diff options
author | Kees Cook <keescook@chromium.org> | 2022-05-03 13:55:02 -0700 |
---|---|---|
committer | Kees Cook <keescook@chromium.org> | 2022-05-08 01:33:07 -0700 |
commit | be2b34fa9be31c60a95989f984c9a5d40cd781b6 (patch) | |
tree | a1b5f247ac20de2866d52ea68930b47268366efc /security | |
parent | 613f4b3ed7902d1dbbc6ade6401e452a63dfbc21 (diff) |
randstruct: Move seed generation into scripts/basic/
To enable Clang randstruct support, move the structure layout
randomization seed generation out of scripts/gcc-plugins/ into
scripts/basic/ so it happens early enough that it can be used by either
compiler implementation. The gcc-plugin still builds its own header file,
but now does so from the common "randstruct.seed" file.
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20220503205503.3054173-6-keescook@chromium.org
Diffstat (limited to 'security')
-rw-r--r-- | security/Kconfig.hardening | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening index 364e3f8c6eea..0277ba578779 100644 --- a/security/Kconfig.hardening +++ b/security/Kconfig.hardening @@ -284,10 +284,11 @@ choice tools like Volatility against the system (unless the kernel source tree isn't cleaned after kernel installation). - The seed used for compilation is located at - scripts/randomize_layout_seed.h. It remains after a "make clean" - to allow for external modules to be compiled with the existing - seed and will be removed by a "make mrproper" or "make distclean". + The seed used for compilation is in scripts/basic/randomize.seed. + It remains after a "make clean" to allow for external modules to + be compiled with the existing seed and will be removed by a + "make mrproper" or "make distclean". This file should not be made + public, or the structure layout can be determined. config RANDSTRUCT_NONE bool "Disable structure layout randomization" |