forked from Minki/linux
randstruct: Enable Clang support
Clang 15 will support randstruct via the -frandomize-layout-seed-file=... option. Update the Kconfig and Makefile to recognize this feature. Cc: Masahiro Yamada <masahiroy@kernel.org> Cc: linux-kbuild@vger.kernel.org Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20220503205503.3054173-7-keescook@chromium.org
This commit is contained in:
Kees Cook
parent
be2b34fa9b
commit
035f7f87b7
@ -7,6 +7,9 @@ randstruct-cflags-y \
|
|||||||
+= -fplugin=$(objtree)/scripts/gcc-plugins/randomize_layout_plugin.so
|
+= -fplugin=$(objtree)/scripts/gcc-plugins/randomize_layout_plugin.so
|
||||||
randstruct-cflags-$(CONFIG_RANDSTRUCT_PERFORMANCE) \
|
randstruct-cflags-$(CONFIG_RANDSTRUCT_PERFORMANCE) \
|
||||||
+= -fplugin-arg-randomize_layout_plugin-performance-mode
|
+= -fplugin-arg-randomize_layout_plugin-performance-mode
|
||||||
|
else
|
||||||
|
randstruct-cflags-y \
|
||||||
|
+= -frandomize-layout-seed-file=$(objtree)/scripts/basic/randstruct.seed
|
||||||
endif
|
endif
|
||||||
|
|
||||||
export RANDSTRUCT_CFLAGS := $(randstruct-cflags-y)
|
export RANDSTRUCT_CFLAGS := $(randstruct-cflags-y)
|
||||||
|
|||||||
@ -266,9 +266,12 @@ config ZERO_CALL_USED_REGS
|
|||||||
|
|
||||||
endmenu
|
endmenu
|
||||||
|
|
||||||
|
config CC_HAS_RANDSTRUCT
|
||||||
|
def_bool $(cc-option,-frandomize-layout-seed-file=/dev/null)
|
||||||
|
|
||||||
choice
|
choice
|
||||||
prompt "Randomize layout of sensitive kernel structures"
|
prompt "Randomize layout of sensitive kernel structures"
|
||||||
default RANDSTRUCT_FULL if COMPILE_TEST && GCC_PLUGINS
|
default RANDSTRUCT_FULL if COMPILE_TEST && (GCC_PLUGINS || CC_HAS_RANDSTRUCT)
|
||||||
default RANDSTRUCT_NONE
|
default RANDSTRUCT_NONE
|
||||||
help
|
help
|
||||||
If you enable this, the layouts of structures that are entirely
|
If you enable this, the layouts of structures that are entirely
|
||||||
@ -297,13 +300,20 @@ choice
|
|||||||
|
|
||||||
config RANDSTRUCT_FULL
|
config RANDSTRUCT_FULL
|
||||||
bool "Fully randomize structure layout"
|
bool "Fully randomize structure layout"
|
||||||
depends on GCC_PLUGINS
|
depends on CC_HAS_RANDSTRUCT || GCC_PLUGINS
|
||||||
select MODVERSIONS if MODULES
|
select MODVERSIONS if MODULES
|
||||||
help
|
help
|
||||||
Fully randomize the member layout of sensitive
|
Fully randomize the member layout of sensitive
|
||||||
structures as much as possible, which may have both a
|
structures as much as possible, which may have both a
|
||||||
memory size and performance impact.
|
memory size and performance impact.
|
||||||
|
|
||||||
|
One difference between the Clang and GCC plugin
|
||||||
|
implementations is the handling of bitfields. The GCC
|
||||||
|
plugin treats them as fully separate variables,
|
||||||
|
introducing sometimes significant padding. Clang tries
|
||||||
|
to keep adjacent bitfields together, but with their bit
|
||||||
|
ordering randomized.
|
||||||
|
|
||||||
config RANDSTRUCT_PERFORMANCE
|
config RANDSTRUCT_PERFORMANCE
|
||||||
bool "Limit randomization of structure layout to cache-lines"
|
bool "Limit randomization of structure layout to cache-lines"
|
||||||
depends on GCC_PLUGINS
|
depends on GCC_PLUGINS
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user