On Mon, Jun 20, 2016 at 11:39 AM, Emese Revfy <re.emese@xxxxxxxxx> wrote: > I would like to introduce the latent_entropy gcc plugin. This plugin > mitigates the problem of the kernel having too little entropy during and > after boot for generating crypto keys. > > This plugin mixes random values into the latent_entropy global variable > in functions marked by the __latent_entropy attribute. > The value of this global variable is added to the kernel entropy pool > to increase the entropy. > > It is a CII project supported by the Linux Foundation. > > The latent_entropy plugin was ported from grsecurity/PaX originally written > by the PaX Team. You can find more about the plugin here: > https://grsecurity.net/pipermail/grsecurity/2012-July/001093.html > > The plugin supports all gcc version from 4.5 to 6.0. > > I do some changes above the PaX version. The important one is mixing > the stack pointer into the global variable too. > You can find more about the changes here: > https://github.com/ephox-gcc-plugins/latent_entropy > > This patch set is based on the "Introduce GCC plugin infrastructure" > patch set (git/mmarek/kbuild.git#kbuild HEAD: 543c37cb165049c3be). > > Emese Revfy (4): > Add support for passing gcc plugin arguments > Add the latent_entropy gcc plugin > Mark functions with the latent_entropy attribute > Add the extra_latent_entropy kernel parameter Thanks! This looks good to me. I've adjusted some of the commit message language for clarity and fixed a few other >80 lines that stood out to me. I've applied this to for-next/kspp and after I finish local build testing, it should appear in linux-next. Yay! :) -Kees -- Kees Cook Chrome OS & Brillo Security -- To unsubscribe from this list: send the line "unsubscribe linux-kbuild" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
