Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 59005b0c authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'gcc-plugins-v4.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux 

Pull GCC plugin updates from Kees Cook:
 "The big part is the randstruct plugin infrastructure.

  This is the first of two expected pull requests for randstruct since
  there are dependencies in other trees that would be easier to merge
  once those have landed. Notably, the IPC allocation refactoring in
  -mm, and many trivial merge conflicts across several trees when
  applying the __randomize_layout annotation.

  As a result, it seemed like I should send this now since it is
  relatively self-contained, and once the rest of the trees have landed,
  send the annotation patches. I'm expecting the final phase of
  randstruct (automatic struct selection) will land for v4.14, but if
  its other tree dependencies actually make it for v4.13, I can send
  that merge request too.

  Summary:

  - typo fix in Kconfig (Jean Delvare)

  - randstruct infrastructure"

* tag 'gcc-plugins-v4.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
  ARM: Prepare for randomized task_struct
  randstruct: Whitelist NIU struct page overloading
  randstruct: Whitelist big_key path struct overloading
  randstruct: Whitelist UNIXCB cast
  randstruct: Whitelist struct security_hook_heads cast
  gcc-plugins: Add the randstruct plugin
  Fix English in description of GCC_PLUGIN_STRUCTLEAK
  compiler: Add __designated_init annotation
  gcc-plugins: Detail c-common.h location for GCC 4.6
parents 2cc7b4ca d1185a8c

Documentation/dontdiff

+2 −0
Original line number Diff line number Diff line
@@ -206,6 +206,8 @@ r200_reg_safe.h 
r300_reg_safe.h

r420_reg_safe.h

r600_reg_safe.h

randomize_layout_hash.h

randomize_layout_seed.h

recordmcount

relocs

rlim_names.h

arch/Kconfig

+40 −1
Original line number Diff line number Diff line
@@ -425,7 +425,7 @@ config GCC_PLUGIN_STRUCTLEAK 
	bool "Force initialization of variables containing userspace addresses"

	depends on GCC_PLUGINS

	help

	  This plugin zero-initializes any structures that containing a

	  This plugin zero-initializes any structures containing a

	  __user attribute. This can prevent some classes of information

	  exposures.
@@ -443,6 +443,45 @@ config GCC_PLUGIN_STRUCTLEAK_VERBOSE 
	  initialized. Since not all existing initializers are detected

	  by the plugin, this can produce false positive warnings.



config GCC_PLUGIN_RANDSTRUCT

	bool "Randomize layout of sensitive kernel structures"

	depends on GCC_PLUGINS

	select MODVERSIONS if MODULES

	help

	  If you say Y here, the layouts of structures explicitly

	  marked by __randomize_layout will be randomized at

	  compile-time.  This can introduce the requirement of an

	  additional information exposure vulnerability for exploits

	  targeting these structure types.



	  Enabling this feature will introduce some performance impact,

	  slightly increase memory usage, and prevent the use of forensic

	  tools like Volatility against the system (unless the kernel

	  source tree isn't cleaned after kernel installation).



	  The seed used for compilation is located at

	  scripts/gcc-plgins/randomize_layout_seed.h.  It remains after

	  a make clean to allow for external modules to be compiled with

	  the existing seed and will be removed by a make mrproper or

	  make distclean.



	  Note that the implementation requires gcc 4.7 or newer.



	  This plugin was ported from grsecurity/PaX. More information at:

	   * https://grsecurity.net/

	   * https://pax.grsecurity.net/



config GCC_PLUGIN_RANDSTRUCT_PERFORMANCE

	bool "Use cacheline-aware structure randomization"

	depends on GCC_PLUGIN_RANDSTRUCT

	depends on !COMPILE_TEST

	help

	  If you say Y here, the RANDSTRUCT randomization will make a

	  best effort at restricting randomization to cacheline-sized

	  groups of elements.  It will further not randomize bitfields

	  in structures.  This reduces the performance hit of RANDSTRUCT

	  at the cost of weakened randomization.



config HAVE_CC_STACKPROTECTOR

	bool

	help

arch/arm/include/asm/assembler.h

+2 −0
Original line number Diff line number Diff line
@@ -87,6 +87,8 @@ 
#define CALGN(code...)

#endif



#define IMM12_MASK 0xfff



/*

 * Enable and disable interrupts

 */

arch/arm/kernel/entry-armv.S

+4 −1
Original line number Diff line number Diff line
@@ -797,7 +797,10 @@ ENTRY(__switch_to) 
#if defined(CONFIG_CC_STACKPROTECTOR) && !defined(CONFIG_SMP)

	ldr	r7, [r2, #TI_TASK]

	ldr	r8, =__stack_chk_guard

	ldr	r7, [r7, #TSK_STACK_CANARY]

	.if (TSK_STACK_CANARY > IMM12_MASK)

	add	r7, r7, #TSK_STACK_CANARY & ~IMM12_MASK

	.endif

	ldr	r7, [r7, #TSK_STACK_CANARY & IMM12_MASK]

#endif

#ifdef CONFIG_CPU_USE_DOMAINS

	mcr	p15, 0, r6, c3, c0, 0		@ Set domain register

arch/arm/mm/proc-macros.S

+4 −6
Original line number Diff line number Diff line
@@ -25,11 +25,6 @@ 
	ldr	\rd, [\rn, #VMA_VM_FLAGS]

	.endm



	.macro	tsk_mm, rd, rn

	ldr	\rd, [\rn, #TI_TASK]

	ldr	\rd, [\rd, #TSK_ACTIVE_MM]

	.endm



/*

 * act_mm - get current->active_mm

 */
@@ -37,7 +32,10 @@ 
	bic	\rd, sp, #8128

	bic	\rd, \rd, #63

	ldr	\rd, [\rd, #TI_TASK]

	ldr	\rd, [\rd, #TSK_ACTIVE_MM]

	.if (TSK_ACTIVE_MM > IMM12_MASK)

	add	\rd, \rd, #TSK_ACTIVE_MM & ~IMM12_MASK

	.endif

	ldr	\rd, [\rd, #TSK_ACTIVE_MM & IMM12_MASK]

	.endm



/*