redonkable
/
alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/Documentation
History
Kees Cook 313dd1b629 gcc-plugins: Add the randstruct plugin 
This randstruct plugin is modified from Brad Spengler/PaX Team's code
in the last public patch of grsecurity/PaX based on my understanding
of the code. Changes or omissions from the original code are mine and
don't reflect the original grsecurity/PaX code.

The randstruct GCC plugin randomizes the layout of selected structures
at compile time, as a probabilistic defense against attacks that need to
know the layout of structures within the kernel. This is most useful for
"in-house" kernel builds where neither the randomization seed nor other
build artifacts are made available to an attacker. While less useful for
distribution kernels (where the randomization seed must be exposed for
third party kernel module builds), it still has some value there since now
all kernel builds would need to be tracked by an attacker.

In more performance sensitive scenarios, GCC_PLUGIN_RANDSTRUCT_PERFORMANCE
can be selected to make a best effort to restrict randomization to
cacheline-sized groups of elements, and will not randomize bitfields. This
comes at the cost of reduced randomization.

Two annotations are defined,__randomize_layout and __no_randomize_layout,
which respectively tell the plugin to either randomize or not to
randomize instances of the struct in question. Follow-on patches enable
the auto-detection logic for selecting structures for randomization
that contain only function pointers. It is disabled here to assist with
bisection.

Since any randomized structs must be initialized using designated
initializers, __randomize_layout includes the __designated_init annotation
even when the plugin is disabled so that all builds will require
the needed initialization. (With the plugin enabled, annotations for
automatically chosen structures are marked as well.)

The main differences between this implemenation and grsecurity are:
- disable automatic struct selection (to be enabled in follow-up patch)
- add designated_init attribute at runtime and for manual marking
- clarify debugging output to differentiate bad cast warnings
- add whitelisting infrastructure
- support gcc 7's DECL_ALIGN and DECL_MODE changes (Laura Abbott)
- raise minimum required GCC version to 4.7

Earlier versions of this patch series were ported by Michael Leibowitz.

Signed-off-by: Kees Cook <keescook@chromium.org>
 		2017-06-22 16:15:45 -07:00
..
ABI pci-v4.12-changes 2017-05-08 19:03:25 -07:00
DocBook char/misc patches for 4.12-rc1 2017-05-04 19:15:35 -07:00
EDID drm: use .hword to represent 16-bit numbers 2017-03-30 10:15:19 +02:00
PCI pci-v4.12-changes 2017-05-08 19:03:25 -07:00
RCU Merge branches 'doc.2017.04.12a', 'fixes.2017.04.19a' and 'srcu.2017.04.21a' into HEAD 2017-04-21 06:00:13 -07:00
accounting tools: move accounting tool from Documentation 2016-09-23 13:07:15 -06:00
acpi A reasonably busy cycle for documentation this time around. There is a new 2017-05-02 10:21:17 -07:00
admin-guide Connect the newly RST-formatted documentation to the rest; this had to wait 2017-05-11 11:29:52 -07:00
aoe
arm ARM: SoC platform updates 2017-05-09 09:49:36 -07:00
