Commit be2b34fa authored May 03, 2022 by Kees Cook

randstruct: Move seed generation into scripts/basic/



To enable Clang randstruct support, move the structure layout
randomization seed generation out of scripts/gcc-plugins/ into
scripts/basic/ so it happens early enough that it can be used by either
compiler implementation. The gcc-plugin still builds its own header file,
but now does so from the common "randstruct.seed" file.

Cc: linux-hardening@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20220503205503.3054173-6-keescook@chromium.org

parent 613f4b3e

Documentation/dontdiff

+1 −0

Original line number	Diff line number	Diff line
		@@ -211,6 +211,7 @@ r200_reg_safe.h
		r300_reg_safe.h
		r420_reg_safe.h
		r600_reg_safe.h
		randstruct.seed
		randomize_layout_hash.h
		randomize_layout_seed.h
		recordmcount

Documentation/kbuild/reproducible-builds.rst

+3 −2

Original line number	Diff line number	Diff line
		@@ -100,8 +100,9 @@ Structure randomisation
		-----------------------

		If you enable ``CONFIG_RANDSTRUCT``, you will need to pre-generate
		the random seed in ``scripts/gcc-plugins/randomize_layout_seed.h``
		so the same value is used in rebuilds.
		the random seed in ``scripts/basic/randstruct.seed`` so the same
		value is used by each build. See ``scripts/gen-randstruct-seed.sh``
		for details.

		Debug info conflicts
		--------------------

include/linux/vermagic.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -33,7 +33,7 @@
		#define MODULE_VERMAGIC_MODVERSIONS ""
		#endif
		#ifdef RANDSTRUCT
		#include <generated/randomize_layout_hash.h>
		#include <generated/randstruct_hash.h>
		#define MODULE_RANDSTRUCT "RANDSTRUCT_" RANDSTRUCT_HASHED_SEED
		#else
		#define MODULE_RANDSTRUCT

scripts/basic/.gitignore

+1 −0

Original line number	Diff line number	Diff line
		# SPDX-License-Identifier: GPL-2.0-only
		/fixdep
		/randstruct.seed

scripts/basic/Makefile

+11 −0

Original line number	Diff line number	Diff line
		@@ -3,3 +3,14 @@
		# fixdep: used to generate dependency information during build process

		hostprogs-always-y += fixdep

		# randstruct: the seed is needed before building the gcc-plugin or
		# before running a Clang kernel build.
		gen-randstruct-seed := $(srctree)/scripts/gen-randstruct-seed.sh
		quiet_cmd_create_randstruct_seed = GENSEED $@
		cmd_create_randstruct_seed = \
		$(CONFIG_SHELL) $(gen-randstruct-seed) \
		$@ $(objtree)/include/generated/randstruct_hash.h
		$(obj)/randstruct.seed: $(gen-randstruct-seed) FORCE
		$(call if_changed,create_randstruct_seed)
		always-$(CONFIG_RANDSTRUCT) += randstruct.seed