From patchwork Thu Apr 6 21:18:31 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 9668475 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id F41AA602B3 for ; Thu, 6 Apr 2017 21:21:41 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3BE75285CF for ; Thu, 6 Apr 2017 21:21:42 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 30A52285E9; Thu, 6 Apr 2017 21:21:42 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id 3DADE285CF for ; Thu, 6 Apr 2017 21:21:41 +0000 (UTC) Received: (qmail 1363 invoked by uid 550); 6 Apr 2017 21:19:48 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 29876 invoked from network); 6 Apr 2017 21:19:22 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=5iIGdj2tc5d37lmayEk8KQdYZgBJO9ejsbqDQZtavis=; b=KgzJeQMPdlsFLoyhekwTGklIoFcvjvVrsvj8TgCxh+BlhWZqouxl60ak8DEpWT5AOJ /p8dXqmAUWMIdS4l4z7y1IY5KGM5bkFw1q6+0SugLnQi/9zMPlOdRlzd0be7yDWdpNU5 erOdyU3eFbk00IpM8Mx+nou4rSK6K2+UhKJ9I= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=5iIGdj2tc5d37lmayEk8KQdYZgBJO9ejsbqDQZtavis=; b=sojMwW7zLla32jr8Y/uwkyAikusDfJLbyXLaQUCoGHlfu/XnTR/cAKF/CdFKtcODIE DuIu6aFIHTvGmtvTSUDgZD8wp/+HQlV6nYfCCeMON7lkfydlfy+rjWNupFzwbaYeISP9 qrD7xUvl2GgzSy03TCOr/yDml96sKsQWbIu1fp/kVN7lK7l1ieTAZRdrgoOBJABsneT7 46mrAEfYAFTOH3J9aKyNhS23bCDpt6gbf6gx0xYb7+OgmiUk7jbqK9zyjWDGE+o7YUht WuOuAYs2AXwKkQCogYo9yXVLESg7SpyoYXnZ78rkuKEkVKfrZmrUl2Kiynt6Bo6XURsI GzAA== X-Gm-Message-State: AFeK/H2ygkkxF61ludMMu8SWLe10Qj7cPUh4NXERQuoHr6pyG5uZuFfUdrl1XyhdCGcyozYE X-Received: by 10.99.54.202 with SMTP id d193mr17690380pga.190.1491513551160; Thu, 06 Apr 2017 14:19:11 -0700 (PDT) From: Kees Cook To: kernel-hardening@lists.openwall.com Cc: Kees Cook , Michael Leibowitz Date: Thu, 6 Apr 2017 14:18:31 -0700 Message-Id: <1491513513-84351-17-git-send-email-keescook@chromium.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1491513513-84351-1-git-send-email-keescook@chromium.org> References: <1491513513-84351-1-git-send-email-keescook@chromium.org> Subject: [kernel-hardening] [PATCH 16/18] task_struct: Allow randomized layout X-Virus-Scanned: ClamAV using ClamSMTP This marks most of the layout of task_struct as randomizable, but leaves thread_info and scheduler state untouched at the start, and thread_struct untouched at the end. Additionally, this keeps the blocked and saved sigset_t fields unrandomized relative to each other, as found in grsecurity. I tried to find a rationale for this, but so far I haven't been able to find instances, but it seems like a nasty enough corner case to have to debug that I've left it in. One question about formatting remains: should this patch indent all the randomized fields, due to the added anonymous struct, which would make this patch white-space huge, or should I leave the indentation level alone, to avoid massive churn? I opted for making the patch more readable, but can easily do the indentation... Signed-off-by: Kees Cook --- include/linux/sched.h | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/include/linux/sched.h b/include/linux/sched.h index 91f3ea399e0c..96903286b5dc 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h @@ -490,6 +490,10 @@ struct task_struct { #endif /* -1 unrunnable, 0 runnable, >0 stopped: */ volatile long state; + + /* This begins the randomizable portion of task_struct... */ + struct { + void *stack; atomic_t usage; /* Per task flags (PF_*), defined further below: */ @@ -745,10 +749,13 @@ struct task_struct { /* Signal handlers: */ struct signal_struct *signal; struct sighand_struct *sighand; - sigset_t blocked; sigset_t real_blocked; - /* Restored if set_restore_sigmask() was used: */ - sigset_t saved_sigmask; + /* These need to stay unrandomized, relative to each other. */ + struct { + sigset_t blocked; + /* Restored if set_restore_sigmask() was used: */ + sigset_t saved_sigmask; + }; struct sigpending pending; unsigned long sas_ss_sp; size_t sas_ss_size; @@ -1050,6 +1057,8 @@ struct task_struct { #ifdef CONFIG_LIVEPATCH int patch_state; #endif + } __randomize_layout; + /* CPU-specific state of this task: */ struct thread_struct thread;