arm64 arm64: documentation: document tagged pointer stack constraints 2017-05-09 17:43:18 +01:00
auxdisplay samples: move auxdisplay example code from Documentation 2016-09-23 11:52:32 -06:00
backlight
blackfin samples: move blackfin gptimers-example from Documentation 2016-10-10 07:12:02 -06:00
block block, bfq: stress that low_latency must be off to get max throughput 2017-05-10 07:39:43 -06:00
blockdev remove the mg_disk driver 2017-04-14 14:00:49 -06:00
bus-devices
cdrom cdrom: Make device operations read-only 2017-02-14 08:29:56 -07:00
cgroup-v1 Merge branch 'for-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup 2017-02-27 21:41:08 -08:00
cma
connector samples: connector: from Documentation to samples directory 2016-04-28 07:47:35 -06:00
console
core-api docs-rst: core_api: move driver-specific stuff to drivers_api 2017-04-02 14:17:43 -06:00
cpu-freq cpufreq: User/admin documentation update and consolidation 2017-03-13 17:08:42 -06:00
cpuidle
cris
crypto Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2017-05-03 08:50:52 -07:00
dev-tools scripts/spelling.txt: add "disble(d)" pattern and fix typo instances 2017-03-09 17:01:09 -08:00
device-mapper - A major update for DM cache that reduces the latency for deciding 2017-05-03 10:31:20 -07:00
devicetree staging/android/ion: remove useless document file 2017-05-15 11:17:31 +02:00
dmaengine dmaengine: Documentation: Fix typo in pxa_dma.txt 2016-11-14 08:14:24 +05:30
doc-guide docs-rst: automatically convert Graphviz and SVG images 2017-03-09 02:59:26 -07:00
driver-api char/misc patches for 4.12-rc1 2017-05-04 19:15:35 -07:00
driver-model PCI: Implement devm_pci_remap_cfgspace() 2017-04-24 13:53:13 -05:00
early-userspace Documentation: Fix dead URLs to ftp.kernel.org 2017-03-29 15:46:06 -06:00
extcon extcon: Remove porting compatibility of swich class 2017-04-06 10:55:24 +09:00
fault-injection
fb Documentation: fb: fix spelling mistakes 2016-05-10 12:05:27 +03:00
features powerpc updates for 4.12 part 1. 2017-05-05 11:36:44 -07:00
filesystems Tigran has moved 2017-05-12 15:57:15 -07:00
firmware_class firmware: revamp firmware documentation 2017-01-11 09:42:59 +01:00
fmc
fpga fpga: Add scatterlist based programming 2017-02-10 15:20:44 +01:00
frv docs: fix locations of several documents that got moved 2016-10-24 08:12:35 -02:00
gpio gpio: return NULL from gpiod_get_optional when GPIOLIB is disabled 2017-03-15 11:16:30 +01:00
gpu drm: Document code of conduct 2017-05-05 11:48:17 +10:00
hid Documentation: hid: fix path to input bus definitions 2017-03-13 17:15:19 -06:00
hwmon drivers: hwmon: Support for ASPEED PWM/Fan tach 2017-04-10 13:12:18 -07:00
i2c i2c: i801: Add support for Intel Gemini Lake 2017-02-09 17:39:16 +01:00
ia64 selftests: move ia64 tests from Documentation/ia64 2016-09-20 09:58:12 -06:00
ide
iio iio: Documentation: Correct the path used to create triggers. 2016-10-01 00:49:58 -06:00
infiniband IB/opa-vnic: Virtual Network Interface Controller (VNIC) documentation 2017-04-20 12:01:06 -04:00
input docs-rst: add input docs at main index and use kernel-figure 2017-05-09 13:36:02 -06:00
ioctl TEE driver infrastructure and OP-TEE drivers 2017-05-10 11:20:09 -07:00
isdn docs: fix locations of several documents that got moved 2016-10-24 08:12:35 -02:00
kbuild uapi: export all arch specifics directories 2017-05-11 00:22:17 +09:00
kdump Documentation: kdump: describe arm64 port 2017-04-05 18:32:32 +01:00
laptops platform/x86: thinkpad_acpi: Add support for X1 Yoga (2016) Tablet Mode 2016-12-13 09:29:06 -08:00
leds Documentaion: leds: leds-lp55xx.txt: Fix typos 2017-03-17 13:06:14 -06:00
lightnvm lightnvm: physical block device (pblk) target 2017-04-16 10:06:33 -06:00
livepatch livepatch: allow removal of a disabled patch 2017-03-08 09:38:43 +01:00
locking locking/ww_mutex/Documentation: Update the design document 2017-01-14 11:14:55 +01:00
m68k docs: fix locations of several documents that got moved 2016-10-24 08:12:35 -02:00
md Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md 2017-05-03 10:05:38 -07:00
media media updates for v4.12-rc1 2017-05-05 17:34:57 -07:00
memory-devices
metag
mic samples: move mic/mpssd example code from Documentation 2016-09-20 12:38:48 -06:00
mips
misc-devices Documentation: misc-devices: Add Documentation for pci-endpoint-test driver 2017-04-28 10:23:19 -05:00
mmc MMC core: 2017-05-02 17:34:32 -07:00
mn10300
mtd spi-nor: Add support for Intel SPI serial flash controller 2017-01-03 17:33:36 +00:00
namespaces
netlabel
networking Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2017-05-02 16:40:27 -07:00
nfc
nios2
nvdimm libnvdimm, btt: update the usage section in Documentation 2016-06-17 16:23:23 -07:00
nvmem
parisc
pcmcia tools: move pcmcia crc32hash tool from Documentation 2016-09-23 13:07:27 -06:00
perf perf: qcom: Add L3 cache PMU driver 2017-04-03 18:53:50 +01:00
phy
platform
power A reasonably busy cycle for documentation this time around. There is a new 2017-05-02 10:21:17 -07:00
powerpc powerpc/fadump: update documentation about crashkernel parameter reuse 2017-05-08 17:15:11 -07:00
pps Doc: clarify source of jitter in USB1.1, and USB2.0 2017-01-04 14:40:52 -07:00
prctl selftests: move prctl tests from Documentation/prctl 2016-09-20 09:09:09 -06:00
process docs: complete bumping minimal GNU Make version to 3.81 2017-05-06 18:49:09 -07:00
pti
ptp selftests: move ptp tests from Documentation/ptp 2016-09-20 09:54:38 -06:00
rapidio rapidio/documentation/mport_cdev: add missing parameter description 2016-09-01 17:52:02 -07:00
s390 docs: add documentation for vfio-ccw 2017-03-31 12:55:11 +02:00
scheduler sched/Documentation: Add 'sched-pelt' tool 2017-04-14 10:26:35 +02:00
scsi scsi: make asynchronous aborts mandatory 2017-04-06 13:07:33 -04:00
security KEYS: add SP800-56A KDF support for DH 2017-04-04 22:33:38 +01:00
serial Documentation: rs485: Do not define manually the ioctl 2016-08-18 11:08:33 -06:00
sh
sound ALSA: hda - Allow to enable/disable vmaster build explicitly 2017-04-10 17:45:27 +02:00
sparc Documentation/sparc: Steps for sending break on sunhv console 2017-02-23 08:27:25 -08:00
sphinx tmplcvt: make the tool more robust 2017-04-11 14:35:15 -06:00
sphinx-static This is the documentation update pull for the 4.9 merge window. 2016-10-04 13:54:07 -07:00
spi spi: spi-ep93xx: simplify GPIO chip selects 2017-02-16 20:10:26 +00:00
sysctl Replace 2 jiffies with sysctl netdev_budget_usecs to enable softirq tuning 2017-04-21 13:22:34 -04:00
target Documentation/target: add an example script to configure an iSCSI target 2017-05-01 22:21:35 -07:00
