl recordmcount.pl: fix typo in s390 mcount regex 2022-01-05 12:42:33 +01:00
remove-stale-files kbuild: add a script to remove stale generated files 2021-05-02 00:43:35 +09:00
setlocalversion scripts/setlocalversion: fix a bug when LOCALVERSION is empty 2021-07-18 23:48:14 +09:00
show_delta tweewide: Fix most Shebang lines 2020-12-08 23:30:04 +09:00
sign-file.c sign-file: fix build error in sign-file.c with libressl 2017-02-10 12:43:47 +11:00
sorttable.c scripts/sorttable: riscv: fix undeclared identifier 'EM_RISCV' error 2021-09-24 16:13:35 -07:00
sorttable.h scripts/sorttable: Implement build-time ORC unwind table sorting 2019-12-13 10:47:58 +01:00
spdxcheck-test.sh scripts/spdxcheck-test.sh: Drop python2 2021-07-21 15:59:32 +02:00
spdxcheck.py scripts/spdxcheck.py: Strictly read license files in utf-8 2021-07-12 09:56:50 -06:00
spelling.txt scripts/spelling.txt: add more spellings to spelling.txt 2021-06-29 10:53:45 -07:00
sphinx-pre-install scripts: sphinx-pre-install: Fix ctex support on Debian 2022-01-27 11:05:44 +01:00
split-man.pl tweewide: Fix most Shebang lines 2020-12-08 23:30:04 +09:00
stackdelta License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
stackusage License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
subarch.include parisc: Fix compile failure when building 64-bit kernel natively 2021-09-01 21:52:02 +02:00
syscallhdr.sh scripts: check duplicated syscall number in syscall table 2021-07-09 04:00:39 +09:00
syscallnr.sh scripts: make some scripts executable 2021-08-10 09:13:25 +09:00
syscalltbl.sh scripts: check duplicated syscall number in syscall table 2021-07-09 04:00:39 +09:00
tags.sh kbuild: replace LANG=C with LC_ALL=C 2021-05-02 00:43:35 +09:00
tools-support-relr.sh Makefile: fix GDB warning with CONFIG_RELR 2021-06-08 13:09:34 +01:00
unifdef.c unifdef: use memcpy instead of strncpy 2018-11-30 14:45:01 -08:00
ver_linux Removed the oprofiled version option 2021-05-03 17:23:06 -06:00
xen-hypercalls.sh scripts: make some scripts executable 2021-08-10 09:13:25 +09:00
xz_wrap.sh kbuild: add variables for compression tools 2020-06-06 23:42:01 +09:00