| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 4 Dec 2017 13:08:08 +0100
From: Greg KH <gregkh@...uxfoundation.org>
To: Alexei Starovoitov <alexei.starovoitov@...il.com>
Cc: Sandipan Das <sandipan@...ux.vnet.ibm.com>,
akpm@...ux-foundation.org, kstewart@...uxfoundation.org,
linux-kernel@...r.kernel.org, yhs@...com, atish.patra@...cle.com,
Brendan Gregg <brendan.d.gregg@...il.com>,
Daniel Borkmann <daniel@...earbox.net>
Subject: Re: [PATCH] compiler, clang: handle randomizable anonymous structs
On Fri, Dec 01, 2017 at 06:18:08PM -0800, Alexei Starovoitov wrote:
> On Thu, Nov 09, 2017 at 12:16:45PM +0530, Sandipan Das wrote:
> > The GCC randomize layout plugin can randomize the member
> > offsets of sensitive kernel data structures. To use this
> > feature, certain annotations and members are added to the
> > structures which affect the member offsets even if this
> > plugin is not used.
> >
> > All of these structures are completely randomized, except
> > for task_struct which leaves out some of its members. All
> > the other members are wrapped within an anonymous struct
> > with the __randomize_layout attribute. This is done using
> > the randomized_struct_fields_start and
> > randomized_struct_fields_end defines. When the plugin is
> > disabled, the behaviour of this attribute can vary based
> > on the GCC version. For GCC 5.1+, this attribute maps to
> > __designated_init otherwise it is just an empty define
> > but the anonymous structure is still present. For other
> > compilers, both randomized_struct_fields_start and
> > randomized_struct_fields_end default to empty defines
> > meaning the anonymous structure is not introduced at all.
> > So, if a module compiled with Clang, such as a BPF program,
> > needs to access task_struct fields such as pid and comm,
> > the offsets of these members as recognized by Clang are
> > different from those recognized by modules compiled with
> > GCC. If GCC 4.6+ is used to build the kernel, this can be
> > solved by introducing appropriate defines for Clang so
> > that the anonymous structure is seen when determining the
> > offsets for the members.
> >
> > Signed-off-by: Sandipan Das <sandipan@...ux.vnet.ibm.com>
> > ---
> > include/linux/compiler-clang.h | 3 +++
> > 1 file changed, 3 insertions(+)
> >
> > diff --git a/include/linux/compiler-clang.h b/include/linux/compiler-clang.h
> > index 54dfef70a072..780b1242bf24 100644
> > --- a/include/linux/compiler-clang.h
> > +++ b/include/linux/compiler-clang.h
> > @@ -16,3 +16,6 @@
> > * with any version that can compile the kernel
> > */
> > #define __UNIQUE_ID(prefix) __PASTE(__PASTE(__UNIQUE_ID_, prefix), __COUNTER__)
> > +
> > +#define randomized_struct_fields_start struct {
> > +#define randomized_struct_fields_end };
> > --
> > 2.13.6
>
> Andrew or Greg,
> could you please pull this patch into 4.13 and 4.14 releases as well ?
> Sorry we missed the stable tag when submitting it originally.
> It is commit 4ca59b14e588 ("include/linux/compiler-clang.h: handle randomizable anonymous structs")
4.13 is end-of-life, but 4.14 is not, so I've queued it up for that one.
thanks,
greg k-h
Powered by blists - more mailing lists