thermal Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux 2017-05-12 11:58:45 -07:00
timers time: Remove CONFIG_TIMER_STATS 2017-02-10 11:15:08 +01:00
trace New features for this release: 2017-05-03 18:41:21 -07:00
translations docs: update references to the device io book 2017-05-09 13:44:56 -06:00
usb doc-rst: fixed kernel-doc directives in usb/typec.rst 2017-05-17 11:52:44 +02:00
userspace-api docs: Convert unshare.txt to RST and add to the user-space API manual 2017-04-02 15:18:32 -06:00
virtual Second round of KVM/ARM Changes for v4.12. 2017-05-09 12:51:49 +02:00
vm Documentation/vm/transhuge.txt: fix trivial typos 2017-05-08 17:15:14 -07:00
w1 w1: add documentation for w1_ds2438 2017-03-17 15:10:49 +09:00
watchdog iTCO_wdt: all versions count down twice 2017-05-19 10:42:11 +02:00
wimax
x86 x86/intel_rdt: Fix a typo in Documentation 2017-05-09 09:41:42 +02:00
xtensa xtensa: cleanup MMU setup and kernel layout macros 2016-07-24 06:33:58 +03:00
.gitignore Add .pyc files to .gitignore 2016-06-30 13:07:33 -06:00
00-INDEX Documentation: tee subsystem and op-tee driver 2017-03-10 14:51:57 +01:00
Changes docs: add back 'Documentation/Changes' file (as symlink) 2016-12-14 16:30:12 -08:00
CodingStyle doc: re-add CodingStyle and SubmittingPatches 2016-10-24 08:12:35 -02:00
DMA-API-HOWTO.txt Documentation: DMA-API-HOWTO: Fix a typo 2016-09-20 17:58:46 -06:00
DMA-API.txt dma-mapping: add dma_{map,unmap}_resource 2016-09-26 22:16:41 +05:30
DMA-ISA-LPC.txt Documentation: DMA-ISA-LPC.txt 2017-02-12 15:20:07 -07:00
DMA-attributes.txt common: DMA-mapping: add DMA_ATTR_PRIVILEGED attribute 2017-01-19 15:56:19 +00:00
IPMI.txt Documentation: Fix a typo in IPMI.txt. 2017-01-05 15:01:54 -06:00
IRQ-affinity.txt
IRQ-domain.txt Documentation/IRQ-domain.txt: Document irq_domain_create_{linear, tree} 2016-03-31 00:32:59 -06:00
IRQ.txt
Intel-IOMMU.txt
Makefile samples: move blackfin gptimers-example from Documentation 2016-10-10 07:12:02 -06:00
Makefile.sphinx Add a target to check broken external links in the Documentation 2017-02-15 15:22:47 -07:00
SAK.txt
SM501.txt
SubmittingPatches doc: re-add CodingStyle and SubmittingPatches 2016-10-24 08:12:35 -02:00
bcache.txt bcache: documentation formatting, edited for clarity, stripe alignment notes 2016-06-23 07:58:38 -06:00
bt8xxgpio.txt
btmrvl.txt
bus-virt-phys-mapping.txt
cachetlb.txt
cgroup-v2.txt mm, docs: update memory.stat description with workingset* entries 2017-05-12 15:57:16 -07:00
circular-buffers.txt Documentation: circular-buffers: use READ_ONCE() 2016-11-16 16:17:45 -07:00
clk.txt Documentation: clk: update file names containing referenced structures 2016-08-14 12:12:36 -06:00
conf.py Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2017-05-03 12:38:20 -07:00
cpu-load.txt
cputopology.txt docs: Fix a couple typos 2017-04-27 15:54:39 -06:00
crc32.txt
dcdbas.txt
debugging-modules.txt
debugging-via-ohci1394.txt docs: Fix a couple typos 2017-04-27 15:54:39 -06:00
dell_rbu.txt
digsig.txt
docutils.conf doc-rst: add docutils config file 2016-08-14 11:52:40 -06:00
dontdiff gcc-plugins: Add the randstruct plugin 2017-06-22 16:15:45 -07:00
efi-stub.txt
eisa.txt
flexible-arrays.txt
futex-requeue-pi.txt
