From: Greg Kroah-Hartman Date: Wed, 25 Jun 2025 08:45:17 +0000 (+0100) Subject: drop randstruct patches from 5.15 and older X-Git-Tag: v5.4.295~6 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0ef48133113582a104b98394242c054ee9ab0e45;p=thirdparty%2Fkernel%2Fstable-queue.git drop randstruct patches from 5.15 and older Odd build failures are happening. --- diff --git a/queue-5.10/randstruct-gcc-plugin-fix-attribute-addition.patch b/queue-5.10/randstruct-gcc-plugin-fix-attribute-addition.patch deleted file mode 100644 index 6106dd3623..0000000000 --- a/queue-5.10/randstruct-gcc-plugin-fix-attribute-addition.patch +++ /dev/null @@ -1,134 +0,0 @@ -From 2107f3cea2e7ca8efbda0a195561f183f5fdf394 Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Fri, 30 May 2025 15:18:28 -0700 -Subject: randstruct: gcc-plugin: Fix attribute addition - -From: Kees Cook - -[ Upstream commit f39f18f3c3531aa802b58a20d39d96e82eb96c14 ] - -Based on changes in the 2021 public version of the randstruct -out-of-tree GCC plugin[1], more carefully update the attributes on -resulting decls, to avoid tripping checks in GCC 15's -comptypes_check_enum_int() when it has been configured with -"--enable-checking=misc": - -arch/arm64/kernel/kexec_image.c:132:14: internal compiler error: in comptypes_check_enum_int, at c/c-typeck.cc:1519 - 132 | const struct kexec_file_ops kexec_image_ops = { - | ^~~~~~~~~~~~~~ - internal_error(char const*, ...), at gcc/gcc/diagnostic-global-context.cc:517 - fancy_abort(char const*, int, char const*), at gcc/gcc/diagnostic.cc:1803 - comptypes_check_enum_int(tree_node*, tree_node*, bool*), at gcc/gcc/c/c-typeck.cc:1519 - ... - -Link: https://archive.org/download/grsecurity/grsecurity-3.1-5.10.41-202105280954.patch.gz [1] -Reported-by: Thiago Jung Bauermann -Closes: https://github.com/KSPP/linux/issues/367 -Closes: https://lore.kernel.org/lkml/20250530000646.104457-1-thiago.bauermann@linaro.org/ -Reported-by: Ingo Saitz -Closes: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104745 -Fixes: 313dd1b62921 ("gcc-plugins: Add the randstruct plugin") -Tested-by: Thiago Jung Bauermann -Link: https://lore.kernel.org/r/20250530221824.work.623-kees@kernel.org -Signed-off-by: Kees Cook -Signed-off-by: Sasha Levin ---- - scripts/gcc-plugins/gcc-common.h | 32 +++++++++++++++++++ - scripts/gcc-plugins/randomize_layout_plugin.c | 22 ++++++------- - 2 files changed, 43 insertions(+), 11 deletions(-) - -diff --git a/scripts/gcc-plugins/gcc-common.h b/scripts/gcc-plugins/gcc-common.h -index 0c037b8845308..50fe17ce569c9 100644 ---- a/scripts/gcc-plugins/gcc-common.h -+++ b/scripts/gcc-plugins/gcc-common.h -@@ -185,6 +185,38 @@ static inline tree build_const_char_string(int len, const char *str) - return cstr; - } - -+static inline void __add_type_attr(tree type, const char *attr, tree args) -+{ -+ tree oldattr; -+ -+ if (type == NULL_TREE) -+ return; -+ oldattr = lookup_attribute(attr, TYPE_ATTRIBUTES(type)); -+ if (oldattr != NULL_TREE) { -+ gcc_assert(TREE_VALUE(oldattr) == args || TREE_VALUE(TREE_VALUE(oldattr)) == TREE_VALUE(args)); -+ return; -+ } -+ -+ TYPE_ATTRIBUTES(type) = copy_list(TYPE_ATTRIBUTES(type)); -+ TYPE_ATTRIBUTES(type) = tree_cons(get_identifier(attr), args, TYPE_ATTRIBUTES(type)); -+} -+ -+static inline void add_type_attr(tree type, const char *attr, tree args) -+{ -+ tree main_variant = TYPE_MAIN_VARIANT(type); -+ -+ __add_type_attr(TYPE_CANONICAL(type), attr, args); -+ __add_type_attr(TYPE_CANONICAL(main_variant), attr, args); -+ __add_type_attr(main_variant, attr, args); -+ -+ for (type = TYPE_NEXT_VARIANT(main_variant); type; type = TYPE_NEXT_VARIANT(type)) { -+ if (!lookup_attribute(attr, TYPE_ATTRIBUTES(type))) -+ TYPE_ATTRIBUTES(type) = TYPE_ATTRIBUTES(main_variant); -+ -+ __add_type_attr(TYPE_CANONICAL(type), attr, args); -+ } -+} -+ - #define PASS_INFO(NAME, REF, ID, POS) \ - struct register_pass_info NAME##_pass_info = { \ - .pass = make_##NAME##_pass(), \ -diff --git a/scripts/gcc-plugins/randomize_layout_plugin.c b/scripts/gcc-plugins/randomize_layout_plugin.c -index a5aea51ecca99..472427f169a4a 100644 ---- a/scripts/gcc-plugins/randomize_layout_plugin.c -+++ b/scripts/gcc-plugins/randomize_layout_plugin.c -@@ -95,6 +95,9 @@ static tree handle_randomize_layout_attr(tree *node, tree name, tree args, int f - - if (TYPE_P(*node)) { - type = *node; -+ } else if (TREE_CODE(*node) == FIELD_DECL) { -+ *no_add_attrs = false; -+ return NULL_TREE; - } else { - gcc_assert(TREE_CODE(*node) == TYPE_DECL); - type = TREE_TYPE(*node); -@@ -381,15 +384,14 @@ static int relayout_struct(tree type) - TREE_CHAIN(newtree[i]) = newtree[i+1]; - TREE_CHAIN(newtree[num_fields - 1]) = NULL_TREE; - -+ add_type_attr(type, "randomize_performed", NULL_TREE); -+ add_type_attr(type, "designated_init", NULL_TREE); -+ if (has_flexarray) -+ add_type_attr(type, "has_flexarray", NULL_TREE); -+ - main_variant = TYPE_MAIN_VARIANT(type); -- for (variant = main_variant; variant; variant = TYPE_NEXT_VARIANT(variant)) { -+ for (variant = main_variant; variant; variant = TYPE_NEXT_VARIANT(variant)) - TYPE_FIELDS(variant) = newtree[0]; -- TYPE_ATTRIBUTES(variant) = copy_list(TYPE_ATTRIBUTES(variant)); -- TYPE_ATTRIBUTES(variant) = tree_cons(get_identifier("randomize_performed"), NULL_TREE, TYPE_ATTRIBUTES(variant)); -- TYPE_ATTRIBUTES(variant) = tree_cons(get_identifier("designated_init"), NULL_TREE, TYPE_ATTRIBUTES(variant)); -- if (has_flexarray) -- TYPE_ATTRIBUTES(type) = tree_cons(get_identifier("has_flexarray"), NULL_TREE, TYPE_ATTRIBUTES(type)); -- } - - /* - * force a re-layout of the main variant -@@ -457,10 +459,8 @@ static void randomize_type(tree type) - if (lookup_attribute("randomize_layout", TYPE_ATTRIBUTES(TYPE_MAIN_VARIANT(type))) || is_pure_ops_struct(type)) - relayout_struct(type); - -- for (variant = TYPE_MAIN_VARIANT(type); variant; variant = TYPE_NEXT_VARIANT(variant)) { -- TYPE_ATTRIBUTES(type) = copy_list(TYPE_ATTRIBUTES(type)); -- TYPE_ATTRIBUTES(type) = tree_cons(get_identifier("randomize_considered"), NULL_TREE, TYPE_ATTRIBUTES(type)); -- } -+ add_type_attr(type, "randomize_considered", NULL_TREE); -+ - #ifdef __DEBUG_PLUGIN - fprintf(stderr, "Marking randomize_considered on struct %s\n", ORIG_TYPE_NAME(type)); - #ifdef __DEBUG_VERBOSE --- -2.39.5 - diff --git a/queue-5.10/randstruct-gcc-plugin-remove-bogus-void-member.patch b/queue-5.10/randstruct-gcc-plugin-remove-bogus-void-member.patch deleted file mode 100644 index 7e1a0ad3a8..0000000000 --- a/queue-5.10/randstruct-gcc-plugin-remove-bogus-void-member.patch +++ /dev/null @@ -1,119 +0,0 @@ -From 17c7c8f398bc703607bfe1360e581a5905a903dc Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Sat, 26 Apr 2025 00:37:52 -0700 -Subject: randstruct: gcc-plugin: Remove bogus void member -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -From: Kees Cook - -[ Upstream commit e136a4062174a9a8d1c1447ca040ea81accfa6a8 ] - -When building the randomized replacement tree of struct members, the -randstruct GCC plugin would insert, as the first member, a 0-sized void -member. This appears as though it was done to catch non-designated -("unnamed") static initializers, which wouldn't be stable since they -depend on the original struct layout order. - -This was accomplished by