Received: by 10.223.185.116 with SMTP id b49csp2203372wrg; Thu, 22 Feb 2018 09:43:50 -0800 (PST) X-Google-Smtp-Source: AH8x224jBnaMgRmQM0m/X8jAdJQTv1lwnawnIppXpS6xym0wqsIjZMKZJQXZcNpKgF3kkLrWGXvd X-Received: by 10.98.36.217 with SMTP id k86mr7676691pfk.137.1519321429931; Thu, 22 Feb 2018 09:43:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519321429; cv=none; d=google.com; s=arc-20160816; b=SSleVNRTm5e8FPpidwF5/skDDr7B7TDdXKFAN7rrU73V/vEIlEt/wpYonbYEfefz7s r+5q3vv8AdDwIZlhU1Px9t96tq34bU/RhbXAaYDf6O2r3WQEVTnB7RkRVu6bFRq2RwYN NINRA+UTxso/0jN6fK4gXzxiBA5CWdylwAzx6m261rkFZ2r1rADKiECrQd1wkNGR7QuF Uzdo4jwmq8X29MmPP7ru6XC9eN2ALYRagdWYu3b3IZt+6O//85Q/hnJYlrRKSe4wWjZ5 +X4NnBY5y5bumUyUBzwKGCuFK6CR5vBO+sVUDHha09IDtmabJLhi8AvbfVAjyoWks7oz 5XWw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-disposition:mime-version :message-id:subject:cc:to:from:date:dkim-signature :arc-authentication-results; bh=aGknBahZ4AllxvszBJ3msff1ajMTN3Vo3rZFhCwAVYo=; b=SmUd4PVGygXxVvuAvj35DsMtkuiqAhHfVktFIG7RmjfpiOReEd2WrM+f23SrBtv8y3 6KL5DRIEYGX3N/+TY/B8dDA6uyVDVWqNx7ZBBoS4cr7zibAoUqHT7INVfCVFJ4TvmVIb 7qpyRpYJxcLHK+FmFc4AWJnbt/MpI661cTestrwtSIFgpk06xw59NpklHZzbTgq5luVw gK6vrcFfS7iYIw5ACk+leRKpEKL2H+oUU+HTfgfFrWnfr5QVvgMbYsYsYGz8ijH+wsQC Sgd2ktjlo/z47W1KlFZ0HGAgOeHF5gGxBtZB2/Ob8bezEZ2YH5oGNPpNrnCuUsluJbkC 8IQQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=FHR9RyrO; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p20si376368pfi.13.2018.02.22.09.43.35; Thu, 22 Feb 2018 09:43:49 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=FHR9RyrO; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933542AbeBVRlo (ORCPT + 99 others); Thu, 22 Feb 2018 12:41:44 -0500 Received: from mail-pf0-f196.google.com ([209.85.192.196]:38031 "EHLO mail-pf0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933427AbeBVRln (ORCPT ); Thu, 22 Feb 2018 12:41:43 -0500 Received: by mail-pf0-f196.google.com with SMTP id d26so2358145pfn.5 for ; Thu, 22 Feb 2018 09:41:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=date:from:to:cc:subject:message-id:mime-version:content-disposition; bh=aGknBahZ4AllxvszBJ3msff1ajMTN3Vo3rZFhCwAVYo=; b=FHR9RyrOwBHfScWK1haF3N1gE7FhMOmha+uXXNbqABDeVVKL5Y2LhZDvSlAG3yGI6K auvCxvVv7OAGWEQhw8x2jzlAg2urKrhvdD7nCyYSRaJmmNaUr7TP39ulywroIVtYGnWF o3Be2aNfDOt23srLjez71j5egXILGRlhTbNe8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version :content-disposition; bh=aGknBahZ4AllxvszBJ3msff1ajMTN3Vo3rZFhCwAVYo=; b=mO8BYz6gOJpAPBfIXbUHNdJa73SPBcXIqPr5LQkK5cJGBbw66M2mBIoIMliY1PmVY4 B4YEKAafNjkgaXwr6m29kMB3EhoeH9K7Kij4OKQQ15gcFbH3mxOJX0HA9aLqrc5xdwvk N6QeJhMdfpdBezuj91XseUPxojvVdr3ETL9YpOWCEA/DfJalib9hmR+DDo42ZWWkJs1r hgzOVnTcG/IZYdsIejqljB7ahuU+mmCqznbGIxOVV2wn6lBWjBuRZiFZc2RK/cfaBATZ XvvFdOHN4JhSW4WKOhGOUbCaF9vUMrovtkBg1MCSYPz6SvJVJt8UrSGF45aphKoi4aGu e3yQ== X-Gm-Message-State: APf1xPBzv8SShrSmRW+nLCFBSTOF0MP2V8ShoTFEbhxmbGgp7xTyuyyL RQj6X/Db2zSr8wlk2ECtmJ332A== X-Received: by 10.98.229.21 with SMTP id n21mr7615632pff.158.1519321302690; Thu, 22 Feb 2018 09:41:42 -0800 (PST) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id 186sm962453pfe.2.2018.02.22.09.41.41 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 22 Feb 2018 09:41:41 -0800 (PST) Date: Thu, 22 Feb 2018 09:41:40 -0800 From: Kees Cook To: Linus Torvalds Cc: Patrick McLean , "Maciej S. Szmigiero" , linux-kernel@vger.kernel.org Subject: [PATCH v3] kconfig.h: Include compiler types to avoid missed struct attributes Message-ID: <20180222174140.GA3154@beast> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The header files for some structures could get included in such a way that struct attributes (specifically __randomize_layout from path.h) would be parsed as variable names instead of attributes. This could lead to some instances of a structure being unrandomized, causing nasty GPFs, etc. This patch makes sure the compiler_types.h header is included in kconfig.h so that we've always got types and struct attributes defined, since kconfig.h is included from the compiler command line. Reported-by: Patrick McLean Root-caused-by: Maciej S. Szmigiero Suggested-by: Linus Torvalds Tested-by: Maciej S. Szmigiero Fixes: 3859a271a003 ("randstruct: Mark various structs for randomization") Signed-off-by: Kees Cook --- Updated to include Tested-by. Linus, this looks ready to go. I'll send -stable patches that just fix up path.h. --- include/linux/kconfig.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/linux/kconfig.h b/include/linux/kconfig.h index fec5076eda91..c5fd4ee776ba 100644 --- a/include/linux/kconfig.h +++ b/include/linux/kconfig.h @@ -64,4 +64,7 @@ */ #define IS_ENABLED(option) __or(IS_BUILTIN(option), IS_MODULE(option)) +/* Make sure we always have all types and struct attributes defined. */ +#include + #endif /* __LINUX_KCONFIG_H */ -- 2.7.4 -- Kees Cook Pixel Security