Skip to content

Commit 8acdf50

Browse files
keeskees
committed
randstruct: opt-out externally exposed function pointer structs
Some function pointer structures are used externally to the kernel, like the paravirt structures. These should never be randomized, so mark them as such, in preparation for enabling randstruct's automatic selection of all-function-pointer structures. These markings are verbatim from Brad Spengler/PaX Team's code in the last public patch of grsecurity/PaX based on my understanding of the code. Changes or omissions from the original code are mine and don't reflect the original grsecurity/PaX code. Signed-off-by: Kees Cook <keescook@chromium.org>
1 parent 29e48ce commit 8acdf50

File tree

2 files changed

+9
-9
lines changed

2 files changed

+9
-9
lines changed

arch/arm/include/asm/cacheflush.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -116,7 +116,7 @@ struct cpu_cache_fns {
116116
void (*dma_unmap_area)(const void *, size_t, int);
117117

118118
void (*dma_flush_range)(const void *, const void *);
119-
};
119+
} __no_randomize_layout;
120120

121121
/*
122122
* Select the calling method

arch/x86/include/asm/paravirt_types.h

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -83,20 +83,20 @@ struct pv_init_ops {
8383
*/
8484
unsigned (*patch)(u8 type, u16 clobber, void *insnbuf,
8585
unsigned long addr, unsigned len);
86-
};
86+
} __no_randomize_layout;
8787

8888

8989
struct pv_lazy_ops {
9090
/* Set deferred update mode, used for batching operations. */
9191
void (*enter)(void);
9292
void (*leave)(void);
9393
void (*flush)(void);
94-
};
94+
} __no_randomize_layout;
9595

9696
struct pv_time_ops {
9797
unsigned long long (*sched_clock)(void);
9898
unsigned long long (*steal_clock)(int cpu);
99-
};
99+
} __no_randomize_layout;
100100

101101
struct pv_cpu_ops {
102102
/* hooks for various privileged instructions */
@@ -175,7 +175,7 @@ struct pv_cpu_ops {
175175

176176
void (*start_context_switch)(struct task_struct *prev);
177177
void (*end_context_switch)(struct task_struct *next);
178-
};
178+
} __no_randomize_layout;
179179

180180
struct pv_irq_ops {
181181
/*
@@ -198,7 +198,7 @@ struct pv_irq_ops {
198198
#ifdef CONFIG_X86_64
199199
void (*adjust_exception_frame)(void);
200200
#endif
201-
};
201+
} __no_randomize_layout;
202202

203203
struct pv_mmu_ops {
204204
unsigned long (*read_cr2)(void);
@@ -306,7 +306,7 @@ struct pv_mmu_ops {
306306
an mfn. We can tell which is which from the index. */
307307
void (*set_fixmap)(unsigned /* enum fixed_addresses */ idx,
308308
phys_addr_t phys, pgprot_t flags);
309-
};
309+
} __no_randomize_layout;
310310

311311
struct arch_spinlock;
312312
#ifdef CONFIG_SMP
@@ -323,7 +323,7 @@ struct pv_lock_ops {
323323
void (*kick)(int cpu);
324324

325325
struct paravirt_callee_save vcpu_is_preempted;
326-
};
326+
} __no_randomize_layout;
327327

328328
/* This contains all the paravirt structures: we get a convenient
329329
* number for each function using the offset which we use to indicate
@@ -335,7 +335,7 @@ struct paravirt_patch_template {
335335
struct pv_irq_ops pv_irq_ops;
336336
struct pv_mmu_ops pv_mmu_ops;
337337
struct pv_lock_ops pv_lock_ops;
338-
};
338+
} __no_randomize_layout;
339339

340340
extern struct pv_info pv_info;
341341
extern struct pv_init_ops pv_init_ops;

0 commit comments

Comments
 (0)