having the side-effect of the "void member" -tripping an assert in GCC internals (count_type_elements) if the member -list ever needed to be counted (e.g. for figuring out the order of members -during a non-designated initialization), which would catch impossible type -(void) in the struct: - -security/landlock/fs.c: In function ‘hook_file_ioctl_common’: -security/landlock/fs.c:1745:61: internal compiler error: in count_type_elements, at expr.cc:7075 - 1745 | .u.op = &(struct lsm_ioctlop_audit) { - | ^ - -static HOST_WIDE_INT -count_type_elements (const_tree type, bool for_ctor_p) -{ - switch (TREE_CODE (type)) -... - case VOID_TYPE: - default: - gcc_unreachable (); - } -} - -However this is a redundant safety measure since randstruct uses the -__designated_initializer attribute both internally and within the -__randomized_layout attribute macro so that this would be enforced -by the compiler directly even when randstruct was not enabled (via --Wdesignated-init). - -A recent change in Landlock ended up tripping the same member counting -routine when using a full-struct copy initializer as part of an anonymous -initializer. This, however, is a false positive as the initializer is -copying between identical structs (and hence identical layouts). The -"path" member is "struct path", a randomized struct, and is being copied -to from another "struct path", the "f_path" member: - - landlock_log_denial(landlock_cred(file->f_cred), &(struct landlock_request) { - .type = LANDLOCK_REQUEST_FS_ACCESS, - .audit = { - .type = LSM_AUDIT_DATA_IOCTL_OP, - .u.op = &(struct lsm_ioctlop_audit) { - .path = file->f_path, - .cmd = cmd, - }, - }, - ... - -As can be seen with the coming randstruct KUnit test, there appears to -be no behavioral problems with this kind of initialization when the void -member is removed from the randstruct GCC plugin, so remove it. - -Reported-by: "Dr. David Alan Gilbert" -Closes: https://lore.kernel.org/lkml/Z_PRaKx7q70MKgCA@gallifrey/ -Reported-by: Mark Brown -Closes: https://lore.kernel.org/lkml/20250407-kbuild-disable-gcc-plugins-v1-1-5d46ae583f5e@kernel.org/ -Reported-by: WangYuli -Closes: https://lore.kernel.org/lkml/337D5D4887277B27+3c677db3-a8b9-47f0-93a4-7809355f1381@uniontech.com/ -Fixes: 313dd1b62921 ("gcc-plugins: Add the randstruct plugin") -Signed-off-by: Kees Cook -Signed-off-by: Sasha Levin ---- - scripts/gcc-plugins/randomize_layout_plugin.c | 18 +----------------- - 1 file changed, 1 insertion(+), 17 deletions(-) - -diff --git a/scripts/gcc-plugins/randomize_layout_plugin.c b/scripts/gcc-plugins/randomize_layout_plugin.c -index c7ff92b4189cb..a5aea51ecca99 100644 ---- a/scripts/gcc-plugins/randomize_layout_plugin.c -+++ b/scripts/gcc-plugins/randomize_layout_plugin.c -@@ -377,29 +377,13 @@ static int relayout_struct(tree type) - - shuffle(type, (tree *)newtree, shuffle_length); - -- /* -- * set up a bogus anonymous struct field designed to error out on unnamed struct initializers -- * as gcc provides no other way to detect such code -- */ -- list = make_node(FIELD_DECL); -- TREE_CHAIN(list) = newtree[0]; -- TREE_TYPE(list) = void_type_node; -- DECL_SIZE(list) = bitsize_zero_node; -- DECL_NONADDRESSABLE_P(list) = 1; -- DECL_FIELD_BIT_OFFSET(list) = bitsize_zero_node; -- DECL_SIZE_UNIT(list) = size_zero_node; -- DECL_FIELD_OFFSET(list) = size_zero_node; -- DECL_CONTEXT(list) = type; -- // to satisfy the constify plugin -- TREE_READONLY(list) = 1; -- - for (i = 0; i < num_fields - 1; i++) - TREE_CHAIN(newtree[i]) = newtree[i+1]; - TREE_CHAIN(newtree[num_fields - 1]) = NULL_TREE; - - main_variant = TYPE_MAIN_VARIANT(type); - for (variant = main_variant; variant; variant = TYPE_NEXT_VARIANT(variant)) { -- TYPE_FIELDS(variant) = list; -+ TYPE_FIELDS(variant) = newtree[0]; - TYPE_ATTRIBUTES(variant) = copy_list(TYPE_ATTRIBUTES(variant)); - TYPE_ATTRIBUTES(variant) = tree_cons(get_identifier("randomize_performed"), NULL_TREE, TYPE_ATTRIBUTES(variant)); - TYPE_ATTRIBUTES(variant) = tree_cons(get_identifier("designated_init"), NULL_TREE, TYPE_ATTRIBUTES(variant)); --- -2.39.5 - diff --git a/queue-5.10/series b/queue-5.10/series index 7ba2f5ebae..9016b957ea 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -69,8 +69,6 @@ arm64-dts-rockchip-disable-unrouted-usb-controllers-.patch soc-aspeed-lpc-fix-impossible-judgment-condition.patch soc-aspeed-add-null-check-in-aspeed_lpc_enable_snoop.patch fbdev-core-fbcvt-avoid-division-by-0-in-fb_cvt_hperi.patch -randstruct-gcc-plugin-remove-bogus-void-member.patch -randstruct-gcc-plugin-fix-attribute-addition.patch perf-build-warn-when-libdebuginfod-devel-files-are-n.patch perf-ui-browser-hists-set-actions-thread-before-call.patch backlight-pm8941-add-null-check-in-wled_configure.patch diff --git a/queue-5.15/randstruct-gcc-plugin-fix-attribute-addition.patch b/queue-5.15/randstruct-gcc-plugin-fix-attribute-addition.patch deleted file mode 100644 index 45552581f8..0000000000 --- a/queue-5.15/randstruct-gcc-plugin-fix-attribute-addition.patch +++ /dev/null @@ -1,134 +0,0 @@ -From c7e8694ef8e1ea400494159e6e179d8f18f4efe6 Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Fri, 30 May 2025 15:18:28 -0700 -Subject: randstruct: gcc-plugin: Fix attribute addition - -From: Kees Cook - -[ Upstream commit f39f18f3c3531aa802b58a20d39d96e82eb96c14 ] - -Based on changes in the 2021 public version of the randstruct -out-of-tree GCC plugin[1], more carefully update the attributes on -resulting decls, to avoid tripping checks in GCC 15's -comptypes_check_enum_int() when it has been configured with -"--enable-checking=misc": - -arch/arm64/kernel/kexec_image.c:132:14: internal compiler error: in comptypes_check_enum_int, at c/c-typeck.cc:1519 - 132 | const struct kexec_file_ops kexec_image_ops = { - | ^~~~~~~~~~~~~~ - internal_error(char const*, ...), at gcc/gcc/diagnostic-global-context.cc:517 - fancy_abort(char const*, int, char const*), at gcc/gcc/diagnostic.cc:1803 - comptypes_check_enum_int(tree_node*, tree_node*, bool*), at gcc/gcc/c/c-typeck.cc:1519 - ... - -Link: https://archive.org/download/grsecurity/grsecurity-3.1-5.10.41-202105280954.patch.gz [1] -Reported-by: Thiago Jung Bauermann -Closes: https://github.com/KSPP/linux/issues/367 -Closes: https://lore.kernel.org/lkml/20250530000646.104457-1-thiago.bauermann@linaro.org/ -Reported-by: Ingo Saitz -Closes: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104745 -Fixes: 313dd1b62921 ("gcc-plugins: Add the randstruct plugin") -Tested-by: Thiago Jung Bauermann -Link: https://lore.kernel.org/r/20250530221824.work.623-kees@kernel.org -Signed-off-by: Kees Cook -Signed-off-by: Sasha Levin ---- - scripts/gcc-plugins/gcc-common.h | 32 +++++++++++++++++++ - scripts/gcc-plugins/randomize_layout_plugin.c | 22 ++++++------- - 2 files changed, 43 insertions(+), 11 deletions(-) - -diff --git a/scripts/gcc-plugins/gcc-common.h b/scripts/gcc-plugins/gcc-common.h -index cba1440993450..8658e9d220b69 100644 ---- a/scripts/gcc-plugins/gcc-common.h -+++ b/scripts/gcc-plugins/gcc-common.h -@@ -137,6 +137,38 @@ static inline tree build_const_char_string(int len, const char *str) - return cstr; - } - -+static inline void __add_type_attr(tree type, const char *attr, tree args) -+{ -+ tree oldattr; -+ -+ if (type == NULL_TREE) -+ return; -+ oldattr = lookup_attribute(attr, TYPE_ATTRIBUTES(type)); -+ if (oldattr != NULL_TREE) { -+ gcc_assert(TREE_VALUE(oldattr) == args || TREE_VALUE(TREE_VALUE(oldattr)) == TREE_VALUE(args)); -+ return; -+ } -+ -+ TYPE_ATTRIBUTES(type) = copy_list(TYPE_ATTRIBUTES(type)); -+ TYPE_ATTRIBUTES(type) = tree_cons(get_identifier(attr), args, TYPE_ATTRIBUTES(type)); -+} -+ -+static inline void add_type_attr(tree type, const char *attr, tree args) -+{ -+ tree main_variant = TYPE_MAIN_VARIANT(type); -+ -+ __add_type_attr(TYPE_CANONICAL(type), attr, args); -+ __add_type_attr(TYPE_CANONICAL(main_variant), attr, args); -+ __add_type_attr(main_variant, attr, args); -+ -+ for (type = TYPE_NEXT_VARIANT(main_variant); type; type = TYPE_NEXT_VARIANT(type)) { -+ if (!lookup_attribute(attr, TYPE_ATTRIBUTES(type))) -+ TYPE_ATTRIBUTES(type) = TYPE_ATTRIBUTES(main_variant); -+ -+ __add_type_attr(TYPE_CANONICAL(type), attr, args); -+ } -+} -+ - #define PASS_INFO(NAME, REF, ID, POS) \ - struct register_pass_info NAME##_pass_info = { \ - .pass = make_##NAME##_pass(), \ -diff --git a/scripts/gcc-plugins/randomize_layout_plugin.c b/scripts/gcc-plugins/randomize_layout_plugin.c -index a8595df5fb6e8..24155ce812664 100644 ---- a/scripts/gcc-plugins/randomize_layout_plugin.c -+++ b/scripts/gcc-plugins/randomize_layout_plugin.c -@@ -95,6 +95,9 @@ static tree handle_randomize_layout_attr(tree *node, tree name, tree args, int f - - if (TYPE_P(*node)) { - type = *node; -+ } else if (TREE_CODE(*node) == FIELD_DECL) { -+ *no_add_attrs = false; -+ return NULL_TREE; - } else { - gcc_assert(TREE_CODE(*node) == TYPE_DECL); - type = TREE_TYPE(*node); -@@ -381,15 +384,14 @@ static int relayout_struct(tree type) - TREE_CHAIN(newtree[i]) = newtree[i+1]; - TREE_CHAIN(newtree[num_fields - 1]) = NULL_TREE; - -+ add_type_attr(type, "randomize_performed", NULL_TREE); -+ add_type_attr(type, "designated_init", NULL_TREE); -+ if (has_flexarray) -+ add_type_attr(type, "has_flexarray", NULL_TREE); -+ - main_variant = TYPE_MAIN_VARIANT(type); -- for (variant = main_variant; variant; variant = TYPE_NEXT_VARIANT(variant)) { -+ for (variant = main_variant; variant; variant = TYPE_NEXT_VARIANT(variant)) - TYPE_FIELDS(variant) = newtree[0]; -- TYPE_ATTRIBUTES(variant) = copy_list(TYPE_ATTRIBUTES(variant)); -- TYPE_ATTRIBUTES(variant) = tree_cons(get_identifier("randomize_performed"), NULL_TREE, TYPE_ATTRIBUTES(variant)); -- TYPE_ATTRIBUTES(variant) = tree_cons(get_identifier("designated_init"), NULL_TREE, TYPE_ATTRIBUTES(variant)); -- if (has_flexarray) -- TYPE_ATTRIBUTES(type) = tree_cons(get_identifier("has_flexarray"), NULL_TREE, TYPE_ATTRIBUTES(type)); -- } - - /* - * force a re-layout of the main variant -@@ -457,10 +459,8 @@ static void randomize_type(tree type) - if (lookup_attribute("randomize_layout", TYPE_ATTRIBUTES(TYPE_MAIN_VARIANT(type))) || is_pure_ops_struct(type)) - relayout_struct(type); - -- for (variant = TYPE_MAIN_VARIANT(type); variant; variant = TYPE_NEXT_VARIANT(variant)) { -- TYPE_ATTRIBUTES(type) = copy_list(TYPE_ATTRIBUTES(type)); -- TYPE_ATTRIBUTES(type) = tree_cons(get_identifier("randomize_considered"), NULL_TREE, TYPE_ATTRIBUTES(type)); -- } -+ add_type_attr(type, "randomize_considered", NULL_TREE); -+ - #ifdef __DEBUG_PLUGIN - fprintf(stderr, "Marking randomize_considered on struct %s\n", ORIG_TYPE_NAME(type)); - #ifdef __DEBUG_VERBOSE --- -2.39.5 - diff --git a/queue-5.15/randstruct-gcc-plugin-remove-bogus-void-member.patch b/queue-5.15/randstruct-gcc-plugin-remove-bogus-void-member.patch deleted file mode 100644 index 25a90d28c8..0000000000 --- a/queue-5.15/randstruct-gcc-plugin-remove-bogus-void-member.patch +++ /dev/null @@ -1,119 +0,0 @@ -From a5303ea968e5db62968b511eebfa0d4d558e501b Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Sat, 26 Apr 2025 00:37:52 -0700 -Subject: randstruct: gcc-plugin: Remove bogus void member -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -From: Kees Cook - -[ Upstream commit e136a4062174a9a8d1c1447ca040ea81accfa6a8 ] - -When building the randomized replacement tree of struct members, the -randstruct GCC plugin would insert, as the first member, a 0-sized void -member. This appears as though it was done to catch non-designated -("unnamed") static initializers, which wouldn't be stable since they -depend on the original struct layout order. - -This was accomplished by having the side-effect of the "void member" -tripping an assert in GCC internals (count_type_elements) if the member -list ever needed to be counted (e.g. for figuring out the order of members -during a non-designated initialization), which would catch impossible type -(void) in the struct: - -security/landlock/fs.c: In function ‘hook_file_ioctl_common’: -security/landlock/fs.c:1745:61: internal compiler error: in count_type_elements, at expr.cc:7075 - 1745 | .u.op = &(struct lsm_ioctlop_audit) { - | ^ - -static HOST_WIDE_INT -count_type_elements (const_tree type, bool for_ctor_p) -{ - switch (TREE_CODE (type)) -... - case VOID_TYPE: - default: - gcc_unreachable (); - } -} - -However this is a redundant safety measure since randstruct uses the -__designated_initializer attribute both internally and within the -__randomized_layout attribute macro so that this would be enforced -by the compiler directly even when randstruct was not enabled (via --Wdesignated-init). - -A recent change in Landlock ended up tripping the same member counting -routine when using a full-struct copy initializer as part of an anonymous -initializer. This, however, is a false positive as the initializer is -copying between identical structs (and hence identical layouts). The -"path" member is "struct path", a randomized struct, and is being copied -to from another "struct path", the "f_path" member: - - landlock_log_denial(landlock_cred(file->f_cred), &(struct landlock_request) { - .type = LANDLOCK_REQUEST_FS_ACCESS, - .audit = { - .type = LSM_AUDIT_DATA_IOCTL_OP, - .u.op = &(struct lsm_ioctlop_audit) { - .path = file->f_path, - .cmd = cmd, - }, - }, - ... - -As can be seen with the coming randstruct KUnit test, there appears to -be no behavioral problems with this kind of initialization when the void -member is removed from the randstruct GCC plugin, so remove it. - -Reported-by: "Dr. David Alan Gilbert" -Closes: https://lore.kernel.org/lkml/Z_PRaKx7q70MKgCA@gallifrey/ -Reported-by: Mark Brown -Closes: https://lore.kernel.org/lkml/20250407-kbuild-disable-gcc-plugins-v1-1-5d46ae583f5e@kernel.org/ -Reported-by: WangYuli -Closes: https://lore.kernel.org/lkml/337D5D4887277B27+3c677db3-a8b9-47f0-93a4-7809355f1381@uniontech.com/ -Fixes: 313dd1b62921 ("gcc-plugins: Add the randstruct plugin") -Signed-off-by: Kees Cook -Signed-off-by: Sasha Levin ---- - scripts/gcc-plugins/randomize_layout_plugin.c | 18 +----------------- - 1 file changed, 1 insertion(+), 17 deletions(-) - -diff --git a/scripts/gcc-plugins/randomize_layout_plugin.c b/scripts/gcc-plugins/randomize_layout_plugin.c -index 60e9359a71a50..a8595df5fb6e8 100644 ---- a/scripts/gcc-plugins/randomize_layout_plugin.c -+++ b/scripts/gcc-plugins/randomize_layout_plugin.c -@@ -377,29 +377,13 @@ static int relayout_struct(tree type) - - shuffle(type, (tree *)newtree, shuffle_length); - -- /* -- * set up a bogus