summaryrefslogtreecommitdiff
path: root/arch
diff options
context:
space:
mode:
authorKees Cook <keescook@chromium.org>2017-07-04 21:41:31 -0700
committerKees Cook <keescook@chromium.org>2017-07-04 21:41:31 -0700
commitd1185a8c5dd21182012e6dd531b00fd72f4d30cb (patch)
tree1c394d6e27bad00e0f3aba4e59ca19823d0486d5 /arch
parent6f7da290413ba713f0cdd9ff1a2a9bb129ef4f6c (diff)
parent03232e0ddebdc2c9d088e6748075704885f039a5 (diff)
Merge branch 'merge/randstruct' into for-next/gcc-plugins
Diffstat (limited to 'arch')
-rw-r--r--arch/Kconfig41
-rw-r--r--arch/arm/include/asm/assembler.h2
-rw-r--r--arch/arm/kernel/entry-armv.S5
-rw-r--r--arch/arm/mm/proc-macros.S10
4 files changed, 50 insertions, 8 deletions
diff --git a/arch/Kconfig b/arch/Kconfig
index 6c00e5b00f8b..3eac97a4c7b3 100644
--- a/arch/Kconfig
+++ b/arch/Kconfig
@@ -425,7 +425,7 @@ config GCC_PLUGIN_STRUCTLEAK
bool "Force initialization of variables containing userspace addresses"
depends on GCC_PLUGINS
help
- This plugin zero-initializes any structures that containing a
+ This plugin zero-initializes any structures containing a
__user attribute. This can prevent some classes of information
exposures.
@@ -443,6 +443,45 @@ config GCC_PLUGIN_STRUCTLEAK_VERBOSE
initialized. Since not all existing initializers are detected
by the plugin, this can produce false positive warnings.
+config GCC_PLUGIN_RANDSTRUCT
+ bool "Randomize layout of sensitive kernel structures"
+ depends on GCC_PLUGINS
+ select MODVERSIONS if MODULES
+ help
+ If you say Y here, the layouts of structures explicitly
+ marked by __randomize_layout will be randomized at
+ compile-time. This can introduce the requirement of an
+ additional information exposure vulnerability for exploits
+ targeting these structure types.
+
+ Enabling this feature will introduce some performance impact,
+ slightly increase memory usage, and prevent the use of forensic
+ tools like Volatility against the system (unless the kernel
+ source tree isn't cleaned after kernel installation).
+
+ The seed used for compilation is located at
+ scripts/gcc-plgins/randomize_layout_seed.h. It remains after
+ a make clean to allow for external modules to be compiled with
+ the existing seed and will be removed by a make mrproper or
+ make distclean.
+
+ Note that the implementation requires gcc 4.7 or newer.
+
+ This plugin was ported from grsecurity/PaX. More information at:
+ * https://grsecurity.net/
+ * https://pax.grsecurity.net/
+
+config GCC_PLUGIN_RANDSTRUCT_PERFORMANCE
+ bool "Use cacheline-aware structure randomization"
+ depends on GCC_PLUGIN_RANDSTRUCT
+ depends on !COMPILE_TEST
+ help
+ If you say Y here, the RANDSTRUCT randomization will make a
+ best effort at restricting randomization to cacheline-sized
+ groups of elements. It will further not randomize bitfields
+ in structures. This reduces the performance hit of RANDSTRUCT
+ at the cost of weakened randomization.
+
config HAVE_CC_STACKPROTECTOR
bool
help
diff --git a/arch/arm/include/asm/assembler.h b/arch/arm/include/asm/assembler.h
index 68b06f9c65de..ad301f107dd2 100644
--- a/arch/arm/include/asm/assembler.h
+++ b/arch/arm/include/asm/assembler.h
@@ -87,6 +87,8 @@
#define CALGN(code...)
#endif
+#define IMM12_MASK 0xfff
+
/*
* Enable and disable interrupts
*/
diff --git a/arch/arm/kernel/entry-armv.S b/arch/arm/kernel/entry-armv.S
index 9f157e7c51e7..c731f0d2b2af 100644
--- a/arch/arm/kernel/entry-armv.S
+++ b/arch/arm/kernel/entry-armv.S
@@ -797,7 +797,10 @@ ENTRY(__switch_to)
#if defined(CONFIG_CC_STACKPROTECTOR) && !defined(CONFIG_SMP)
ldr r7, [r2, #TI_TASK]
ldr r8, =__stack_chk_guard
- ldr r7, [r7, #TSK_STACK_CANARY]
+ .if (TSK_STACK_CANARY > IMM12_MASK)
+ add r7, r7, #TSK_STACK_CANARY & ~IMM12_MASK
+ .endif
+ ldr r7, [r7, #TSK_STACK_CANARY & IMM12_MASK]
#endif
#ifdef CONFIG_CPU_USE_DOMAINS
mcr p15, 0, r6, c3, c0, 0 @ Set domain register
diff --git a/arch/arm/mm/proc-macros.S b/arch/arm/mm/proc-macros.S
index 0d40c285bd86..f944836da8a2 100644
--- a/arch/arm/mm/proc-macros.S
+++ b/arch/arm/mm/proc-macros.S
@@ -25,11 +25,6 @@
ldr \rd, [\rn, #VMA_VM_FLAGS]
.endm
- .macro tsk_mm, rd, rn
- ldr \rd, [\rn, #TI_TASK]
- ldr \rd, [\rd, #TSK_ACTIVE_MM]
- .endm
-
/*
* act_mm - get current->active_mm
*/
@@ -37,7 +32,10 @@
bic \rd, sp, #8128
bic \rd, \rd, #63
ldr \rd, [\rd, #TI_TASK]
- ldr \rd, [\rd, #TSK_ACTIVE_MM]
+ .if (TSK_ACTIVE_MM > IMM12_MASK)
+ add \rd, \rd, #TSK_ACTIVE_MM & ~IMM12_MASK
+ .endif
+ ldr \rd, [\rd, #TSK_ACTIVE_MM & IMM12_MASK]
.endm
/*