From patchwork Mon May 30 23:34:02 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Emese Revfy <re.emese@gmail.com>
X-Patchwork-Id: 9143023
Return-Path: 
 <kernel-hardening-return-3330-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	B657F60777 for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Mon, 30 May 2016 23:27:22 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A8F832012F
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Mon, 30 May 2016 23:27:22 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 9BE812521F; Mon, 30 May 2016 23:27:22 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,
	DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_MED,
	T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from mother.openwall.net (mother.openwall.net [195.42.179.200])
	by mail.wl.linuxfoundation.org (Postfix) with SMTP id C75112012F
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Mon, 30 May 2016 23:27:21 +0000 (UTC)
Received: (qmail 20194 invoked by uid 550); 30 May 2016 23:27:20 -0000
Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:kernel-hardening@lists.openwall.com>
List-Help: <mailto:kernel-hardening-help@lists.openwall.com>
List-Unsubscribe: <mailto:kernel-hardening-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:kernel-hardening-subscribe@lists.openwall.com>
List-ID: <kernel-hardening.lists.openwall.com>
Reply-To: kernel-hardening@lists.openwall.com
Delivered-To: mailing list kernel-hardening@lists.openwall.com
Received: (qmail 20176 invoked from network); 30 May 2016 23:27:19 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20120113;
	h=date:from:to:cc:subject:message-id:in-reply-to:references
	:mime-version:content-transfer-encoding;
	bh=BOSnt2wlNCHn7N4pFhf53paaUt+fvJ86ldiv1imcr6k=;
	b=PAA8QQaSApJ9Tx4bzHV4I1kEBc3/6ZfPjIcOMy+Qdu7D0XFhZ1alu/5nRzHqnYkIN7
	BJ7nN3s5SAylpDQc0jSL/JfyqXpOLGGnBqwvRGmvsOldnXyckhiaVh84g6Y3479yY3XK
	9NbnSUE6nxLuxZs6wa89/Tctx+Xv11+TKtYDDvC/xdV7jcZX1PpCY1w8KbULTRsdXma7
	1jB6jrR6sEKM1B9hvAdokk1rzGdolruxCW+TKfohNBM/qtu/WWHzG6Ij94BAfPxgEaX5
	79lUtlNVvkM3srcNjWHOomHh1w0wKw4tWgKvVdo63gL2xh/0hRZnceuLGoi8b2eysAOK
	8yRg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:date:from:to:cc:subject:message-id:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=BOSnt2wlNCHn7N4pFhf53paaUt+fvJ86ldiv1imcr6k=;
	b=R0J6y9kkQFVkY58iQrAA2j4IsQUgBXH7JvHw0iaIcJjLeQBfQeX2KYJTcLWGo1f0d6
	ubwVfBtXBs+D6o9IgtRRN3vjyjIaoP4PdunK2xQjUWb0WNpozVe51t0c7FI5wNOfdu0L
	E7jU2dhrixUlO+XfN9+JVURyYgsyxcybQCwM1N5G5iIBOZ2gWZgYqUVgxlEqiCamRlW5
	JoM9YgnE9kwrgRhxzXN9FHvULat3zQ3/R1pXnWvjqFTwMOKCVqVsV4Bapcz2HXT8zCOJ
	+7OdiXrqDrDBPw8mRua5fpJpapcRYJYmvyyjc06OflEPeGMTK+nYmeVSxyyzModoV2yg
	8TZQ==
X-Gm-Message-State: 
 ALyK8tJ912Pz46Gaxek4jJRRXvxdwrNqfahcQmzGrsWtSEoUiEzvDUfAtPXcjnr3TlbpdA==
X-Received: by 10.28.147.19 with SMTP id v19mr8844401wmd.13.1464650828347;
	Mon, 30 May 2016 16:27:08 -0700 (PDT)
Date: Tue, 31 May 2016 01:34:02 +0200
From: Emese Revfy <re.emese@gmail.com>
To: kernel-hardening@lists.openwall.com
Cc: pageexec@freemail.hu, spender@grsecurity.net, mmarek@suse.com,
	keescook@chromium.org, linux-kernel@vger.kernel.org,
	yamada.masahiro@socionext.com, linux-kbuild@vger.kernel.org,
	tytso@mit.edu,
	akpm@linux-foundation.org, linux-mm@kvack.org, axboe@kernel.dk,
	viro@zeniv.linux.org.uk, paulmck@linux.vnet.ibm.com, mingo@redhat.com,
	tglx@linutronix.de, bart.vanassche@sandisk.com, davem@davemloft.net
Message-Id: <20160531013402.087751d6ab3a568164e8b9ae@gmail.com>
In-Reply-To: <20160531013029.4c5db8b570d86527b0b53fe4@gmail.com>
References: <20160531013029.4c5db8b570d86527b0b53fe4@gmail.com>
X-Mailer: Sylpheed 3.5.0 (GTK+ 2.24.30; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Subject: [kernel-hardening] [PATCH v2 3/3] Add the extra_latent_entropy
	kernel parameter
X-Virus-Scanned: ClamAV using ClamSMTP

When extra_latent_entropy is passed on the kernel command line,
entropy will be extracted from up to the first 4GB of RAM while the
runtime memory allocator is being initialized.

Based on work created by the PaX Team.

Signed-off-by: Emese Revfy <re.emese@gmail.com>
---
 Documentation/kernel-parameters.txt |  5 +++++
 arch/Kconfig                        |  5 +++++
 mm/page_alloc.c                     | 25 +++++++++++++++++++++++++
 3 files changed, 35 insertions(+)

diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
index 5349363..6c2496e 100644
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@ -2862,6 +2862,11 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
 			the specified number of seconds.  This is to be used if
 			your oopses keep scrolling off the screen.
 
+	extra_latent_entropy
+			Enable a very simple form of latent entropy extraction
+			from the first 4GB of memory as the bootmem allocator
+			passes the memory pages to the buddy allocator.
+
 	pcbit=		[HW,ISDN]
 
 	pcd.		[PARIDE]
diff --git a/arch/Kconfig b/arch/Kconfig
index 7115867..cbfa8d3 100644
--- a/arch/Kconfig
+++ b/arch/Kconfig
@@ -404,6 +404,11 @@ config GCC_PLUGIN_LATENT_ENTROPY
 	  is some slowdown of the boot process (about 0.5%) and fork and
 	  irq processing.
 
+	  When extra_latent_entropy is passed on the kernel command line,
+	  entropy will be extracted from up to the first 4GB of RAM while the
+	  runtime memory allocator is being initialized.  This costs even more
+	  slowdown of the boot process.
+
 	  Note that entropy extracted this way is not known to be cryptographically
 	  secure!
 
diff --git a/mm/page_alloc.c b/mm/page_alloc.c
index ffc4f4a..72c61bd 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -63,6 +63,7 @@
 #include <linux/sched/rt.h>
 #include <linux/page_owner.h>
 #include <linux/kthread.h>
+#include <linux/random.h>
 
 #include <asm/sections.h>
 #include <asm/tlbflush.h>
@@ -1234,6 +1235,15 @@ static void __free_pages_ok(struct page *page, unsigned int order)
 	local_irq_restore(flags);
 }
 
+bool __meminitdata extra_latent_entropy;
+
+static int __init setup_extra_latent_entropy(char *str)
+{
+	extra_latent_entropy = true;
+	return 0;
+}
+early_param("extra_latent_entropy", setup_extra_latent_entropy);
+
 #ifdef CONFIG_GCC_PLUGIN_LATENT_ENTROPY
 volatile u64 latent_entropy __latent_entropy;
 EXPORT_SYMBOL(latent_entropy);
@@ -1254,6 +1264,21 @@ static void __init __free_pages_boot_core(struct page *page, unsigned int order)
 	__ClearPageReserved(p);
 	set_page_count(p, 0);
 
+	if (extra_latent_entropy && !PageHighMem(page) && page_to_pfn(page) < 0x100000) {
+		u64 hash = 0;
+		size_t index, end = PAGE_SIZE * nr_pages / sizeof hash;
+		const u64 *data = lowmem_page_address(page);
+
+		for (index = 0; index < end; index++)
+			hash ^= hash + data[index];
+#ifdef CONFIG_GCC_PLUGIN_LATENT_ENTROPY
+		latent_entropy ^= hash;
+		add_device_randomness((const void *)&latent_entropy, sizeof(latent_entropy));
+#else
+		add_device_randomness((const void *)&hash, sizeof(hash));
+#endif
+	}
+
 	page_zone(page)->managed_pages += nr_pages;
 	set_page_refcounted(page);
 	__free_pages(page, order);