anonymous struct field designed to error out on unnamed struct initializers -- * as gcc provides no other way to detect such code -- */ -- list = make_node(FIELD_DECL); -- TREE_CHAIN(list) = newtree[0]; -- TREE_TYPE(list) = void_type_node; -- DECL_SIZE(list) = bitsize_zero_node; -- DECL_NONADDRESSABLE_P(list) = 1; -- DECL_FIELD_BIT_OFFSET(list) = bitsize_zero_node; -- DECL_SIZE_UNIT(list) = size_zero_node; -- DECL_FIELD_OFFSET(list) = size_zero_node; -- DECL_CONTEXT(list) = type; -- // to satisfy the constify plugin -- TREE_READONLY(list) = 1; -- - for (i = 0; i < num_fields - 1; i++) - TREE_CHAIN(newtree[i]) = newtree[i+1]; - TREE_CHAIN(newtree[num_fields - 1]) = NULL_TREE; - - main_variant = TYPE_MAIN_VARIANT(type); - for (variant = main_variant; variant; variant = TYPE_NEXT_VARIANT(variant)) { -- TYPE_FIELDS(variant) = list; -+ TYPE_FIELDS(variant) = newtree[0]; - TYPE_ATTRIBUTES(variant) = copy_list(TYPE_ATTRIBUTES(variant)); - TYPE_ATTRIBUTES(variant) = tree_cons(get_identifier("randomize_performed"), NULL_TREE, TYPE_ATTRIBUTES(variant)); - TYPE_ATTRIBUTES(variant) = tree_cons(get_identifier("designated_init"), NULL_TREE, TYPE_ATTRIBUTES(variant)); --- -2.39.5 - diff --git a/queue-5.15/series b/queue-5.15/series index 9d3a5389af..0d76d5b232 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -86,8 +86,6 @@ arm64-dts-rockchip-disable-unrouted-usb-controllers-.patch soc-aspeed-lpc-fix-impossible-judgment-condition.patch soc-aspeed-add-null-check-in-aspeed_lpc_enable_snoop.patch fbdev-core-fbcvt-avoid-division-by-0-in-fb_cvt_hperi.patch -randstruct-gcc-plugin-remove-bogus-void-member.patch -randstruct-gcc-plugin-fix-attribute-addition.patch perf-build-warn-when-libdebuginfod-devel-files-are-n.patch perf-ui-browser-hists-set-actions-thread-before-call.patch backlight-pm8941-add-null-check-in-wled_configure.patch diff --git a/queue-5.4/randstruct-gcc-plugin-fix-attribute-addition.patch b/queue-5.4/randstruct-gcc-plugin-fix-attribute-addition.patch deleted file mode 100644 index 8c674cb843..0000000000 --- a/queue-5.4/randstruct-gcc-plugin-fix-attribute-addition.patch +++ /dev/null @@ -1,134 +0,0 @@ -From ee29ee2e45a6dd5a33a2726c3ea338be92fad321 Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Fri, 30 May 2025 15:18:28 -0700 -Subject: randstruct: gcc-plugin: Fix attribute addition - -From: Kees Cook - -[ Upstream commit f39f18f3c3531aa802b58a20d39d96e82eb96c14 ] - -Based on changes in the 2021 public version of the randstruct -out-of-tree GCC plugin[1], more carefully update the attributes on -resulting decls, to avoid tripping checks in GCC 15's -comptypes_check_enum_int() when it has been configured with -"--enable-checking=misc": - -arch/arm64/kernel/kexec_image.c:132:14: internal compiler error: in comptypes_check_enum_int, at c/c-typeck.cc:1519 - 132 | const struct kexec_file_ops kexec_image_ops = { - | ^~~~~~~~~~~~~~ - internal_error(char const*, ...), at gcc/gcc/diagnostic-global-context.cc:517 - fancy_abort(char const*, int, char const*), at gcc/gcc/diagnostic.cc:1803 - comptypes_check_enum_int(tree_node*, tree_node*, bool*), at gcc/gcc/c/c-typeck.cc:1519 - ... - -Link: https://archive.org/download/grsecurity/grsecurity-3.1-5.10.41-202105280954.patch.gz [1] -Reported-by: Thiago Jung Bauermann -Closes: https://github.com/KSPP/linux/issues/367 -Closes: https://lore.kernel.org/lkml/20250530000646.104457-1-thiago.bauermann@linaro.org/ -Reported-by: Ingo Saitz -Closes: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104745 -Fixes: 313dd1b62921 ("gcc-plugins: Add the randstruct plugin") -Tested-by: Thiago Jung Bauermann -Link: