CVE-2017-11671: GCC generates incorrect code for RDRAND/RDSEED intrinsics

[Florian Weimer <fw () deneb enyo de>]

Earlier this year, a GCC bug was fixed which could lead to intrinsics
for RDRAND and (more likely) RDSEED to produce non-random results.
These instructions use the carry flag to report success or failure,
and GCC used to generate instruction sequences which clobbered the
flag before applications had a change to read it:

  https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80180
  https://gcc.gnu.org/ml/gcc-patches/2017-03/msg01349.html

Practical impact is hopefully limited because the intrinsics are
difficult to use due to an unrelated GCC usability issue, and inline
assembly is not impacted by this issue.