)]}' { "commit": "313dd1b629219db50cad532dba6a3b3b22ffe622", "tree": "f365980765f5f1f556eb4800e542686677179e9d", "parents": [ "0aa5e49c6845ecd82531341085f367767c9f419a" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Fri May 05 23:37:45 2017 -0700" }, "committer": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Thu Jun 22 16:15:45 2017 -0700" }, "message": "gcc-plugins: Add the randstruct plugin\n\nThis randstruct plugin is modified from Brad Spengler/PaX Team\u0027s code\nin the last public patch of grsecurity/PaX based on my understanding\nof the code. Changes or omissions from the original code are mine and\ndon\u0027t reflect the original grsecurity/PaX code.\n\nThe randstruct GCC plugin randomizes the layout of selected structures\nat compile time, as a probabilistic defense against attacks that need to\nknow the layout of structures within the kernel. This is most useful for\n\"in-house\" kernel builds where neither the randomization seed nor other\nbuild artifacts are made available to an attacker. While less useful for\ndistribution kernels (where the randomization seed must be exposed for\nthird party kernel module builds), it still has some value there since now\nall kernel builds would need to be tracked by an attacker.\n\nIn more performance sensitive scenarios, GCC_PLUGIN_RANDSTRUCT_PERFORMANCE\ncan be selected to make a best effort to restrict randomization to\ncacheline-sized groups of elements, and will not randomize bitfields. This\ncomes at the cost of reduced randomization.\n\nTwo annotations are defined,__randomize_layout and __no_randomize_layout,\nwhich respectively tell the plugin to either randomize or not to\nrandomize instances of the struct in question. Follow-on patches enable\nthe auto-detection logic for selecting structures for randomization\nthat contain only function pointers. It is disabled here to assist with\nbisection.\n\nSince any randomized structs must be initialized using designated\ninitializers, __randomize_layout includes the __designated_init annotation\neven when the plugin is disabled so that all builds will require\nthe needed initialization. (With the plugin enabled, annotations for\nautomatically chosen structures are marked as well.)\n\nThe main differences between this implemenation and grsecurity are:\n- disable automatic struct selection (to be enabled in follow-up patch)\n- add designated_init attribute at runtime and for manual marking\n- clarify debugging output to differentiate bad cast warnings\n- add whitelisting infrastructure\n- support gcc 7\u0027s DECL_ALIGN and DECL_MODE changes (Laura Abbott)\n- raise minimum required GCC version to 4.7\n\nEarlier versions of this patch series were ported by Michael Leibowitz.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\n", "tree_diff": [ { "type": "modify", "old_id": "77b92221f95127e8ccb11093c2ab9396a31262a4", "old_mode": 33188, "old_path": "Documentation/dontdiff", "new_id": "e10a484629e4e08e13101da8f0efd355a3bd021a", "new_mode": 33188, "new_path": "Documentation/dontdiff" }, { "type": "modify", "old_id": "6c00e5b00f8bd6ac4127b80fed79070843826069", "old_mode": 33188, "old_path": "arch/Kconfig", "new_id": "810bf206f22146d7d3649fb8964527aa87d2d838", "new_mode": 33188, "new_path": "arch/Kconfig" }, { "type": "modify", "old_id": "386caf6771ed58ba168700e1568d798d8ec96044", "old_mode": 33188, "old_path": "include/linux/compiler-gcc.h", "new_id": "7deaae3dc87d76915ccc9a6b912336f5bc68bcbc", "new_mode": 33188, "new_path": "include/linux/compiler-gcc.h" }, { "type": "modify", "old_id": "80a1dea36cbe060303a00468fd168d2bd7da10b4", "old_mode": 33188, "old_path": "include/linux/compiler.h", "new_id": "55ee9ee814f8f6fdce82d15baf09d5df05031e41", "new_mode": 33188, "new_path": "include/linux/compiler.h" }, { "type": "modify", "old_id": "6f8fbcf10dfb8ac6dd3ead787c5e4cf27e142c42", "old_mode": 33188, "old_path": "include/linux/vermagic.h", "new_id": "af6c03f7f986290b7efd01f27bdb1b81eae4e7bd", "new_mode": 33188, "new_path": "include/linux/vermagic.h" }, { "type": "modify", "old_id": "82335533620e0df172feade18b471623c9bfeb6b", "old_mode": 33188, "old_path": "scripts/Makefile.gcc-plugins", "new_id": "2e0e2eaa397fa05c6b25247092ba0035fd6417f8", "new_mode": 33188, "new_path": "scripts/Makefile.gcc-plugins" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "de92ed9e3d83cc0ddb8d53bd393e754b1ce71573", "new_mode": 33188, "new_path": "scripts/gcc-plugins/.gitignore" }, { "type": "modify", "old_id": "8b29dc17c73cad2730531464d3528c27973cb659", "old_mode": 33188, "old_path": "scripts/gcc-plugins/Makefile", "new_id": "214eb2335c31183e8fa438dfd6ad4a9ef3497209", "new_mode": 33188, "new_path": "scripts/gcc-plugins/Makefile" }, { "type": "modify", "old_id": "918953ca45274328dddf1b965d66d6294c2d5d54", "old_mode": 33188, "old_path": "scripts/gcc-plugins/gcc-common.h", "new_id": "6948898b3cdf8632e7a2b6c1bbe0530ea042c1ca", "new_mode": 33188, "new_path": "scripts/gcc-plugins/gcc-common.h" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "7514850f4815b5f7b337d8ec8ccc57b27b2f1026", "new_mode": 33188, "new_path": "scripts/gcc-plugins/gen-random-seed.sh" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "e1d1ba28739f1d368e7483a3bda141b303d73487", "new_mode": 33188, "new_path": "scripts/gcc-plugins/randomize_layout_plugin.c" } ] }