From patchwork Fri May 26 20:17:23 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 9751109 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id F34AB60246 for ; Fri, 26 May 2017 20:20:31 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E5E2028334 for ; Fri, 26 May 2017 20:20:31 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id DA65B28347; Fri, 26 May 2017 20:20:31 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id D4C5528334 for ; Fri, 26 May 2017 20:20:30 +0000 (UTC) Received: (qmail 9430 invoked by uid 550); 26 May 2017 20:18:46 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 9336 invoked from network); 26 May 2017 20:18:43 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=GesQBZWrPOqt8adTVH7AHLREiJmrY1fxHiLydmXcwFQ=; b=OsiH/P3AdimQZsoeVgFzBDWZECaz/zUxb8GC6Pr1MEg8QC9wqTUukGGlBtTa7IwehA DTNF7DJ7lpb3SIB8DTsqy5CbAbyZrh80bzCg6gGUj6ZnisphQ5IKhu8Z0jQGlBRre62/ /lBTIA6C9grEJds8B5MnGMdumi4Nh8XSmCZBo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=GesQBZWrPOqt8adTVH7AHLREiJmrY1fxHiLydmXcwFQ=; b=Axj7sRASeDde1PCQIpTrVwf4C3FTUKaQXkKKa4hRUuSAi5QeeucA4c10i/ZHK1oLdm 1T7ykSver+DyCbtAdqjGI7s74DHpB6TKoAqW0XN4rEAFlXpfY3kjVuJ9DexQ4R3Vz7lN XojCt9g5H3fXcBOuFhT0uA639cNrypy6bo3u5JpMr5s4mGZG8jxxAJikFfghkrP4+7KT b0itTQSvhjbMClPPmt+rXpl1BJEf0NcEgMMYKkRlEZV+g25V5GdiK/C/zmN7FNSCpBKb IdbO8wCsLN/IMP8nGrjPf0fXKCyMxU59bnmtsfAplS4lPjjl5LKRw9GzSBZ5VfiMEreb xcJg== X-Gm-Message-State: AODbwcA0nW1ytzagirmerGd2q7qV/6ugiRzz+j40qXJvIh+meqvzD+kk rqWIWQNwF0bOq8DS X-Received: by 10.84.215.23 with SMTP id k23mr18956966pli.104.1495829911865; Fri, 26 May 2017 13:18:31 -0700 (PDT) From: Kees Cook To: kernel-hardening@lists.openwall.com Cc: Kees Cook , Linus Torvalds , Laura Abbott , x86@kernel.org, linux-kernel@vger.kernel.org Date: Fri, 26 May 2017 13:17:23 -0700 Message-Id: <1495829844-69341-20-git-send-email-keescook@chromium.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1495829844-69341-1-git-send-email-keescook@chromium.org> References: <1495829844-69341-1-git-send-email-keescook@chromium.org> Subject: [kernel-hardening] [PATCH v2 19/20] [RFC] task_struct: Allow randomized layout X-Virus-Scanned: ClamAV using ClamSMTP This marks most of the layout of task_struct as randomizable, but leaves thread_info and scheduler state untouched at the start, and thread_struct untouched at the end. Other parts of the kernel use unnamed structures, but the 0-day builder using gcc-4.4 blows up on static initializers. Officially, it's documented as only working on gcc 4.6 and later, which further confuses me: https://gcc.gnu.org/wiki/C11Status The structure layout randomization already requires gcc 4.7, but instead of depending on the plugin being enabled, just check the gcc versions for wider build testing. (But I'd rather find a way to avoid the #ifdef entirely.) One question about formatting remains: should this patch indent all the randomized fields, due to the added unnamed struct, which would make this patch white-space huge, or should I leave the indentation level alone, to avoid massive churn? I opted for making the patch more readable, but can easily do the indentation here or as a separate patch. It's not obvious to me what is the least invasive change to make... Cc: Linus Torvalds Signed-off-by: Kees Cook --- include/linux/sched.h | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/include/linux/sched.h b/include/linux/sched.h index b1298ad4da63..a9f7f957169c 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h @@ -490,6 +490,12 @@ struct task_struct { #endif /* -1 unrunnable, 0 runnable, >0 stopped: */ volatile long state; + + /* This begins the randomizable portion of task_struct... */ +#if GCC_VERSION >= 40600 + struct { +#endif + void *stack; atomic_t usage; /* Per task flags (PF_*), defined further below: */ @@ -1052,6 +1058,14 @@ struct task_struct { /* Used by LSM modules for access restriction: */ void *security; #endif + + /* + * New fields for task_struct should be added above here. + */ +#if GCC_VERSION >= 40600 + } __randomize_layout; +#endif + /* CPU-specific state of this task: */ struct thread_struct thread;