Received: by 10.223.164.202 with SMTP id h10csp554508wrb; Wed, 8 Nov 2017 22:47:47 -0800 (PST) X-Google-Smtp-Source: ABhQp+Q+UkLOZ8i0DKN9irH59Lu0+GUyYqXhJMwrJy8MGOY4aomMWECu5cBz7nJZm18+AdeQUphQ X-Received: by 10.159.204.139 with SMTP id t11mr2908227plo.121.1510210067167; Wed, 08 Nov 2017 22:47:47 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510210067; cv=none; d=google.com; s=arc-20160816; b=bO+UFUcUEeQ+ygUoeR2Yc9bd+Jca+aSwR3wdCjBhu7eVTpgBhGMFqBTfu5jFpHTaeI h9kJ6ZW4rXLK6G6TVSRHgxPx154DNgtNwWDwAUicT5j8mJqAztrG8cEApLAIACb5VqyD HtEmGunk1fen+n1fDk/3YCeaSzJ8gAR9cq5u5N94Uf04CmxMAEPZOr8cuMtH9EfTyfuy fiEMGM9Qp9rNXwgAePMzXLEmr9Pxl6XlCafoXcqwgnR/l9MjcYkLEkas0EhRbApxb+SB ulC9NObQVy8CLcmKkSCmlh9Jj9k5YOicMA1wIXrYh7U/pdfAbcQWriZ2qvKVJXhgDYTX NPaw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :arc-authentication-results; bh=fFrd5lNGIWSB7UFBRY5Ku37HGhq3ml1PnxAOdEynVQQ=; b=I0P3xvlQ+5KANwDj1GipEAvN1jr9dSPmA8HiM3jkQmU+PakkTA2jwIN2Sg4E3APMJL TzQvJ+CdekCkEIBjxUW5L5gi9gvcuOarLkD2/4uns0FPxayd4Ag/WofuLqGqMb71bKyA FejbIRPNET//eomYczbzD8SRpXo7OhK+qCG26U5MdyMx1mY9U7lmlHpVcrCJ8F3aENJg Dhs++YYT72y2fnpKlEXnHX0GOaey89E+OKmG/zTD9EAnIL6XJnkZLrUMx4PEuxftArsN Fk5RamxKWELmPujy/ZwPmzWu0Po4F3Ph32ehyhSELk5uebVdhTyq5jJNyCbqU6TxSazS M6Kg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c17si6000515pfe.338.2017.11.08.22.47.35; Wed, 08 Nov 2017 22:47:47 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751958AbdKIGq4 (ORCPT + 82 others); Thu, 9 Nov 2017 01:46:56 -0500 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:47816 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751093AbdKIGqz (ORCPT ); Thu, 9 Nov 2017 01:46:55 -0500 Received: from pps.filterd (m0098414.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.21/8.16.0.21) with SMTP id vA96iTuT063452 for ; Thu, 9 Nov 2017 01:46:55 -0500 Received: from e06smtp10.uk.ibm.com (e06smtp10.uk.ibm.com [195.75.94.106]) by mx0b-001b2d01.pphosted.com with ESMTP id 2e4fx8df84-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Thu, 09 Nov 2017 01:46:54 -0500 Received: from localhost by e06smtp10.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 9 Nov 2017 06:46:53 -0000 Received: from b06cxnps3075.portsmouth.uk.ibm.com (9.149.109.195) by e06smtp10.uk.ibm.com (192.168.101.140) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Thu, 9 Nov 2017 06:46:50 -0000 Received: from d06av24.portsmouth.uk.ibm.com (mk.ibm.com [9.149.105.60]) by b06cxnps3075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id vA96koT535782906; Thu, 9 Nov 2017 06:46:50 GMT Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 07AE642041; Thu, 9 Nov 2017 06:41:53 +0000 (GMT) Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B6FBA4203F; Thu, 9 Nov 2017 06:41:51 +0000 (GMT) Received: from localhost.localdomain (unknown [9.40.193.84]) by d06av24.portsmouth.uk.ibm.com (Postfix) with ESMTP; Thu, 9 Nov 2017 06:41:51 +0000 (GMT) From: Sandipan Das To: rientjes@google.com, akpm@linux-foundation.org, gregkh@linuxfoundation.org, kstewart@linuxfoundation.org, tglx@linutronix.de Cc: linux-kernel@vger.kernel.org, naveen.n.rao@linux.vnet.ibm.com, ast@fb.com Subject: [PATCH] compiler, clang: handle randomizable anonymous structs Date: Thu, 9 Nov 2017 12:16:45 +0530 X-Mailer: git-send-email 2.13.6 X-TM-AS-GCONF: 00 x-cbid: 17110906-0040-0000-0000-000003EC4653 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17110906-0041-0000-0000-000025EEE79F Message-Id: <20171109064645.25581-1-sandipan@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2017-11-09_01:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1707230000 definitions=main-1711090096 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The GCC randomize layout plugin can randomize the member offsets of sensitive kernel data structures. To use this feature, certain annotations and members are added to the structures which affect the member offsets even if this plugin is not used. All of these structures are completely randomized, except for task_struct which leaves out some of its members. All the other members are wrapped within an anonymous struct with the __randomize_layout attribute. This is done using the randomized_struct_fields_start and randomized_struct_fields_end defines. When the plugin is disabled, the behaviour of this attribute can vary based on the GCC version. For GCC 5.1+, this attribute maps to __designated_init otherwise it is just an empty define but the anonymous structure is still present. For other compilers, both randomized_struct_fields_start and randomized_struct_fields_end default to empty defines meaning the anonymous structure is not introduced at all. So, if a module compiled with Clang, such as a BPF program, needs to access task_struct fields such as pid and comm, the offsets of these members as recognized by Clang are different from those recognized by modules compiled with GCC. If GCC 4.6+ is used to build the kernel, this can be solved by introducing appropriate defines for Clang so that the anonymous structure is seen when determining the offsets for the members. Signed-off-by: Sandipan Das --- include/linux/compiler-clang.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/linux/compiler-clang.h b/include/linux/compiler-clang.h index 54dfef70a072..780b1242bf24 100644 --- a/include/linux/compiler-clang.h +++ b/include/linux/compiler-clang.h @@ -16,3 +16,6 @@ * with any version that can compile the kernel */ #define __UNIQUE_ID(prefix) __PASTE(__PASTE(__UNIQUE_ID_, prefix), __COUNTER__) + +#define randomized_struct_fields_start struct { +#define randomized_struct_fields_end }; -- 2.13.6 From 1585302944505697157@xxx Tue Nov 28 09:51:41 +0000 2017 X-GM-THRID: 1585302944505697157 X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread