mirror of
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-11-17 12:14:43 +00:00
313dd1b629
This randstruct plugin is modified from Brad Spengler/PaX Team's code in the last public patch of grsecurity/PaX based on my understanding of the code. Changes or omissions from the original code are mine and don't reflect the original grsecurity/PaX code. The randstruct GCC plugin randomizes the layout of selected structures at compile time, as a probabilistic defense against attacks that need to know the layout of structures within the kernel. This is most useful for "in-house" kernel builds where neither the randomization seed nor other build artifacts are made available to an attacker. While less useful for distribution kernels (where the randomization seed must be exposed for third party kernel module builds), it still has some value there since now all kernel builds would need to be tracked by an attacker. In more performance sensitive scenarios, GCC_PLUGIN_RANDSTRUCT_PERFORMANCE can be selected to make a best effort to restrict randomization to cacheline-sized groups of elements, and will not randomize bitfields. This comes at the cost of reduced randomization. Two annotations are defined,__randomize_layout and __no_randomize_layout, which respectively tell the plugin to either randomize or not to randomize instances of the struct in question. Follow-on patches enable the auto-detection logic for selecting structures for randomization that contain only function pointers. It is disabled here to assist with bisection. Since any randomized structs must be initialized using designated initializers, __randomize_layout includes the __designated_init annotation even when the plugin is disabled so that all builds will require the needed initialization. (With the plugin enabled, annotations for automatically chosen structures are marked as well.) The main differences between this implemenation and grsecurity are: - disable automatic struct selection (to be enabled in follow-up patch) - add designated_init attribute at runtime and for manual marking - clarify debugging output to differentiate bad cast warnings - add whitelisting infrastructure - support gcc 7's DECL_ALIGN and DECL_MODE changes (Laura Abbott) - raise minimum required GCC version to 4.7 Earlier versions of this patch series were ported by Michael Leibowitz. Signed-off-by: Kees Cook <keescook@chromium.org> |
||
|---|---|---|
| .. | ||
| basic | ||
| coccinelle | ||
| dtc | ||
| gcc-plugins | ||
| gdb | ||
| genksyms | ||
| kconfig | ||
| ksymoops | ||
| mod | ||
| package | ||
| selinux | ||
| tracing | ||
| .gitignore | ||
| adjust_autoksyms.sh | ||
| asn1_compiler.c | ||
| bloat-o-meter | ||
| bootgraph.pl | ||
| check-lc_ctype.c | ||
| check_00index.sh | ||
| check_extable.sh | ||
| checkincludes.pl | ||
| checkkconfigsymbols.py | ||
| checkpatch.pl | ||
| checkstack.pl | ||
| checksyscalls.sh | ||
| checkversion.pl | ||
| cleanfile | ||
| cleanpatch | ||
| coccicheck | ||
| config | ||
| conmakehash.c | ||
| const_structs.checkpatch | ||
| decode_stacktrace.sh | ||
| decodecode | ||
| depmod.sh | ||
| diffconfig | ||
| docproc.c | ||
| export_report.pl | ||
| extract-cert.c | ||
| extract-ikconfig | ||
| extract-module-sig.pl | ||
| extract-sys-certs.pl | ||
| extract-vmlinux | ||
| extract_xc3028.pl | ||
| faddr2line | ||
| gcc-goto.sh | ||
| gcc-ld | ||
| gcc-plugin.sh | ||
| gcc-version.sh | ||
| gcc-x86_32-has-stack-protector.sh | ||
| gcc-x86_64-has-stack-protector.sh | ||
| gen_initramfs_list.sh | ||
| get_dvb_firmware | ||
| get_maintainer.pl | ||
| gfp-translate | ||
| headerdep.pl | ||
| headers.sh | ||
| headers_check.pl | ||
| headers_install.sh | ||
| insert-sys-cert.c | ||
| kallsyms.c | ||
| Kbuild.include | ||
| kernel-doc | ||
| kernel-doc-xml-ref | ||
| ld-version.sh | ||
| Lindent | ||
| link-vmlinux.sh | ||
| Makefile | ||
| Makefile.asm-generic | ||
| Makefile.build | ||
| Makefile.clean | ||
| Makefile.dtbinst | ||
| Makefile.extrawarn | ||
| Makefile.fwinst | ||
| Makefile.gcc-plugins | ||
| Makefile.headersinst | ||
| Makefile.help | ||
| Makefile.host | ||
| Makefile.kasan | ||
| Makefile.lib | ||
| Makefile.modbuiltin | ||
| Makefile.modinst | ||
| Makefile.modpost | ||
| Makefile.modsign | ||
| Makefile.ubsan | ||
| makelst | ||
| markup_oops.pl | ||
| mkcompile_h | ||
| mkmakefile | ||
| mksysmap | ||
| mkuboot.sh | ||
| mkversion | ||
| module-common.lds | ||
| namespace.pl | ||
| objdiff | ||
| patch-kernel | ||
| pnmtologo.c | ||
| profile2linkerlist.pl | ||
| prune-kernel | ||
| recordmcount.c | ||
| recordmcount.h | ||
| recordmcount.pl | ||
| setlocalversion | ||
| show_delta | ||
| sign-file.c | ||
| sortextable.c | ||
| sortextable.h | ||
| spelling.txt | ||
| stackdelta | ||
| stackusage | ||
| tags.sh | ||
| unifdef.c | ||
| ver_linux | ||
| xen-hypercalls.sh | ||
| xz_wrap.sh | ||