diff options
author | Kees Cook <keescook@chromium.org> | 2017-05-06 08:56:07 +0200 |
---|---|---|
committer | Kees Cook <keescook@chromium.org> | 2017-08-02 02:04:48 +0200 |
commit | 9225331b310821760f39ba55b00b8973602adbb5 (patch) | |
tree | 486443275c8d05ebe69d6d403ccf0b8fe5296425 /arch | |
parent | drivers/net/wan/z85230.c: Use designated initializers (diff) | |
download | linux-9225331b310821760f39ba55b00b8973602adbb5.tar.xz linux-9225331b310821760f39ba55b00b8973602adbb5.zip |
randstruct: Enable function pointer struct detection
This enables the automatic structure selection logic in the randstruct
GCC plugin. The selection logic randomizes all structures that contain
only function pointers, unless marked with __no_randomize_layout.
Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'arch')
-rw-r--r-- | arch/Kconfig | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/arch/Kconfig b/arch/Kconfig index 21d0089117fe..4ada3209146a 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -473,11 +473,13 @@ config GCC_PLUGIN_RANDSTRUCT depends on GCC_PLUGINS select MODVERSIONS if MODULES help - If you say Y here, the layouts of structures explicitly - marked by __randomize_layout will be randomized at - compile-time. This can introduce the requirement of an - additional information exposure vulnerability for exploits - targeting these structure types. + If you say Y here, the layouts of structures that are entirely + function pointers (and have not been manually annotated with + __no_randomize_layout), or structures that have been explicitly + marked with __randomize_layout, will be randomized at compile-time. + This can introduce the requirement of an additional information + exposure vulnerability for exploits targeting these structure + types. Enabling this feature will introduce some performance impact, slightly increase memory usage, and prevent the use of forensic |