Skip to content

Commit

Permalink
randstruct: Enable Clang support
Browse files Browse the repository at this point in the history 
Clang 15 will support randstruct via the -frandomize-layout-seed-file=...
option. Update the Kconfig and Makefile to recognize this feature.

Cc: Masahiro Yamada <masahiroy@kernel.org>
Cc: linux-kbuild@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20220503205503.3054173-7-keescook@chromium.org
  • Loading branch information
@kees
kees committed May 8, 2022
1 parent be2b34f commit 035f7f8
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 2 deletions.
3 changes: 3 additions & 0 deletions scripts/Makefile.randstruct
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,9 @@ randstruct-cflags-y \
+= -fplugin=$(objtree)/scripts/gcc-plugins/randomize_layout_plugin.so
randstruct-cflags-$(CONFIG_RANDSTRUCT_PERFORMANCE) \
+= -fplugin-arg-randomize_layout_plugin-performance-mode
else
randstruct-cflags-y \
+= -frandomize-layout-seed-file=$(objtree)/scripts/basic/randstruct.seed
endif

export RANDSTRUCT_CFLAGS := $(randstruct-cflags-y)
Expand Down
14 changes: 12 additions & 2 deletions security/Kconfig.hardening
View file
Original file line number Diff line number Diff line change
Expand Up @@ -266,9 +266,12 @@ config ZERO_CALL_USED_REGS

endmenu

config CC_HAS_RANDSTRUCT
def_bool $(cc-option,-frandomize-layout-seed-file=/dev/null)

choice
prompt "Randomize layout of sensitive kernel structures"
default RANDSTRUCT_FULL if COMPILE_TEST && GCC_PLUGINS
default RANDSTRUCT_FULL if COMPILE_TEST && (GCC_PLUGINS || CC_HAS_RANDSTRUCT)
default RANDSTRUCT_NONE
help
If you enable this, the layouts of structures that are entirely
Expand Down Expand Up @@ -297,13 +300,20 @@ choice

config RANDSTRUCT_FULL
bool "Fully randomize structure layout"
depends on GCC_PLUGINS
depends on CC_HAS_RANDSTRUCT || GCC_PLUGINS
select MODVERSIONS if MODULES
help
Fully randomize the member layout of sensitive
structures as much as possible, which may have both a
memory size and performance impact.

One difference between the Clang and GCC plugin
implementations is the handling of bitfields. The GCC
plugin treats them as fully separate variables,
introducing sometimes significant padding. Clang tries
to keep adjacent bitfields together, but with their bit
ordering randomized.

config RANDSTRUCT_PERFORMANCE
bool "Limit randomization of structure layout to cache-lines"
depends on GCC_PLUGINS
Expand Down

0 comments on commit 035f7f8

Please sign in to comment.