diff options
author | Kees Cook <keescook@chromium.org> | 2017-07-04 21:41:31 -0700 |
---|---|---|
committer | Kees Cook <keescook@chromium.org> | 2017-07-04 21:41:31 -0700 |
commit | d1185a8c5dd21182012e6dd531b00fd72f4d30cb (patch) | |
tree | 1c394d6e27bad00e0f3aba4e59ca19823d0486d5 /arch | |
parent | 6f7da290413ba713f0cdd9ff1a2a9bb129ef4f6c (diff) | |
parent | 03232e0ddebdc2c9d088e6748075704885f039a5 (diff) |
Merge branch 'merge/randstruct' into for-next/gcc-plugins
Diffstat (limited to 'arch')
-rw-r--r-- | arch/Kconfig | 41 | ||||
-rw-r--r-- | arch/arm/include/asm/assembler.h | 2 | ||||
-rw-r--r-- | arch/arm/kernel/entry-armv.S | 5 | ||||
-rw-r--r-- | arch/arm/mm/proc-macros.S | 10 |
4 files changed, 50 insertions, 8 deletions
diff --git a/arch/Kconfig b/arch/Kconfig index 6c00e5b00f8b..3eac97a4c7b3 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -425,7 +425,7 @@ config GCC_PLUGIN_STRUCTLEAK bool "Force initialization of variables containing userspace addresses" depends on GCC_PLUGINS help - This plugin zero-initializes any structures that containing a + This plugin zero-initializes any structures containing a __user attribute. This can prevent some classes of information exposures. @@ -443,6 +443,45 @@ config GCC_PLUGIN_STRUCTLEAK_VERBOSE initialized. Since not all existing initializers are detected by the plugin, this can produce false positive warnings. +config GCC_PLUGIN_RANDSTRUCT + bool "Randomize layout of sensitive kernel structures" + depends on GCC_PLUGINS + select MODVERSIONS if MODULES + help + If you say Y here, the layouts of structures explicitly + marked by __randomize_layout will be randomized at + compile-time. This can introduce the requirement of an + additional information exposure vulnerability for exploits + targeting these structure types. + + Enabling this feature will introduce some performance impact, + slightly increase memory usage, and prevent the use of forensic + tools like Volatility against the system (unless the kernel + source tree isn't cleaned after kernel installation). + + The seed used for compilation is located at + scripts/gcc-plgins/randomize_layout_seed.h. It remains after + a make clean to allow for external modules to be compiled with + the existing seed and will be removed by a make mrproper or + make distclean. + + Note that the implementation requires gcc 4.7 or newer. + + This plugin was ported from grsecurity/PaX. More information at: + * https://grsecurity.net/ + * https://pax.grsecurity.net/ + +config GCC_PLUGIN_RANDSTRUCT_PERFORMANCE + bool "Use cacheline-aware structure randomization" + depends on GCC_PLUGIN_RANDSTRUCT + depends on !COMPILE_TEST + help + If you say Y here, the RANDSTRUCT randomization will make a + best effort at restricting randomization to cacheline-sized + groups of elements. It will further not randomize bitfields + in structures. This reduces the performance hit of RANDSTRUCT + at the cost of weakened randomization. + config HAVE_CC_STACKPROTECTOR bool help diff --git a/arch/arm/include/asm/assembler.h b/arch/arm/include/asm/assembler.h index 68b06f9c65de..ad301f107dd2 100644 --- a/arch/arm/include/asm/assembler.h +++ b/arch/arm/include/asm/assembler.h @@ -87,6 +87,8 @@ #define CALGN(code...) #endif +#define IMM12_MASK 0xfff + /* * Enable and disable interrupts */ diff --git a/arch/arm/kernel/entry-armv.S b/arch/arm/kernel/entry-armv.S index 9f157e7c51e7..c731f0d2b2af 100644 --- a/arch/arm/kernel/entry-armv.S +++ b/arch/arm/kernel/entry-armv.S @@ -797,7 +797,10 @@ ENTRY(__switch_to) #if defined(CONFIG_CC_STACKPROTECTOR) && !defined(CONFIG_SMP) ldr r7, [r2, #TI_TASK] ldr r8, =__stack_chk_guard - ldr r7, [r7, #TSK_STACK_CANARY] + .if (TSK_STACK_CANARY > IMM12_MASK) + add r7, r7, #TSK_STACK_CANARY & ~IMM12_MASK + .endif + ldr r7, [r7, #TSK_STACK_CANARY & IMM12_MASK] #endif #ifdef CONFIG_CPU_USE_DOMAINS mcr p15, 0, r6, c3, c0, 0 @ Set domain register diff --git a/arch/arm/mm/proc-macros.S b/arch/arm/mm/proc-macros.S index 0d40c285bd86..f944836da8a2 100644 --- a/arch/arm/mm/proc-macros.S +++ b/arch/arm/mm/proc-macros.S @@ -25,11 +25,6 @@ ldr \rd, [\rn, #VMA_VM_FLAGS] .endm - .macro tsk_mm, rd, rn - ldr \rd, [\rn, #TI_TASK] - ldr \rd, [\rd, #TSK_ACTIVE_MM] - .endm - /* * act_mm - get current->active_mm */ @@ -37,7 +32,10 @@ bic \rd, sp, #8128 bic \rd, \rd, #63 ldr \rd, [\rd, #TI_TASK] - ldr \rd, [\rd, #TSK_ACTIVE_MM] + .if (TSK_ACTIVE_MM > IMM12_MASK) + add \rd, \rd, #TSK_ACTIVE_MM & ~IMM12_MASK + .endif + ldr \rd, [\rd, #TSK_ACTIVE_MM & IMM12_MASK] .endm /* |