WSL2-Linux-Kernel/scripts
Jason A. Donenfeld bd17422b9b gcc-plugins: latent_entropy: use /dev/urandom
commit c40160f299 upstream.

While the latent entropy plugin mostly doesn't derive entropy from
get_random_const() for measuring the call graph, when __latent_entropy is
applied to a constant, then it's initialized statically to output from
get_random_const(). In that case, this data is derived from a 64-bit
seed, which means a buffer of 512 bits doesn't really have that amount
of compile-time entropy.

This patch fixes that shortcoming by just buffering chunks of
/dev/urandom output and doling it out as requested.

At the same time, it's important that we don't break the use of
-frandom-seed, for people who want the runtime benefits of the latent
entropy plugin, while still having compile-time determinism. In that
case, we detect whether gcc's set_random_seed() has been called by
making a call to get_random_seed(noinit=true) in the plugin init
function, which is called after set_random_seed() is called but before
anything that calls get_random_seed(noinit=false), and seeing if it's
zero or not. If it's not zero, we're in deterministic mode, and so we
just generate numbers with a basic xorshift prng.

Note that we don't detect if -frandom-seed is being used using the
documented local_tick variable, because it's assigned via:
   local_tick = (unsigned) tv.tv_sec * 1000 + tv.tv_usec / 1000;
which may well overflow and become -1 on its own, and so isn't
reliable: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105171

[kees: The 256 byte rnd_buf size was chosen based on average (250),
 median (64), and std deviation (575) bytes of used entropy for a
 defconfig x86_64 build]