gcc-plugins.txt gcc-plugins: update architecture list in documentation 2017-03-21 22:20:05 +11:00
highuid.txt
hw_random.txt
hwspinlock.txt
index.rst docs-rst: add input docs at main index and use kernel-figure 2017-05-09 13:36:02 -06:00
intel_txt.txt
io-mapping.txt
io_ordering.txt
iostats.txt
irqflags-tracing.txt
isa.txt Documentation: Add ISA bus driver documentation 2016-05-02 09:32:04 -07:00
isapnp.txt
kernel-doc-nano-HOWTO.txt docs-rst: doc-guide: split the kernel-documentation.rst contents 2016-11-19 10:22:04 -07:00
kernel-per-CPU-kthreads.txt docs: fix locations of several documents that got moved 2016-10-24 08:12:35 -02:00
kobject.txt
kprobes.txt Documentation: kprobes: Document jprobes stack copying limitations 2016-08-15 10:19:11 -06:00
kref.txt Revert "kref: double kref_put() in my_data_handler()" 2017-04-08 18:38:10 +02:00
kselftest.txt scripts/spelling.txt: add "an user" pattern and fix typo instances 2017-02-27 18:43:46 -08:00
ldm.txt
lockup-watchdogs.txt docs: fix locations of several documents that got moved 2016-10-24 08:12:35 -02:00
logo.gif
logo.txt
lzo.txt Documentation: lzo: fix spelling mistakes 2016-04-28 07:23:11 -06:00
mailbox.txt
memory-barriers.txt Connect the newly RST-formatted documentation to the rest; this had to wait 2017-05-11 11:29:52 -07:00
memory-hotplug.txt scripts/spelling.txt: add "followings" pattern and fix typo instances 2017-02-27 18:43:47 -08:00
men-chameleon-bus.txt
nommu-mmap.txt
ntb.txt
numastat.txt
padata.txt
parport-lowlevel.txt
percpu-rw-semaphore.txt
phy.txt Documentation: phy: Fix repetition of word 'the' 2017-03-09 00:33:15 -07:00
pi-futex.txt
pinctrl.txt pinctrl: core: Fix pinctrl_register_and_init() with pinctrl_enable() 2017-04-07 01:08:08 +02:00
pnp.txt
preempt-locking.txt
printk-formats.txt mm, printk: introduce new format string for flags 2016-03-15 16:55:16 -07:00
pwm.txt pwm: Update documentation 2016-05-17 14:48:04 +02:00
rbtree.txt
remoteproc.txt remoteproc: Split driver and consumer dereferencing 2016-10-02 22:50:21 -07:00
rfkill.txt docs: fix locations of several documents that got moved 2016-10-24 08:12:35 -02:00
robust-futex-ABI.txt
robust-futexes.txt Documentation: robust-futexes: fix spelling mistakes 2016-04-28 07:26:41 -06:00
rpmsg.txt rpmsg: use module_rpmsg_driver in existing drivers and examples 2016-05-06 11:09:01 -07:00
rtc.txt rtc: implement a sysfs interface for clock offset 2016-03-14 17:08:16 +01:00
sgi-ioc4.txt
siphash.txt siphash: implement HalfSipHash1-3 for hash tables 2017-01-09 13:58:57 -05:00
smsc_ece1099.txt
static-keys.txt docs: Fix a couple typos 2017-04-27 15:54:39 -06:00
svga.txt
switchtec.txt switchtec: Add IOCTLs to the Switchtec driver 2017-04-12 12:23:37 -05:00
sync_file.txt Documentation: sync_file.txt: Fix typos 2017-03-17 13:03:36 -06:00
tee.txt Documentation: tee subsystem and op-tee driver 2017-03-10 14:51:57 +01:00
this_cpu_ops.txt
unaligned-memory-access.txt Documentation/unaligned-memory-access.txt: fix incorrect comparison operator 2016-12-27 13:08:42 -07:00
vfio-mediated-device.txt docs: Fix a spelling error in vfio-mediated-device.txt 2017-04-27 15:54:39 -06:00
vfio.txt
video-output.txt
xillybus.txt Documentation: xillybus: fix spelling mistake 2016-04-28 07:44:54 -06:00
xz.txt
zorro.txt docs: Fix a couple typos 2017-04-27 15:54:39 -06:00