randstruct: Enable function pointer struct detection

This enables the automatic structure selection logic in the randstruct GCC plugin. The selection logic randomizes all structures that contain only function pointers, unless marked with __no_randomize_layout. Signed-off-by: Kees Cook <keescook@chromium.org>
author: Kees Cook <keescook@chromium.org> 2017-05-06 02:56:07 -0400
committer: Kees Cook <keescook@chromium.org> 2017-08-01 20:04:48 -0400
commit: 9225331b310821760f39ba55b00b8973602adbb5 (patch)
tree: 486443275c8d05ebe69d6d403ccf0b8fe5296425 /arch/Kconfig
parent: 3598f5d0872ff574c5b6704024f12ca4a3056860 (diff)
1 files changed, 7 insertions, 5 deletions
diff --git a/arch/Kconfig b/arch/Kconfig
index 21d0089117fe..4ada3209146a 100644
--- a/arch/Kconfig
+++ b/arch/Kconfig
@@ -473,11 +473,13 @@ config GCC_PLUGIN_RANDSTRUCT
        depends on GCC_PLUGINS
        select MODVERSIONS if MODULES
        help
-          If you say Y here, the layouts of structures explicitly
+          If you say Y here, the layouts of structures that are entirely
-          marked by __randomize_layout will be randomized at
+          function pointers (and have not been manually annotated with
-          compile-time.  This can introduce the requirement of an
+          __no_randomize_layout), or structures that have been explicitly
-          additional information exposure vulnerability for exploits
+          marked with __randomize_layout, will be randomized at compile-time.
-          targeting these structure types.
+          This can introduce the requirement of an additional information
+          exposure vulnerability for exploits targeting these structure
+          types.
          Enabling this feature will introduce some performance impact,
          slightly increase memory usage, and prevent the use of forensic
author	Kees Cook <keescook@chromium.org>	2017-05-06 02:56:07 -0400
committer	Kees Cook <keescook@chromium.org>	2017-08-01 20:04:48 -0400
commit	9225331b310821760f39ba55b00b8973602adbb5 (patch)
tree	486443275c8d05ebe69d6d403ccf0b8fe5296425 /arch/Kconfig
parent	3598f5d0872ff574c5b6704024f12ca4a3056860 (diff)

diff --git a/arch/Kconfig b/arch/Kconfig index 21d0089117fe..4ada3209146a 100644 --- a/arch/Kconfig +++ b/arch/Kconfig
@@ -473,11 +473,13 @@ config GCC_PLUGIN_RANDSTRUCT
473	depends on GCC_PLUGINS	473	depends on GCC_PLUGINS
474	select MODVERSIONS if MODULES	474	select MODVERSIONS if MODULES
475	help	475	help
476	If you say Y here, the layouts of structures explicitly	476	If you say Y here, the layouts of structures that are entirely
477	marked by __randomize_layout will be randomized at	477	function pointers (and have not been manually annotated with
478	compile-time. This can introduce the requirement of an	478	__no_randomize_layout), or structures that have been explicitly
479	additional information exposure vulnerability for exploits	479	marked with __randomize_layout, will be randomized at compile-time.
480	targeting these structure types.	480	This can introduce the requirement of an additional information
		481	exposure vulnerability for exploits targeting these structure
		482	types.
481		483
482	Enabling this feature will introduce some performance impact,	484	Enabling this feature will introduce some performance impact,
483	slightly increase memory usage, and prevent the use of forensic	485	slightly increase memory usage, and prevent the use of forensic