drtracing.org Git - deliverable/linux.git/commit

author	Emese Revfy <re.emese@gmail.com>
	Mon, 20 Jun 2016 18:41:19 +0000 (20:41 +0200)
committer	Kees Cook <keescook@chromium.org>
	Tue, 9 Aug 2016 23:26:15 +0000 (16:26 -0700)
commit	2a5448668a3c592cc1758a90490e9e4b3df765e9
tree	a61a39d8ffed1ebb8bdb3b2a19867d7a85d3c574	tree \| snapshot
parent	3fcd59ab281da3ed939371b5561553a9c8ca3278	commit \| diff

gcc-plugins: Add latent_entropy plugin

This plugin mitigates the problem of the kernel having too little entropy
during and after boot for generating crypto keys.

It creates a local variable in every marked function. The value of this
variable is modified by randomly chosen operations (add, xor and rol) and
random values (gcc generates them at compile time and the stack pointer
at runtime). The resulting entropy depends on the control flow path (e.g.,
loops and branches taken).

Before the function returns the plugin writes this local variable into the
latent_entropy global variable. The value of this global variable is added
to the kernel entropy pool in do_one_initcall() and _do_fork().

Signed-off-by: Emese Revfy <re.emese@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>

arch/Kconfig		diff \| blob \| blame \| history
arch/powerpc/kernel/Makefile		diff \| blob \| blame \| history
include/linux/random.h		diff \| blob \| blame \| history
init/main.c		diff \| blob \| blame \| history
kernel/fork.c		diff \| blob \| blame \| history
mm/page_alloc.c		diff \| blob \| blame \| history
scripts/Makefile.gcc-plugins		diff \| blob \| blame \| history
scripts/gcc-plugins/latent_entropy_plugin.c	[new file with mode: 0644]	blob