From patchwork Tue Oct 23 21:35:00 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Igor Stoppa X-Patchwork-Id: 10653801 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6EE0F13A4 for ; Tue, 23 Oct 2018 21:38:59 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5BDC22A416 for ; Tue, 23 Oct 2018 21:38:59 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 4F2DD2A421; Tue, 23 Oct 2018 21:38:59 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.0 required=2.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id 67FA52A416 for ; Tue, 23 Oct 2018 21:38:58 +0000 (UTC) Received: (qmail 15601 invoked by uid 550); 23 Oct 2018 21:36:29 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 15472 invoked from network); 23 Oct 2018 21:36:27 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references:reply-to; bh=TAyei4tGiwzaEFtWD6qceoBqlcxrR+efj6ojDl9ZulY=; b=itzYzOZKVGSRr5rVXV9w3CTN+HNRtiP2lfwk2bdN5A02HCaZvCEbnax0J9Fu/juSNo EcY511Ql87pqbnb0nQ0U4qlvdE/WGUUTyhGDw3ocKVdXVrH6nq1j+VVbuuQZBZ3Y2I+u 29hbESNI1S7hLjecHmP8IOlcVCaZa30vVsEtLe64Cw9MI0v07p2NrG9jjY3s2KBpm8lg rRfTiwuxjwvwnfNey826fVQVWA/nhe5Q/2Tp+jYyyT3lcto+pe0S34JatMd3V+ebedOk MjWulDt7SOtNxlaCwZMuKPaoMCvmL2XsAbZoMRLzFuGwvYBHmVQ/0nqh9XiTQOyJz+ee 7Qwg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:reply-to; bh=TAyei4tGiwzaEFtWD6qceoBqlcxrR+efj6ojDl9ZulY=; b=qGH+rOy4ksi6ai8nmYE/28SnZhI6zDuY6IRX8ia6hwaAxPOBzrJlMdiNXIZI/hid2R gVScjcDyxeRgeHI4EWuhrtH34KLh22vzz9Z5m+3EquqnsNxGIoCsSrsOwZEccpFVOHms fl4lbA/X/Z/v9iIHtkE3KT3jGGOQlj8F76rGTdt5S9EPOxcPKPOTU+se74DvvtDfRDja viR6q0axyhM7/O9zfXMhjH6ws/kZbxtG+SZMQasqHLi+vXVmLHfwMjV+FqxsOdkxuGbf VVtQXGgRga4ex4nutoPjxeFX4X87jdE0uHG7dqqEz2LYNl4JEOBgY5gjpLb0sU2GMHzM o0EQ== X-Gm-Message-State: AGRZ1gLUSfKLnzR+vvUHdFOpiD8bYmOn8NUrwwXAkxcvS97DZZwDSue0 UhaKGPd9zmppPDp1zbAP+N4= X-Google-Smtp-Source: ACcGV62jyvAifNg0UaxHUEFim2YZjRqmlefBY1q8HSVOsnALwybksvOWnPKQYCy+l29Mj8oEFgWb/A== X-Received: by 2002:a2e:3810:: with SMTP id f16-v6mr13247460lja.77.1540330576357; Tue, 23 Oct 2018 14:36:16 -0700 (PDT) From: Igor Stoppa X-Google-Original-From: Igor Stoppa To: Mimi Zohar , Kees Cook , Matthew Wilcox , Dave Chinner , James Morris , Michal Hocko , kernel-hardening@lists.openwall.com, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org Cc: igor.stoppa@huawei.com, Dave Hansen , Jonathan Corbet , Laura Abbott , Greg Kroah-Hartman , Andrew Morton , Masahiro Yamada , Alexey Dobriyan , Pekka Enberg , "Paul E. McKenney" , Lihao Liang , linux-kernel@vger.kernel.org Subject: [PATCH 13/17] prmem: linked list: disable layout randomization Date: Wed, 24 Oct 2018 00:35:00 +0300 Message-Id: <20181023213504.28905-14-igor.stoppa@huawei.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181023213504.28905-1-igor.stoppa@huawei.com> References: <20181023213504.28905-1-igor.stoppa@huawei.com> X-Virus-Scanned: ClamAV using ClamSMTP Some of the data structures used in list management are composed by two pointers. Since the kernel is now configured by default to randomize the layout of data structures soleley composed by pointers, this might prevent correct type punning between these structures and their write rare counterpart. It shouldn't be anyway a big loss, in terms of security: with only two fields, there is a 50% chance of guessing correctly the layout. The randomization is disabled only when write rare is enabled. Signed-off-by: Igor Stoppa CC: Kees Cook CC: Greg Kroah-Hartman CC: Andrew Morton CC: Masahiro Yamada CC: Alexey Dobriyan CC: Pekka Enberg CC: "Paul E. McKenney" CC: Lihao Liang CC: linux-kernel@vger.kernel.org --- include/linux/types.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/linux/types.h b/include/linux/types.h index 53609bbdcf0f..a9f6f6515fdc 100644 --- a/include/linux/types.h +++ b/include/linux/types.h @@ -187,12 +187,12 @@ typedef struct { struct list_head { struct list_head *next __aligned(sizeof(void *)); struct list_head *prev __aligned(sizeof(void *)); -} __aligned(sizeof(void *)); +} __no_randomize_layout __aligned(sizeof(void *)); struct hlist_node { struct hlist_node *next __aligned(sizeof(void *)); struct hlist_node **pprev __aligned(sizeof(void *)); -} __aligned(sizeof(void *)); +} __no_randomize_layout __aligned(sizeof(void *)); #else struct list_head { struct list_head *next, *prev;