2022-05-04 02:04:01

by Kees Cook

[permalink] [raw]
Subject: [PATCH 0/6] randstruct: Enable Clang support

Hi,

This enables Clang's recently added structure layout randomization
support, similar to the existing kernel-specific GCC plugin. The general
Makefile and Kconfig changes are mainly mechanical (moving options
around), but the random seed generation changes are a bit fiddly because
it needs to be created very early. I think I did this reasonably, but
I'd love some more eyes on it.

Thanks!

-Kees

Kees Cook (6):
netfs: Eliminate Clang randstruct warning
sancov: Split plugin build from plugin CFLAGS
randstruct: Reorganize Kconfigs and attribute macros
randstruct: Split randstruct Makefile and CFLAGS
randstruct: Move seed generation into scripts/basic/
randstruct: Enable Clang support

Documentation/dontdiff | 1 +
Documentation/kbuild/reproducible-builds.rst | 8 +--
Makefile | 1 +
arch/arm/vdso/Makefile | 2 +-
arch/arm64/kernel/vdso/Makefile | 3 +-
arch/riscv/Kconfig | 2 +-
arch/sparc/vdso/Makefile | 3 +-
arch/x86/entry/vdso/Makefile | 3 +-
arch/x86/mm/pti.c | 2 +-
include/linux/compiler-gcc.h | 8 ---
include/linux/compiler_types.h | 14 ++--
include/linux/netfs.h | 4 +-
include/linux/vermagic.h | 10 +--
kernel/panic.c | 2 +-
scripts/Makefile.gcc-plugins | 22 +++---
scripts/Makefile.randstruct | 17 +++++
scripts/basic/.gitignore | 1 +
scripts/basic/Makefile | 11 +++
scripts/gcc-plugins/Kconfig | 38 ----------
scripts/gcc-plugins/Makefile | 15 ++--
scripts/gcc-plugins/gen-random-seed.sh | 9 ---
scripts/gen-randstruct-seed.sh | 7 ++
security/Kconfig.hardening | 73 ++++++++++++++++++++
23 files changed, 159 insertions(+), 97 deletions(-)
create mode 100644 scripts/Makefile.randstruct
delete mode 100755 scripts/gcc-plugins/gen-random-seed.sh
create mode 100755 scripts/gen-randstruct-seed.sh

--
2.32.0