Merge tag 'gcc-plugins-v4.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

Pull GCC plugin updates from Kees Cook: "The big part is the randstruct plugin infrastructure. This is the first of two expected pull requests for randstruct since there are dependencies in other trees that would be easier to merge once those have landed. Notably, the IPC allocation refactoring in -mm, and many trivial merge conflicts across several trees when applying the __randomize_layout annotation. As a result, it seemed like I should send this now since it is relatively self-contained, and once the rest of the trees have landed, send the annotation patches. I'm expecting the final phase of randstruct (automatic struct selection) will land for v4.14, but if its other tree dependencies actually make it for v4.13, I can send that merge request too. Summary: - typo fix in Kconfig (Jean Delvare) - randstruct infrastructure" * tag 'gcc-plugins-v4.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: ARM: Prepare for randomized task_struct randstruct: Whitelist NIU struct page overloading randstruct: Whitelist big_key path struct overloading randstruct: Whitelist UNIXCB cast randstruct: Whitelist struct security_hook_heads cast gcc-plugins: Add the randstruct plugin Fix English in description of GCC_PLUGIN_STRUCTLEAK compiler: Add __designated_init annotation gcc-plugins: Detail c-common.h location for GCC 4.6
author: Linus Torvalds <torvalds@linux-foundation.org> 2017-07-05 14:46:59 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2017-07-05 14:46:59 -0400
commit: 59005b0c59a164101b0273e4bda212c809dc2246 (patch)
tree: 0251ddc36367a2b314f2dbe8b4d9711cdd51408a /arch/Kconfig
parent: 2cc7b4ca7d01a844651d34b79ff8d778c7e9a875 (diff)
parent: d1185a8c5dd21182012e6dd531b00fd72f4d30cb (diff)
1 files changed, 40 insertions, 1 deletions
diff --git a/arch/Kconfig b/arch/Kconfig
index f76b214cf7ad..dc26b6d9175e 100644
--- a/arch/Kconfig
+++ b/arch/Kconfig
@@ -425,7 +425,7 @@ config GCC_PLUGIN_STRUCTLEAK
        bool "Force initialization of variables containing userspace addresses"
        depends on GCC_PLUGINS
        help
-          This plugin zero-initializes any structures that containing a
+          This plugin zero-initializes any structures containing a
          __user attribute. This can prevent some classes of information
          exposures.
@@ -443,6 +443,45 @@ config GCC_PLUGIN_STRUCTLEAK_VERBOSE
          initialized. Since not all existing initializers are detected
          by the plugin, this can produce false positive warnings.
+config GCC_PLUGIN_RANDSTRUCT
+        bool "Randomize layout of sensitive kernel structures"
+        depends on GCC_PLUGINS
+        select MODVERSIONS if MODULES
+        help
+          If you say Y here, the layouts of structures explicitly
+          marked by __randomize_layout will be randomized at
+          compile-time.  This can introduce the requirement of an
+          additional information exposure vulnerability for exploits
+          targeting these structure types.
+          Enabling this feature will introduce some performance impact,
+          slightly increase memory usage, and prevent the use of forensic
+          tools like Volatility against the system (unless the kernel
+          source tree isn't cleaned after kernel installation).
+          The seed used for compilation is located at
+          scripts/gcc-plgins/randomize_layout_seed.h.  It remains after
+          a make clean to allow for external modules to be compiled with
+          the existing seed and will be removed by a make mrproper or
+          make distclean.
+          Note that the implementation requires gcc 4.7 or newer.
+          This plugin was ported from grsecurity/PaX. More information at:
+           * https://grsecurity.net/
+           * https://pax.grsecurity.net/
+config GCC_PLUGIN_RANDSTRUCT_PERFORMANCE
+        bool "Use cacheline-aware structure randomization"
+        depends on GCC_PLUGIN_RANDSTRUCT
+        depends on !COMPILE_TEST
+        help
+          If you say Y here, the RANDSTRUCT randomization will make a
+          best effort at restricting randomization to cacheline-sized
+          groups of elements.  It will further not randomize bitfields
+          in structures.  This reduces the performance hit of RANDSTRUCT
+          at the cost of weakened randomization.
 config HAVE_CC_STACKPROTECTOR
        bool
        help
author	Linus Torvalds <torvalds@linux-foundation.org>	2017-07-05 14:46:59 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2017-07-05 14:46:59 -0400
commit	59005b0c59a164101b0273e4bda212c809dc2246 (patch)
tree	0251ddc36367a2b314f2dbe8b4d9711cdd51408a /arch/Kconfig
parent	2cc7b4ca7d01a844651d34b79ff8d778c7e9a875 (diff)
parent	d1185a8c5dd21182012e6dd531b00fd72f4d30cb (diff)

diff --git a/arch/Kconfig b/arch/Kconfig index f76b214cf7ad..dc26b6d9175e 100644 --- a/arch/Kconfig +++ b/arch/Kconfig
@@ -425,7 +425,7 @@ config GCC_PLUGIN_STRUCTLEAK
425	bool "Force initialization of variables containing userspace addresses"	425	bool "Force initialization of variables containing userspace addresses"
426	depends on GCC_PLUGINS	426	depends on GCC_PLUGINS
427	help	427	help
428	This plugin zero-initializes any structures that containing a	428	This plugin zero-initializes any structures containing a
429	__user attribute. This can prevent some classes of information	429	__user attribute. This can prevent some classes of information
430	exposures.	430	exposures.
431		431
@@ -443,6 +443,45 @@ config GCC_PLUGIN_STRUCTLEAK_VERBOSE
443	initialized. Since not all existing initializers are detected	443	initialized. Since not all existing initializers are detected
444	by the plugin, this can produce false positive warnings.	444	by the plugin, this can produce false positive warnings.
445		445
		446	config GCC_PLUGIN_RANDSTRUCT
		447	bool "Randomize layout of sensitive kernel structures"
		448	depends on GCC_PLUGINS
		449	select MODVERSIONS if MODULES
		450	help
		451	If you say Y here, the layouts of structures explicitly
		452	marked by __randomize_layout will be randomized at
		453	compile-time. This can introduce the requirement of an
		454	additional information exposure vulnerability for exploits
		455	targeting these structure types.
		456
		457	Enabling this feature will introduce some performance impact,
		458	slightly increase memory usage, and prevent the use of forensic
		459	tools like Volatility against the system (unless the kernel
		460	source tree isn't cleaned after kernel installation).
		461
		462	The seed used for compilation is located at
		463	scripts/gcc-plgins/randomize_layout_seed.h. It remains after
		464	a make clean to allow for external modules to be compiled with
		465	the existing seed and will be removed by a make mrproper or
		466	make distclean.
		467
		468	Note that the implementation requires gcc 4.7 or newer.
		469
		470	This plugin was ported from grsecurity/PaX. More information at:
		471	* https://grsecurity.net/
		472	* https://pax.grsecurity.net/
		473
		474	config GCC_PLUGIN_RANDSTRUCT_PERFORMANCE
		475	bool "Use cacheline-aware structure randomization"
		476	depends on GCC_PLUGIN_RANDSTRUCT
		477	depends on !COMPILE_TEST
		478	help
		479	If you say Y here, the RANDSTRUCT randomization will make a
		480	best effort at restricting randomization to cacheline-sized
		481	groups of elements. It will further not randomize bitfields
		482	in structures. This reduces the performance hit of RANDSTRUCT
		483	at the cost of weakened randomization.
		484
446	config HAVE_CC_STACKPROTECTOR	485	config HAVE_CC_STACKPROTECTOR
447	bool	486	bool
448	help	487	help