1 files changed, 10 insertions, 0 deletions
diff --git a/arch/x86/mm/pti.c b/arch/x86/mm/pti.c
index ae3eb4f5d53b..4d418e705878 100644
--- a/arch/x86/mm/pti.c
+++ b/arch/x86/mm/pti.c
@@ -421,6 +421,16 @@ static inline bool pti_kernel_image_global_ok(void)
        if (boot_cpu_has(X86_FEATURE_K8))
                return false;
+        /*
+         * RANDSTRUCT derives its hardening benefits from the
+         * attacker's lack of knowledge about the layout of kernel
+         * data structures.  Keep the kernel image non-global in
+         * cases where RANDSTRUCT is in use to help keep the layout a
+         * secret.
+         */
+        if (IS_ENABLED(CONFIG_GCC_PLUGIN_RANDSTRUCT))
+                return false;
        return true;
 }

diff --git a/arch/x86/mm/pti.c b/arch/x86/mm/pti.c index ae3eb4f5d53b..4d418e705878 100644 --- a/arch/x86/mm/pti.c +++ b/arch/x86/mm/pti.c
@@ -421,6 +421,16 @@ static inline bool pti_kernel_image_global_ok(void)
421	if (boot_cpu_has(X86_FEATURE_K8))	421	if (boot_cpu_has(X86_FEATURE_K8))
422	return false;	422	return false;
423		423
		424	/*
		425	* RANDSTRUCT derives its hardening benefits from the
		426	* attacker's lack of knowledge about the layout of kernel
		427	* data structures. Keep the kernel image non-global in
		428	* cases where RANDSTRUCT is in use to help keep the layout a
		429	* secret.
		430	*/
		431	if (IS_ENABLED(CONFIG_GCC_PLUGIN_RANDSTRUCT))
		432	return false;
		433
424	return true;	434	return true;
425	}	435	}
426		436