| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <15A87C96-F904-4B59-939B-80653410A56E@vmware.com>
Date: Thu, 25 May 2023 10:32:53 +0000
From: Keerthana Kalyanasundaram <keerthanak@...are.com>
To: "keescook@...omium.org" <keescook@...omium.org>,
"linux-hardening@...r.kernel.org" <linux-hardening@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
CC: Alexey Makhalov <amakhalov@...are.com>,
Ajay Kaher <akaher@...are.com>,
Vasavi Sirnapalli <vsirnapalli@...are.com>
Subject: Re: PROBLEM: Using Randomize structure layout GCC plugin doesn't
generate proper debuginfo
Please find the sample C program and script below.
Sample C program (filename: test.c)
struct cpu_info {
float first;
char second;
union {
int cap[5];
long align_var;
};
} __attribute__((__designated_init__)) __attribute__((randomize_layout));
int main(void)
{
struct cpu_info boot_cpu_data = {
.first = 10,
.second = 11,
.cap = {1,2,3,4,5},
};
return 0;
}
...
Script to compile the C file with randstruct plugin (filename: test.sh)
#!/bin/sh
assert_command_true()
{
local command=$1
local output=
output="$(eval "$1")"
if [ $? -ne 0 ]; then
echo "$command FAILED!!"
exit 1
fi
}
echo "DOWNLOAD RANDSTRUCT PLUGIN CODE"
assert_command_true "curl -k -o randomize_layout_plugin.c https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/plain/scripts/gcc-plugins/randomize_layout_plugin.c?h=linux-6.3.y"
assert_command_true "curl -k -o gcc-common.h https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/plain/scripts/gcc-plugins/gcc-common.h?h=linux-6.3.y"
assert_command_true "curl -k -o gcc-generate-gimple-pass.h https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/plain/scripts/gcc-plugins/gcc-generate-gimple-pass.h?h=linux-6.3.y"
assert_command_true "curl -k -o gcc-generate-ipa-pass.h https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/plain/scripts/gcc-plugins/gcc-generate-ipa-pass.h?h=linux-6.3.y"
assert_command_true "curl -k -o gcc-generate-rtl-pass.h https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/plain/scripts/gcc-plugins/gcc-generate-rtl-pass.h?h=linux-6.3.y"
assert_command_true "curl -k -o gcc-generate-simple_ipa-pass.h https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/plain/scripts/gcc-plugins/gcc-generate-simple_ipa-pass.h?h=linux-6.3.y"
echo "COMPILE RANDSTRUCT PLUGIN"
gcc_version=$(gcc -dumpversion)
assert_command_true "g++ -Wall -O2 -fPIC -Wno-unused-variable -DPLUGIN_VERSION='\"6.3.y\"' -I /usr/lib/gcc/x86_64-unknown-linux-gnu/${gcc_version}/plugin/include -std=gnu++11 -fno-rtti -fno-exceptions -fasynchronous-unwind-tables -ggdb -Wno-narrowing -Wno-unused-variable -Wno-format-diag -shared -o randomize_layout_plugin.so randomize_layout_plugin.c"
echo "COMPILE test.c WITH RANDSTRUCT PLUGIN"
assert_command_true "gcc -g -DRANDSTRUCT -fplugin=./randomize_layout_plugin.so -fplugin-arg-randomize_layout_plugin-performance-mode -c -o test-randstruct.o test.c"
echo "COMPILE test.c WIHTOUT RANDSTRUCT PLUGIN"
assert_command_true "gcc -g -c -o test-no-randstruct.o test.c"
echo "INSPECT OBJDUMP"
assert_command_true "gdb test-randstruct.o -q -ex='set pagination off' -ex='ptype struct cpu_info' -ex q | tail -n +2 > struct-cpu_info-randstruct"
assert_command_true "gdb test-no-randstruct.o -q -ex='set pagination off' -ex='ptype struct cpu_info' -ex q | tail -n +2 > struct-cpu_info-no-randstruct"
assert_command_true "diff struct-cpu_info-randstruct struct-cpu_info-no-randstruct”
...
Randseed (filename: randomize_layout_seed.h)
const char *randstruct_seed = "8d01fec380b70520c9f1ec333231021e1d04f8fb64c858f7333187e79ee2111f”;
Thanks
Keerthana
> On 25-May-2023, at 3:51 PM, Keerthana Kalyanasundaram <keerthanak@...are.com> wrote:
>
> Hello,
>
> I’m reporting this bug in randomize strcture layout plugin in GCC plugins code of linux kernel tree.
> When I compile the kernel with randomize structure layout GCC plugin, the resulting debuginfo does not have the randomised structures.
>
> To reproduce this, I have a C sample program and a script to compile the program with and without randomize_layout_plugin
> from linux kernel, the resulted debuginfo in both cases are same. Though the plugin shuffles the structure members, the resulting debuginfo
> has unshuffled structure.
>
> I have found an old bug in GCC reporting the same https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84052 This bug has been closed as invalid though there was a conversation between PaX maintainers and GCC devs.
>
> I assume this issue has been there since the randomize_layout_plugin has been added in kernel. Please correct me if I’m wrong.
>
> Please let me know, if you need more information. I hope you are able to fix this issue.
>
> Thanks
> Keerthana
Powered by blists - more mailing lists