From patchwork Thu Apr 6 21:18:22 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 9668449 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 54C56602B3 for ; Thu, 6 Apr 2017 21:20:02 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9046F285A1 for ; Thu, 6 Apr 2017 21:20:02 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 83435285E7; Thu, 6 Apr 2017 21:20:02 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id B366F285A1 for ; Thu, 6 Apr 2017 21:20:01 +0000 (UTC) Received: (qmail 30076 invoked by uid 550); 6 Apr 2017 21:19:27 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 28657 invoked from network); 6 Apr 2017 21:19:18 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=ofePIJoZKIvdB9M1iOx6Pslf4YsWcHBjC172bV1KFN4=; b=id+JnKmPLbtWRVtxUikzbQBvDLjxzFhJ/yd75MZjCM903pMwxfmfCsNU5vBlZzsOX2 NdwK6/2kJY6mokLXlnc/HJmXeyf9B3YZOq5PGaRxLI1g1aemECpbeocuotcWv8aQs6DI 5+eXskJGcpcKAMRqc/f0BH9f/Miw55GYSAsN0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ofePIJoZKIvdB9M1iOx6Pslf4YsWcHBjC172bV1KFN4=; b=YmHhDGWksmh98He/DI6wmFhY3DJMvoZlghxbeQs/0JNc3Ji7ci3LMAf17rLcOORQvD lRhy4B63B34FttjQAPSzrJK+GytEj4vNinC/q62GNpcR428xmtnUK8IUeuoTvX91hqiX JwQNitb0ovLXLuCTBcHcoupbqClwrtDK7kAMLRTIuMYpfOKojgdzcqs3pI8HZdqpEn7v eOhCpy5I4QB3oV1ZP5RnBukHPHYgSGIISS7GidJkHJvltGS0uxPhe3UGmKicNwCrSNOt OkFjkT2RGAZ+0KACu2YznNTKT1VTY0RQ3BIhfTk8UQVq1cQ2T3km+U3LkIRTW9CnuCnz sa3A== X-Gm-Message-State: AFeK/H2bCDaVNi1P3JjUYlzO9rcYMHPDvM5sm+rJIj0nlxxDlGAcq5WlZ3c2Q/eWMpNXPIuO X-Received: by 10.99.67.131 with SMTP id q125mr11567711pga.156.1491513546298; Thu, 06 Apr 2017 14:19:06 -0700 (PDT) From: Kees Cook To: kernel-hardening@lists.openwall.com Cc: Kees Cook , Michael Leibowitz Date: Thu, 6 Apr 2017 14:18:22 -0700 Message-Id: <1491513513-84351-8-git-send-email-keescook@chromium.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1491513513-84351-1-git-send-email-keescook@chromium.org> References: <1491513513-84351-1-git-send-email-keescook@chromium.org> MIME-Version: 1.0 Subject: [kernel-hardening] [PATCH 07/18] randstruct: Whitelist struct security_hook_heads cast X-Virus-Scanned: ClamAV using ClamSMTP The LSM initialization routines walk security_hook_heads as an array of struct list_head instead of via names to avoid a ton of needless source. Whitelist this to avoid the false positive warning from the plugin: security/security.c: In function ‘security_init’: security/security.c:59:20: note: found mismatched op0 struct pointer types: ‘struct list_head’ and ‘struct security_hook_heads’ struct list_head *list = (struct list_head *) &security_hook_heads; ^ Signed-off-by: Kees Cook --- scripts/gcc-plugins/randomize_layout_plugin.c | 38 ++++++++++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) diff --git a/scripts/gcc-plugins/randomize_layout_plugin.c b/scripts/gcc-plugins/randomize_layout_plugin.c index dc03a6beb06b..63c654a00249 100644 --- a/scripts/gcc-plugins/randomize_layout_plugin.c +++ b/scripts/gcc-plugins/randomize_layout_plugin.c @@ -762,6 +762,33 @@ static void handle_local_var_initializers(void) } } +static bool type_name_eq(gimple stmt, const_tree type_tree, const char *wanted_name) +{ + const char *type_name; + + if (type_tree == NULL_TREE) + return false; + + switch (TREE_CODE(type_tree)) { + case RECORD_TYPE: + type_name = TYPE_NAME_POINTER(type_tree); + break; + default: + inform(gimple_location(stmt), "unhandled cast comparison: %qT\n", type_tree); + debug_tree(type_tree); + return false; + } + + return strcmp(type_name, wanted_name) == 0; +} + +static bool whitelisted_cast(gimple stmt, + const_tree lhs_tree, const_tree rhs_tree, + const char *lhs, const char *rhs) +{ + return type_name_eq(stmt, lhs_tree, lhs) && type_name_eq(stmt, rhs_tree, rhs); +} + /* * iterate over all statements to find "bad" casts: * those where the address of the start of a structure is cast @@ -859,8 +886,17 @@ static unsigned int find_bad_casts_execute(void) #ifndef __DEBUG_PLUGIN if (lookup_attribute("randomize_performed", TYPE_ATTRIBUTES(op0_type))) + { #endif - inform(gimple_location(stmt), "found mismatched op0 struct pointer types: %qT and %qT\n", ptr_lhs_type, op0_type); + /* + * Whitelist walking struct security_hook_heads + * as an array of struct list_head. + */ + if (whitelisted_cast(stmt, ptr_lhs_type, op0_type, "list_head", "security_hook_heads")) + continue; + + inform(gimple_location(stmt), "found mismatched op0 struct pointer types: %qT and %qT\n", ptr_lhs_type, op0_type); + } } else { const_tree ssa_name_var = SSA_NAME_VAR(rhs1); /* skip bogus type casts introduced by container_of */