313dd1b629
This randstruct plugin is modified from Brad Spengler/PaX Team's code in the last public patch of grsecurity/PaX based on my understanding of the code. Changes or omissions from the original code are mine and don't reflect the original grsecurity/PaX code. The randstruct GCC plugin randomizes the layout of selected structures at compile time, as a probabilistic defense against attacks that need to know the layout of structures within the kernel. This is most useful for "in-house" kernel builds where neither the randomization seed nor other build artifacts are made available to an attacker. While less useful for distribution kernels (where the randomization seed must be exposed for third party kernel module builds), it still has some value there since now all kernel builds would need to be tracked by an attacker. In more performance sensitive scenarios, GCC_PLUGIN_RANDSTRUCT_PERFORMANCE can be selected to make a best effort to restrict randomization to cacheline-sized groups of elements, and will not randomize bitfields. This comes at the cost of reduced randomization. Two annotations are defined,__randomize_layout and __no_randomize_layout, which respectively tell the plugin to either randomize or not to randomize instances of the struct in question. Follow-on patches enable the auto-detection logic for selecting structures for randomization that contain only function pointers. It is disabled here to assist with bisection. Since any randomized structs must be initialized using designated initializers, __randomize_layout includes the __designated_init annotation even when the plugin is disabled so that all builds will require the needed initialization. (With the plugin enabled, annotations for automatically chosen structures are marked as well.) The main differences between this implemenation and grsecurity are: - disable automatic struct selection (to be enabled in follow-up patch) - add designated_init attribute at runtime and for manual marking - clarify debugging output to differentiate bad cast warnings - add whitelisting infrastructure - support gcc 7's DECL_ALIGN and DECL_MODE changes (Laura Abbott) - raise minimum required GCC version to 4.7 Earlier versions of this patch series were ported by Michael Leibowitz. Signed-off-by: Kees Cook <keescook@chromium.org>
2.6 KiB
*.a *.aux *.bc *.bin .bz2 .c.[012]. *.cis *.cpio *.csp *.dsp *.dvi *.elf *.eps *.fw *.gcno *.gcov *.gen.S *.gif *.grep .grp .gz .html .i .jpeg .ko .ll .log .lst .lzma .lzo .mo .moc .mod.c .o .o. .order .orig .out .patch .pdf .plist .png .pot .ps .rej .s .sgml .so .so.dbg .symtypes .tab.c .tab.h .tex .ver .xml .xz _MODULES _vga16.c ~ ## .9 . ..d .mm 53c700_d.h CVS ChangeSet GPATH GRTAGS GSYMS GTAGS Image Module.markers Module.symvers PENDING SCCS System.map TAGS aconf af_names.h aic7reg.h aic7reg_print.c aic7seq.h aicasm aicdb.h altivec.c asm-offsets.h asm_offsets.h autoconf.h av_permissions.h bbootsect bin2c binkernel.spec bootsect bounds.h bsetup btfixupprep build bvmlinux bzImage capability_names.h capflags.c classlist.h comp.log compile.h conf config config- config_data.h config.mak config.mak.autogen conmakehash consolemap_deftbl.c cpustr.h crc32table.h cscope. defkeymap.c devlist.h devicetable-offsets.h dnotify_test docproc dslm dtc elf2ecoff elfconfig.h evergreen_reg_safe.h fixdep flask.h fore200e_mkfirm fore200e_pca_fw.c gconf gconf.glade.h gen-devlist gen_crc32table gen_init_cpio generated genheaders genksyms _gray256.c hpet_example hugepage-mmap hugepage-shm ihex2fw inat-tables.c initramfs_list int16.c int1.c int2.c int32.c int4.c int8.c kallsyms kconfig keywords.c ksym.c ksym.h kxgettext lex.c lex..c linux logo_.c logo_clut224.c logo_mono.c lxdialog mach-types mach-types.h machtypes.h map map_hugetlb mconf miboot mk_elfconfig mkboot mkbugboot mkcpustr mkdep mkprep mkregtable mktables mktree modpost modules.builtin modules.order modversions.h nconf ncscope. offset.h oui.c page-types parse.c parse.h patches pca200e.bin pca200e_ecd.bin2 perf.data perf.data.old perf-archive piggyback piggy.gzip piggy.S pnmtologo ppc_defs.h pss_boot.h qconf r100_reg_safe.h r200_reg_safe.h r300_reg_safe.h r420_reg_safe.h r600_reg_safe.h randomize_layout_hash.h randomize_layout_seed.h recordmcount relocs rlim_names.h rn50_reg_safe.h rs600_reg_safe.h rv515_reg_safe.h series setup setup.bin setup.elf sortextable sImage sm_tbl split-include syscalltab.h tables.c tags test_get_len tftpboot.img timeconst.h times.h trix_boot.h utsrelease.h vdso-syms.lds vdso.lds vdso32-int80-syms.lds vdso32-syms.lds vdso32-syscall-syms.lds vdso32-sysenter-syms.lds vdso32.lds vdso32.so.dbg vdso64.lds vdso64.so.dbg version.h vmImage vmlinux vmlinux- vmlinux.aout vmlinux.bin.all vmlinux.lds vmlinuz voffset.h vsyscall.lds vsyscall_32.lds wanxlfw.inc uImage unifdef wakeup.bin wakeup.elf wakeup.lds zImage zconf.hash.c zoffset.h