Fixes: 38addce8b6 ("gcc-plugins: Add latent_entropy plugin")
Cc: stable@vger.kernel.org
Cc: PaX Team <pageexec@freemail.hu>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20220405222815.21155-1-Jason@zx2c4.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-04-20 09:34:18 +02:00
..
atomic atomics: Fix atomic64_{read_acquire,set_release} fallbacks 2022-04-08 14:23:57 +02:00
basic
clang-tools gen_compile_commands: fix missing 'sys' package 2021-09-19 10:13:03 +09:00
coccinelle scripts: coccinelle: allow list_entry_is_head() to use pos 2021-08-08 22:00:49 +02:00
dtc scripts/dtc: Call pkg-config POSIXly correct 2022-04-08 14:23:29 +02:00
dummy-tools
gcc-plugins gcc-plugins: latent_entropy: use /dev/urandom 2022-04-20 09:34:18 +02:00
gdb
genksyms
kconfig kconfig: fix failing to generate auto.conf 2022-02-23 12:03:20 +01:00
ksymoops
mod modpost: restore the warning message for missing symbol versions 2022-04-08 14:24:10 +02:00
package
selinux
tracing scripts/tracing: fix the bug that can't parse raw_trace_func 2021-08-04 17:49:26 -04:00
.gitignore
Kbuild.include kbuild: warn if FORCE is missing for if_changed(_dep,_rule) and filechk 2021-09-03 08:17:19 +09:00
Kconfig.include
Lindent
Makefile
Makefile.asm-generic
Makefile.build kbuild: remove stale *.symversions 2021-09-03 08:17:20 +09:00
Makefile.clang kbuild: Add -Werror=ignored-optimization-argument to CLANG_FLAGS 2021-09-19 10:55:18 +09:00
Makefile.clean
Makefile.compiler
Makefile.dtbinst
Makefile.extrawarn Makefile.extrawarn: Move -Wunaligned-access to W=1 2022-02-16 12:56:39 +01:00
Makefile.gcc-plugins gcc-plugins/structleak: add makefile var for disabling structleak 2021-10-06 17:53:29 -06:00
Makefile.headersinst
Makefile.host
Makefile.kasan kasan: always respect CONFIG_KASAN_STACK 2021-09-24 16:13:35 -07:00
Makefile.kcov
Makefile.kcsan
Makefile.lib Kbuild updates for v5.15 2021-09-03 15:33:47 -07:00
Makefile.modfinal kbuild: Fix TRIM_UNUSED_KSYMS with LTO_CLANG 2021-09-03 08:12:39 +09:00
Makefile.modinst
Makefile.modpost kbuild: Fix comment typo in scripts/Makefile.modpost 2021-09-19 10:14:19 +09:00
Makefile.package
Makefile.ubsan ubsan: remove CONFIG_UBSAN_OBJECT_SIZE 2022-04-13 20:59:27 +02:00
Makefile.userprogs
adjust_autoksyms.sh kbuild: redo fake deps at include/ksym/*.h 2021-09-03 08:17:21 +09:00
as-version.sh kbuild: Switch to 'f' variants of integrated assembler flag 2021-09-03 08:17:20 +09:00
asn1_compiler.c
bin2c.c
bloat-o-meter
bootgraph.pl
bpf_doc.py bpf: Introduce bpf timers. 2021-07-15 22:31:10 +02:00
cc-can-link.sh
cc-version.sh
check-sysctl-docs
check_extable.sh scripts: check_extable: fix typo in user error message 2021-09-08 11:50:28 -07:00
checkdeclares.pl scripts: make some scripts executable 2021-08-10 09:13:25 +09:00
checkincludes.pl
checkkconfigsymbols.py checkkconfigsymbols.py: Remove skipping of help lines in parse_kconfig_file 2021-09-19 10:13:03 +09:00
checkpatch.pl checkpatch: improve GIT_COMMIT_ID test 2021-09-08 11:50:27 -07:00
checkstack.pl
checksyscalls.sh checksyscalls: Unconditionally ignore fstat{,at}64 2021-10-07 17:16:28 -07:00
checkversion.pl scripts: checkversion: modernize linux/version.h search strings 2021-08-05 20:55:39 +09:00
cleanfile
cleanpatch
coccicheck
config
const_structs.checkpatch
decode_stacktrace.sh scripts/decode_stacktrace.sh: indicate 'auto' can be used for base path 2021-07-08 11:48:22 -07:00
decodecode
depmod.sh
dev-needs.sh
diffconfig
documentation-file-ref-check
export_report.pl
extract-cert.c
extract-ikconfig
extract-module-sig.pl
extract-sys-certs.pl
extract-vmlinux
extract_xc3028.pl
faddr2line
file-size.sh
find-unused-docs.sh
gcc-goto.sh
gcc-ld
gcc-x86_32-has-stack-protector.sh
gcc-x86_64-has-stack-protector.sh
gen_autoksyms.sh kbuild: Fix TRIM_UNUSED_KSYMS with LTO_CLANG 2021-09-03 08:12:39 +09:00
gen_ksymdeps.sh kbuild: redo fake deps at include/ksym/*.h 2021-09-03 08:17:21 +09:00
generate_initcall_order.pl
get_abi.pl
get_dvb_firmware
get_feat.pl
get_maintainer.pl
gfp-translate
headerdep.pl
headers_check.pl
headers_install.sh
insert-sys-cert.c
jobserver-exec
kallsyms.c
kernel-doc scripts/kernel-doc: Override -Werror from KCFLAGS with KDOC_WERROR 2021-08-12 08:58:13 -06:00
ld-version.sh
leaking_addresses.pl leaking_addresses: Always print a trailing newline 2021-11-18 19:16:16 +01:00
link-vmlinux.sh kbuild: merge vmlinux_link() between ARCH=um and other architectures 2021-09-03 08:17:21 +09:00
makelst
markup_oops.pl
min-tool-version.sh Documentation: raise minimum supported version of GCC to 5.1 2021-09-13 10:18:28 -07:00
mkcompile_h
mksysmap
mkuboot.sh
module.lds.S module: combine constructors in module linker script 2021-07-19 14:51:40 +02:00
modules-check.sh
nsdeps
objdiff
parse-maintainers.pl
patch-kernel
profile2linkerlist.pl
prune-kernel
recordmcount.c
recordmcount.h
recordmcount.pl recordmcount.pl: fix typo in s390 mcount regex 2022-01-05 12:42:33 +01:00
remove-stale-files
setlocalversion scripts/setlocalversion: fix a bug when LOCALVERSION is empty 2021-07-18 23:48:14 +09:00
show_delta
sign-file.c
sorttable.c scripts/sorttable: riscv: fix undeclared identifier 'EM_RISCV' error 2021-09-24 16:13:35 -07:00
sorttable.h
spdxcheck-test.sh scripts/spdxcheck-test.sh: Drop python2 2021-07-21 15:59:32 +02:00
spdxcheck.py scripts/spdxcheck.py: Strictly read license files in utf-8 2021-07-12 09:56:50 -06:00
spelling.txt
sphinx-pre-install scripts: sphinx-pre-install: Fix ctex support on Debian 2022-01-27 11:05:44 +01:00
split-man.pl
stackdelta
stackusage
subarch.include parisc: Fix compile failure when building 64-bit kernel natively 2021-09-01 21:52:02 +02:00
syscallhdr.sh scripts: check duplicated syscall number in syscall table 2021-07-09 04:00:39 +09:00
syscallnr.sh scripts: make some scripts executable 2021-08-10 09:13:25 +09:00
syscalltbl.sh scripts: check duplicated syscall number in syscall table 2021-07-09 04:00:39 +09:00
tags.sh
tools-support-relr.sh
unifdef.c
ver_linux
xen-hypercalls.sh scripts: make some scripts executable 2021-08-10 09:13:25 +09:00
xz_wrap.sh