diff options
| author | Kees Cook <keescook@chromium.org> | 2017-04-06 01:43:33 -0400 |
|---|---|---|
| committer | Kees Cook <keescook@chromium.org> | 2017-06-30 15:00:52 -0400 |
| commit | 29e48ce87f1eaaa4b1fe3d9af90c586ac2d1fb74 (patch) | |
| tree | a71a2069bd8aeda44adf67b34c7ed1fa336f83fb /include/linux/compiler-gcc.h | |
| parent | 3859a271a003aba01e45b85c9d8b355eb7bf25f9 (diff) | |
task_struct: Allow randomized layout
This marks most of the layout of task_struct as randomizable, but leaves
thread_info and scheduler state untouched at the start, and thread_struct
untouched at the end.
Other parts of the kernel use unnamed structures, but the 0-day builder
using gcc-4.4 blows up on static initializers. Officially, it's documented
as only working on gcc 4.6 and later, which further confuses me:
https://gcc.gnu.org/wiki/C11Status
The structure layout randomization already requires gcc 4.7, but instead
of depending on the plugin being enabled, just check the gcc versions
for wider build testing. At Linus's suggestion, the marking is hidden
in a macro to reduce how ugly it looks. Additionally, indenting is left
unchanged since it would make things harder to read.
Randomization of task_struct is modified from Brad Spengler/PaX Team's
code in the last public patch of grsecurity/PaX based on my understanding
of the code. Changes or omissions from the original code are mine and
don't reflect the original grsecurity/PaX code.
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'include/linux/compiler-gcc.h')
| -rw-r--r-- | include/linux/compiler-gcc.h | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h index 7deaae3dc87d..c4a66c036692 100644 --- a/include/linux/compiler-gcc.h +++ b/include/linux/compiler-gcc.h | |||
| @@ -231,6 +231,7 @@ | |||
| 231 | #endif /* GCC_VERSION >= 40500 */ | 231 | #endif /* GCC_VERSION >= 40500 */ |
| 232 | 232 | ||
| 233 | #if GCC_VERSION >= 40600 | 233 | #if GCC_VERSION >= 40600 |
| 234 | |||
| 234 | /* | 235 | /* |
| 235 | * When used with Link Time Optimization, gcc can optimize away C functions or | 236 | * When used with Link Time Optimization, gcc can optimize away C functions or |
| 236 | * variables which are referenced only from assembly code. __visible tells the | 237 | * variables which are referenced only from assembly code. __visible tells the |
| @@ -238,7 +239,17 @@ | |||
| 238 | * this. | 239 | * this. |
| 239 | */ | 240 | */ |
| 240 | #define __visible __attribute__((externally_visible)) | 241 | #define __visible __attribute__((externally_visible)) |
| 241 | #endif | 242 | |
| 243 | /* | ||
| 244 | * RANDSTRUCT_PLUGIN wants to use an anonymous struct, but it is only | ||
| 245 | * possible since GCC 4.6. To provide as much build testing coverage | ||
| 246 | * as possible, this is used for all GCC 4.6+ builds, and not just on | ||
| 247 | * RANDSTRUCT_PLUGIN builds. | ||
| 248 | */ | ||
| 249 | #define randomized_struct_fields_start struct { | ||
| 250 | #define randomized_struct_fields_end } __randomize_layout; | ||
| 251 | |||
| 252 | #endif /* GCC_VERSION >= 40600 */ | ||
| 242 | 253 | ||
| 243 | 254 | ||
| 244 | #if GCC_VERSION >= 40900 && !defined(__CHECKER__) | 255 | #if GCC_VERSION >= 40900 && !defined(__CHECKER__) |