Prepare to mark sensitive kernel structures for randomization by making
sure they're using designated initializers. These were identified during
allyesconfig builds of x86, arm, and arm64, with most initializer fixes
extracted from grsecurity.
Signed-off-by: Kees Cook <[email protected]>
---
drivers/misc/sgi-xp/xp_main.c | 59 ++++++++++++++++++++++++++++---------------
1 file changed, 39 insertions(+), 20 deletions(-)
diff --git a/drivers/misc/sgi-xp/xp_main.c b/drivers/misc/sgi-xp/xp_main.c
index 01be66d02ca8..bb47f9d9b68a 100644
--- a/drivers/misc/sgi-xp/xp_main.c
+++ b/drivers/misc/sgi-xp/xp_main.c
@@ -71,20 +71,44 @@ EXPORT_SYMBOL_GPL(xpc_registrations);
/*
* Initialize the XPC interface to indicate that XPC isn't loaded.
*/
-static enum xp_retval
-xpc_notloaded(void)
+static void xpc_notloaded_connect(int ch_number)
+{ }
+
+static void xpc_notloaded_disconnect(int ch_number)
+{ }
+
+static enum xp_retval xpc_notloaded_send(short partid, int ch_number,
+ u32 flags, void *payload,
+ u16 payload_size)
+{
+ return xpNotLoaded;
+}
+
+static enum xp_retval xpc_notloaded_send_notify(short partid, int ch_number,
+ u32 flags, void *payload,
+ u16 payload_size,
+ xpc_notify_func func,
+ void *key)
+{
+ return xpNotLoaded;
+}
+
+static void xpc_notloaded_received(short partid, int ch_number, void *payload)
+{ }
+
+static enum xp_retval xpc_notloaded_partid_to_nasids(short partid,
+ void *nasid_mask)
{
return xpNotLoaded;
}
struct xpc_interface xpc_interface = {
- (void (*)(int))xpc_notloaded,
- (void (*)(int))xpc_notloaded,
- (enum xp_retval(*)(short, int, u32, void *, u16))xpc_notloaded,
- (enum xp_retval(*)(short, int, u32, void *, u16, xpc_notify_func,
- void *))xpc_notloaded,
- (void (*)(short, int, void *))xpc_notloaded,
- (enum xp_retval(*)(short, void *))xpc_notloaded
+ .connect = xpc_notloaded_connect,
+ .disconnect = xpc_notloaded_disconnect,
+ .send = xpc_notloaded_send,
+ .send_notify = xpc_notloaded_send_notify,
+ .received = xpc_notloaded_received,
+ .partid_to_nasids = xpc_notloaded_partid_to_nasids
};
EXPORT_SYMBOL_GPL(xpc_interface);
@@ -115,17 +139,12 @@ EXPORT_SYMBOL_GPL(xpc_set_interface);
void
xpc_clear_interface(void)
{
- xpc_interface.connect = (void (*)(int))xpc_notloaded;
- xpc_interface.disconnect = (void (*)(int))xpc_notloaded;
- xpc_interface.send = (enum xp_retval(*)(short, int, u32, void *, u16))
- xpc_notloaded;
- xpc_interface.send_notify = (enum xp_retval(*)(short, int, u32, void *,
- u16, xpc_notify_func,
- void *))xpc_notloaded;
- xpc_interface.received = (void (*)(short, int, void *))
- xpc_notloaded;
- xpc_interface.partid_to_nasids = (enum xp_retval(*)(short, void *))
- xpc_notloaded;
+ xpc_interface.connect = xpc_notloaded_connect;
+ xpc_interface.disconnect = xpc_notloaded_disconnect;
+ xpc_interface.send = xpc_notloaded_send;
+ xpc_interface.send_notify = xpc_notloaded_send_notify;
+ xpc_interface.received = xpc_notloaded_received;
+ xpc_interface.partid_to_nasids = xpc_notloaded_partid_to_nasids;
}
EXPORT_SYMBOL_GPL(xpc_clear_interface);
--
2.7.4
--
Kees Cook
Nexus Security
On Fri, Dec 16, 2016 at 7:01 PM, Kees Cook <[email protected]> wrote:
> Prepare to mark sensitive kernel structures for randomization by making
> sure they're using designated initializers. These were identified during
> allyesconfig builds of x86, arm, and arm64, with most initializer fixes
> extracted from grsecurity.
I guess I don't understand the context enough here to give you a
Signed-off-by. Can you give us more background on this randomization?
>From what I see in the code here, I can see you are providing
equivalent functionality and I would give it a signed-off-by, but I am
not sure this randomization of which you speak is not going to cause
problems for XP, XPC, XPNET, and XPMEM (out of tree GPL kernel
module).
Robin
On Tue, Jan 3, 2017 at 3:19 PM, Kees Cook <[email protected]> wrote:
> On Wed, Dec 21, 2016 at 8:24 AM, Robin Holt <[email protected]> wrote:
>> On Fri, Dec 16, 2016 at 7:01 PM, Kees Cook <[email protected]> wrote:
>>> Prepare to mark sensitive kernel structures for randomization by making
>>> sure they're using designated initializers. These were identified during
>>> allyesconfig builds of x86, arm, and arm64, with most initializer fixes
>>> extracted from grsecurity.
>>
>> I guess I don't understand the context enough here to give you a
>> Signed-off-by. Can you give us more background on this randomization?
>
> Sure thing! The randomization is on the order of function pointers in
> all-pointer structures (like struct xpc_interface). As long as the
> memory containing the structure isn't shared externally, this
> randomization should have no operational effect. The reason explicit
> no-op functions were added was to avoid ugly casts, etc.
Friendly ping ... any chance this can land in -next soon?
>> From what I see in the code here, I can see you are providing
>> equivalent functionality and I would give it a signed-off-by, but I am
>> not sure this randomization of which you speak is not going to cause
>> problems for XP, XPC, XPNET, and XPMEM (out of tree GPL kernel
>> module).
>
> Ah, hm, does this module share the structure without being built
> against the kernel? (If built with the kernel, the randomization
> plugin will keep things in the right order.)
Regardless of your answer, this randomization can be turned off.
Switching to designated initializers here is mainly just a clean up.
Thanks!
-Kees
--
Kees Cook
Pixel Security