From: Kees Cook <keescook@chromium.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: linux-kernel@vger.kernel.org
Subject: [GIT PULL] gcc-plugins updates for v4.13-rc2
Date: Mon, 17 Jul 2017 13:24:35 -0700 [thread overview]
Message-ID: <20170717202435.GA55380@beast> (raw)
Hi,
Please pull these gcc-plugins changes for v4.13-rc2. Now that IPC and
other trees have landed, it's sensible to pull the manual markings
portion of randstruct. This is the rest of what was staged in -next for
the gcc-plugins, and comes in three patches, largest first:
- mark "easy" structs with __randomize_layout
- mark task_struct with an optional anonymous struct to isolate the
__randomize_layout section
- mark structs to opt _out_ of automated marking (which will come later)
Various (trivial) merge conflicts exist due to additions to structures.
Since there were more than a couple, I thought I'd just send along how
I solved the conflicts when I did the merge to your tree this morning,
if it helps:
diff --cc fs/proc/internal.h
index 18694598bebf,07b16318223f..aa2b89071630
--- a/fs/proc/internal.h
+++ b/fs/proc/internal.h
@@@ -67,10 -67,10 +67,10 @@@ struct proc_inode
struct proc_dir_entry *pde;
struct ctl_table_header *sysctl;
struct ctl_table *sysctl_entry;
- struct list_head sysctl_inodes;
+ struct hlist_node sysctl_inodes;
const struct proc_ns_operations *ns_ops;
struct inode vfs_inode;
- };
+ } __randomize_layout;
/*
* General functions
diff --cc include/linux/fs.h
index 7b5d6816542b,8f28143486c4..6e1fd5d21248
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@@ -295,8 -275,7 +295,8 @@@ struct kiocb
void (*ki_complete)(struct kiocb *iocb, long ret, long ret2);
void *private;
int ki_flags;
+ enum rw_hint ki_hint;
- };
+ } __randomize_layout;
static inline bool is_sync_kiocb(struct kiocb *kiocb)
{
@@@ -403,8 -392,7 +403,8 @@@ struct address_space
gfp_t gfp_mask; /* implicit gfp mask for allocations */
struct list_head private_list; /* ditto */
void *private_data; /* ditto */
+ errseq_t wb_err;
- } __attribute__((aligned(sizeof(long))));
+ } __attribute__((aligned(sizeof(long)))) __randomize_layout;
/*
* On most architectures that alignment is already the case; but
* must be enforced here for CRIS, to let the least significant bit
@@@ -882,8 -868,8 +882,9 @@@ struct file
struct list_head f_tfile_llink;
#endif /* #ifdef CONFIG_EPOLL */
struct address_space *f_mapping;
+ errseq_t f_wb_err;
- } __attribute__((aligned(4))); /* lest something weird decides that 2 is OK */
+ } __randomize_layout
+ __attribute__((aligned(4))); /* lest something weird decides that 2 is OK */
struct file_handle {
__u32 handle_bytes;
diff --cc include/linux/ipc.h
index 5591f055e13f,ea0eb0b5f98c..fadd579d577d
--- a/include/linux/ipc.h
+++ b/include/linux/ipc.h
@@@ -20,9 -20,6 +20,9 @@@ struct kern_ipc_perm
umode_t mode;
unsigned long seq;
void *security;
+
+ struct rcu_head rcu;
+ atomic_t refcount;
- } ____cacheline_aligned_in_smp;
+ } ____cacheline_aligned_in_smp __randomize_layout;
#endif /* _LINUX_IPC_H */
diff --cc include/linux/sem.h
index be5cf2ea14ad,23bcbdfad4a6..de2deb8676bd
--- a/include/linux/sem.h
+++ b/include/linux/sem.h
@@@ -39,9 -21,7 +39,9 @@@ struct sem_array
int sem_nsems; /* no. of semaphores in array */
int complex_count; /* pending complex operations */
unsigned int use_global_lock;/* >0: global lock required */
+
+ struct sem sems[];
- };
+ } __randomize_layout;
#ifdef CONFIG_SYSVIPC
And, FWIW, this continues to pass allmodconfig (normal and patched to
enable gcc-plugins) builds of x86_64, i386, arm64, arm, powerpc, and
s390 for me.
Thanks!
-Kees
The following changes since commit ffa47aa678cfaa9b88e8a26cfb115b4768325121:
ARM: Prepare for randomized task_struct (2017-06-30 12:00:50 -0700)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/gcc-plugins-v4.13-rc2
for you to fetch changes up to 8acdf5055974e49d337d51ac7011449cfd7b7d05:
randstruct: opt-out externally exposed function pointer structs (2017-06-30 12:00:52 -0700)
----------------------------------------------------------------
Now that IPC and other changes have landed, enable manual markings for
randstruct plugin, including the task_struct.
----------------------------------------------------------------
Kees Cook (3):
randstruct: Mark various structs for randomization
task_struct: Allow randomized layout
randstruct: opt-out externally exposed function pointer structs
arch/arm/include/asm/cacheflush.h | 2 +-
arch/x86/include/asm/paravirt_types.h | 16 ++++++++--------
arch/x86/include/asm/processor.h | 2 +-
fs/mount.h | 4 ++--
fs/namei.c | 2 +-
fs/proc/internal.h | 6 +++---
include/linux/binfmts.h | 4 ++--
include/linux/cdev.h | 2 +-
include/linux/compiler-gcc.h | 13 ++++++++++++-
include/linux/compiler.h | 5 +++++
include/linux/cred.h | 4 ++--
include/linux/dcache.h | 2 +-
include/linux/fs.h | 17 +++++++++--------
include/linux/fs_struct.h | 2 +-
include/linux/ipc.h | 2 +-
include/linux/ipc_namespace.h | 2 +-
include/linux/key-type.h | 4 ++--
include/linux/kmod.h | 2 +-
include/linux/kobject.h | 2 +-
include/linux/lsm_hooks.h | 4 ++--
include/linux/mm_types.h | 4 ++--
include/linux/module.h | 4 ++--
include/linux/mount.h | 2 +-
include/linux/msg.h | 2 +-
include/linux/path.h | 2 +-
include/linux/pid_namespace.h | 2 +-
include/linux/proc_ns.h | 2 +-
include/linux/sched.h | 16 +++++++++++++++-
include/linux/sched/signal.h | 2 +-
include/linux/sem.h | 2 +-
include/linux/shm.h | 2 +-
include/linux/sysctl.h | 2 +-
include/linux/tty.h | 2 +-
include/linux/tty_driver.h | 4 ++--
include/linux/user_namespace.h | 2 +-
include/linux/utsname.h | 2 +-
include/net/af_unix.h | 2 +-
include/net/neighbour.h | 2 +-
include/net/net_namespace.h | 2 +-
include/net/sock.h | 2 +-
kernel/futex.c | 4 ++--
security/keys/internal.h | 2 +-
42 files changed, 97 insertions(+), 66 deletions(-)
--
Kees Cook
Pixel Security
reply other threads:[~2017-07-17 20:24 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170717202435.GA55380@beast \
--to=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.