diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2017-07-05 20:46:59 +0200 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2017-07-05 20:46:59 +0200 |
commit | 59005b0c59a164101b0273e4bda212c809dc2246 (patch) | |
tree | 0251ddc36367a2b314f2dbe8b4d9711cdd51408a /arch | |
parent | Merge tag 'pstore-v4.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git... (diff) | |
parent | Merge branch 'merge/randstruct' into for-next/gcc-plugins (diff) | |
download | linux-59005b0c59a164101b0273e4bda212c809dc2246.tar.xz linux-59005b0c59a164101b0273e4bda212c809dc2246.zip |
Merge tag 'gcc-plugins-v4.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull GCC plugin updates from Kees Cook:
"The big part is the randstruct plugin infrastructure.
This is the first of two expected pull requests for randstruct since
there are dependencies in other trees that would be easier to merge
once those have landed. Notably, the IPC allocation refactoring in
-mm, and many trivial merge conflicts across several trees when
applying the __randomize_layout annotation.
As a result, it seemed like I should send this now since it is
relatively self-contained, and once the rest of the trees have landed,
send the annotation patches. I'm expecting the final phase of
randstruct (automatic struct selection) will land for v4.14, but if
its other tree dependencies actually make it for v4.13, I can send
that merge request too.
Summary:
- typo fix in Kconfig (Jean Delvare)
- randstruct infrastructure"
* tag 'gcc-plugins-v4.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
ARM: Prepare for randomized task_struct
randstruct: Whitelist NIU struct page overloading
randstruct: Whitelist big_key path struct overloading
randstruct: Whitelist UNIXCB cast
randstruct: Whitelist struct security_hook_heads cast
gcc-plugins: Add the randstruct plugin
Fix English in description of GCC_PLUGIN_STRUCTLEAK
compiler: Add __designated_init annotation
gcc-plugins: Detail c-common.h location for GCC 4.6
Diffstat (limited to 'arch')
-rw-r--r-- | arch/Kconfig | 41 | ||||
-rw-r--r-- | arch/arm/include/asm/assembler.h | 2 | ||||
-rw-r--r-- | arch/arm/kernel/entry-armv.S | 5 | ||||
-rw-r--r-- | arch/arm/mm/proc-macros.S | 10 |
4 files changed, 50 insertions, 8 deletions
diff --git a/arch/Kconfig b/arch/Kconfig index f76b214cf7ad..dc26b6d9175e 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -425,7 +425,7 @@ config GCC_PLUGIN_STRUCTLEAK bool "Force initialization of variables containing userspace addresses" depends on GCC_PLUGINS help - This plugin zero-initializes any structures that containing a + This plugin zero-initializes any structures containing a __user attribute. This can prevent some classes of information exposures. @@ -443,6 +443,45 @@ config GCC_PLUGIN_STRUCTLEAK_VERBOSE initialized. Since not all existing initializers are detected by the plugin, this can produce false positive warnings. +config GCC_PLUGIN_RANDSTRUCT + bool "Randomize layout of sensitive kernel structures" + depends on GCC_PLUGINS + select MODVERSIONS if MODULES + help + If you say Y here, the layouts of structures explicitly + marked by __randomize_layout will be randomized at + compile-time. This can introduce the requirement of an + additional information exposure vulnerability for exploits + targeting these structure types. + + Enabling this feature will introduce some performance impact, + slightly increase memory usage, and prevent the use of forensic + tools like Volatility against the system (unless the kernel + source tree isn't cleaned after kernel installation). + + The seed used for compilation is located at + scripts/gcc-plgins/randomize_layout_seed.h. It remains after + a make clean to allow for external modules to be compiled with + the existing seed and will be removed by a make mrproper or + make distclean. + + Note that the implementation requires gcc 4.7 or newer. + + This plugin was ported from grsecurity/PaX. More information at: + * https://grsecurity.net/ + * https://pax.grsecurity.net/ + +config GCC_PLUGIN_RANDSTRUCT_PERFORMANCE + bool "Use cacheline-aware structure randomization" + depends on GCC_PLUGIN_RANDSTRUCT + depends on !COMPILE_TEST + help + If you say Y here, the RANDSTRUCT randomization will make a + best effort at restricting randomization to cacheline-sized + groups of elements. It will further not randomize bitfields + in structures. This reduces the performance hit of RANDSTRUCT + at the cost of weakened randomization. + config HAVE_CC_STACKPROTECTOR bool help diff --git a/arch/arm/include/asm/assembler.h b/arch/arm/include/asm/assembler.h index 68b06f9c65de..ad301f107dd2 100644 --- a/arch/arm/include/asm/assembler.h +++ b/arch/arm/include/asm/assembler.h @@ -87,6 +87,8 @@ #define CALGN(code...) #endif +#define IMM12_MASK 0xfff + /* * Enable and disable interrupts */ diff --git a/arch/arm/kernel/entry-armv.S b/arch/arm/kernel/entry-armv.S index 9f157e7c51e7..c731f0d2b2af 100644 --- a/arch/arm/kernel/entry-armv.S +++ b/arch/arm/kernel/entry-armv.S @@ -797,7 +797,10 @@ ENTRY(__switch_to) #if defined(CONFIG_CC_STACKPROTECTOR) && !defined(CONFIG_SMP) ldr r7, [r2, #TI_TASK] ldr r8, =__stack_chk_guard - ldr r7, [r7, #TSK_STACK_CANARY] + .if (TSK_STACK_CANARY > IMM12_MASK) + add r7, r7, #TSK_STACK_CANARY & ~IMM12_MASK + .endif + ldr r7, [r7, #TSK_STACK_CANARY & IMM12_MASK] #endif #ifdef CONFIG_CPU_USE_DOMAINS mcr p15, 0, r6, c3, c0, 0 @ Set domain register diff --git a/arch/arm/mm/proc-macros.S b/arch/arm/mm/proc-macros.S index 0d40c285bd86..f944836da8a2 100644 --- a/arch/arm/mm/proc-macros.S +++ b/arch/arm/mm/proc-macros.S @@ -25,11 +25,6 @@ ldr \rd, [\rn, #VMA_VM_FLAGS] .endm - .macro tsk_mm, rd, rn - ldr \rd, [\rn, #TI_TASK] - ldr \rd, [\rd, #TSK_ACTIVE_MM] - .endm - /* * act_mm - get current->active_mm */ @@ -37,7 +32,10 @@ bic \rd, sp, #8128 bic \rd, \rd, #63 ldr \rd, [\rd, #TI_TASK] - ldr \rd, [\rd, #TSK_ACTIVE_MM] + .if (TSK_ACTIVE_MM > IMM12_MASK) + add \rd, \rd, #TSK_ACTIVE_MM & ~IMM12_MASK + .endif + ldr \rd, [\rd, #TSK_ACTIVE_MM & IMM12_MASK] .endm /* |