Merge tag 'gcc-plugins-v4.13-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git...
authorLinus Torvalds <torvalds@linux-foundation.org>
Wed, 19 Jul 2017 15:55:18 +0000 (08:55 -0700)
committerLinus Torvalds <torvalds@linux-foundation.org>
Wed, 19 Jul 2017 15:55:18 +0000 (08:55 -0700)
Pull structure randomization updates from Kees Cook:
 "Now that IPC and other changes have landed, enable manual markings for
  randstruct plugin, including the task_struct.

  This is the rest of what was staged in -next for the gcc-plugins, and
  comes in three patches, largest first:

   - mark "easy" structs with __randomize_layout

   - mark task_struct with an optional anonymous struct to isolate the
     __randomize_layout section

   - mark structs to opt _out_ of automated marking (which will come
     later)

  And, FWIW, this continues to pass allmodconfig (normal and patched to
  enable gcc-plugins) builds of x86_64, i386, arm64, arm, powerpc, and
  s390 for me"

* tag 'gcc-plugins-v4.13-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
  randstruct: opt-out externally exposed function pointer structs
  task_struct: Allow randomized layout
  randstruct: Mark various structs for randomization

24 files changed:
1  2 
arch/x86/include/asm/paravirt_types.h
arch/x86/include/asm/processor.h
fs/mount.h
fs/namei.c
fs/proc/internal.h
include/linux/compiler-gcc.h
include/linux/compiler.h
include/linux/cred.h
include/linux/dcache.h
include/linux/fs.h
include/linux/ipc.h
include/linux/kobject.h
include/linux/lsm_hooks.h
include/linux/module.h
include/linux/sched.h
include/linux/sem.h
include/linux/sysctl.h
include/linux/tty.h
include/net/af_unix.h
include/net/neighbour.h
include/net/net_namespace.h
include/net/sock.h
kernel/futex.c
security/keys/internal.h

Simple merge
Simple merge
diff --cc fs/mount.h
Simple merge
diff --cc fs/namei.c
Simple merge
index 18694598bebfb4781c79cb9c75107f37e54349c4,07b16318223fc2be0e951a3bbf1292433947aa02..aa2b8907163086daf83034a3dcf54b011d794fe9
@@@ -67,10 -67,10 +67,10 @@@ struct proc_inode 
        struct proc_dir_entry *pde;
        struct ctl_table_header *sysctl;
        struct ctl_table *sysctl_entry;
 -      struct list_head sysctl_inodes;
 +      struct hlist_node sysctl_inodes;
        const struct proc_ns_operations *ns_ops;
        struct inode vfs_inode;
- };
+ } __randomize_layout;
  
  /*
   * General functions
Simple merge
Simple merge
Simple merge
Simple merge
index 7b5d6816542b7f5af171d5680961aeb03184707b,8f28143486c402c49db9c1cfd2e8425f124dd5a9..6e1fd5d2124877c16bbbfab4487a772c8f7e37ee
@@@ -295,8 -275,7 +295,8 @@@ struct kiocb 
        void (*ki_complete)(struct kiocb *iocb, long ret, long ret2);
        void                    *private;
        int                     ki_flags;
- };
 +      enum rw_hint            ki_hint;
+ } __randomize_layout;
  
  static inline bool is_sync_kiocb(struct kiocb *kiocb)
  {
@@@ -403,8 -392,7 +403,8 @@@ struct address_space 
        gfp_t                   gfp_mask;       /* implicit gfp mask for allocations */
        struct list_head        private_list;   /* ditto */
        void                    *private_data;  /* ditto */
- } __attribute__((aligned(sizeof(long))));
 +      errseq_t                wb_err;
+ } __attribute__((aligned(sizeof(long)))) __randomize_layout;
        /*
         * On most architectures that alignment is already the case; but
         * must be enforced here for CRIS, to let the least significant bit
@@@ -882,8 -868,8 +882,9 @@@ struct file 
        struct list_head        f_tfile_llink;
  #endif /* #ifdef CONFIG_EPOLL */
        struct address_space    *f_mapping;
- } __attribute__((aligned(4)));        /* lest something weird decides that 2 is OK */
 +      errseq_t                f_wb_err;
+ } __randomize_layout
+   __attribute__((aligned(4)));        /* lest something weird decides that 2 is OK */
  
  struct file_handle {
        __u32 handle_bytes;
index 5591f055e13fd0777da082846331b6d106e3a33d,ea0eb0b5f98cd5f91d49cf73e47227782b4acd77..fadd579d577dc8aafd7c100ea51fe2bf630c76a0
@@@ -20,9 -20,6 +20,9 @@@ struct kern_ipc_perm 
        umode_t         mode;
        unsigned long   seq;
        void            *security;
- } ____cacheline_aligned_in_smp;
 +
 +      struct rcu_head rcu;
 +      atomic_t refcount;
+ } ____cacheline_aligned_in_smp __randomize_layout;
  
  #endif /* _LINUX_IPC_H */
Simple merge
Simple merge
Simple merge
Simple merge
index be5cf2ea14ade9d40e88114ea27a5c876423c8a0,23bcbdfad4a6aff208540f03014e0d629184bc99..de2deb8676bd6c39c55a439b5df98715915eb9c9
@@@ -39,9 -21,7 +39,9 @@@ struct sem_array 
        int                     sem_nsems;      /* no. of semaphores in array */
        int                     complex_count;  /* pending complex operations */
        unsigned int            use_global_lock;/* >0: global lock required */
- };
 +
 +      struct sem              sems[];
+ } __randomize_layout;
  
  #ifdef CONFIG_SYSVIPC
  
Simple merge
Simple merge
Simple merge
Simple merge
Simple merge
Simple merge
diff --cc kernel/futex.c
Simple merge
Simple merge