https://lore.kernel.org/r/20250530221824.work.623-kees@kernel.org -Signed-off-by: Kees Cook -Signed-off-by: Sasha Levin ---- - scripts/gcc-plugins/gcc-common.h | 32 +++++++++++++++++++ - scripts/gcc-plugins/randomize_layout_plugin.c | 22 ++++++------- - 2 files changed, 43 insertions(+), 11 deletions(-) - -diff --git a/scripts/gcc-plugins/gcc-common.h b/scripts/gcc-plugins/gcc-common.h -index 0907ab19202a1..6ec887ae71b64 100644 ---- a/scripts/gcc-plugins/gcc-common.h -+++ b/scripts/gcc-plugins/gcc-common.h -@@ -182,6 +182,38 @@ static inline tree build_const_char_string(int len, const char *str) - return cstr; - } - -+static inline void __add_type_attr(tree type, const char *attr, tree args) -+{ -+ tree oldattr; -+ -+ if (type == NULL_TREE) -+ return; -+ oldattr = lookup_attribute(attr, TYPE_ATTRIBUTES(type)); -+ if (oldattr != NULL_TREE) { -+ gcc_assert(TREE_VALUE(oldattr) == args || TREE_VALUE(TREE_VALUE(oldattr)) == TREE_VALUE(args)); -+ return; -+ } -+ -+ TYPE_ATTRIBUTES(type) = copy_list(TYPE_ATTRIBUTES(type)); -+ TYPE_ATTRIBUTES(type) = tree_cons(get_identifier(attr), args, TYPE_ATTRIBUTES(type)); -+} -+ -+static inline void add_type_attr(tree type, const char *attr, tree args) -+{ -+ tree main_variant = TYPE_MAIN_VARIANT(type); -+ -+ __add_type_attr(TYPE_CANONICAL(type), attr, args); -+ __add_type_attr(TYPE_CANONICAL(main_variant), attr, args); -+ __add_type_attr(main_variant, attr, args); -+ -+ for (type = TYPE_NEXT_VARIANT(main_variant); type; type = TYPE_NEXT_VARIANT(type)) { -+ if (!lookup_attribute(attr, TYPE_ATTRIBUTES(type))) -+ TYPE_ATTRIBUTES(type) = TYPE_ATTRIBUTES(main_variant); -+ -+ __add_type_attr(TYPE_CANONICAL(type), attr, args); -+ } -+} -+ - #define PASS_INFO(NAME, REF, ID, POS) \ - struct register_pass_info NAME##_pass_info = { \ - .pass = make_##NAME##_pass(), \ -diff --git a/scripts/gcc-plugins/randomize_layout_plugin.c b/scripts/gcc-plugins/randomize_layout_plugin.c -index a5aea51ecca99..472427f169a4a 100644 ---- a/scripts/gcc-plugins/randomize_layout_plugin.c -+++ b/scripts/gcc-plugins/randomize_layout_plugin.c -@@ -95,6 +95,9 @@ static tree handle_randomize_layout_attr(tree *node, tree name, tree args, int f - - if (TYPE_P(*node)) { - type = *node; -+ } else if (TREE_CODE(*node) == FIELD_DECL) { -+ *no_add_attrs = false; -+ return NULL_TREE; - } else { - gcc_assert(TREE_CODE(*node) == TYPE_DECL); - type = TREE_TYPE(*node); -@@ -381,15 +384,14 @@ static int relayout_struct(tree type) - TREE_CHAIN(newtree[i]) = newtree[i+1]; - TREE_CHAIN(newtree[num_fields - 1]) = NULL_TREE; - -+ add_type_attr(type, "randomize_performed", NULL_TREE); -+ add_type_attr(type, "designated_init", NULL_TREE); -+ if (has_flexarray) -+ add_type_attr(type, "has_flexarray", NULL_TREE); -+ - main_variant = TYPE_MAIN_VARIANT(type); -- for (variant = main_variant; variant; variant = TYPE_NEXT_VARIANT(variant)) { -+ for (variant = main_variant; variant; variant = TYPE_NEXT_VARIANT(variant)) - TYPE_FIELDS(variant) = newtree[0]; -- TYPE_ATTRIBUTES(variant) = copy_list(TYPE_ATTRIBUTES(variant)); -- TYPE_ATTRIBUTES(variant) = tree_cons(get_identifier("randomize_performed"), NULL_TREE, TYPE_ATTRIBUTES(variant)); -- TYPE_ATTRIBUTES(variant) = tree_cons(get_identifier("designated_init"), NULL_TREE, TYPE_ATTRIBUTES(variant)); -- if (has_flexarray) -- TYPE_ATTRIBUTES(type) = tree_cons(get_identifier("has_flexarray"), NULL_TREE, TYPE_ATTRIBUTES(type)); -- } - - /* - * force a re-layout of the main variant -@@ -457,10 +459,8 @@ static void randomize_type(tree type) - if (lookup_attribute("randomize_layout", TYPE_ATTRIBUTES(TYPE_MAIN_VARIANT(type))) || is_pure_ops_struct(type)) - relayout_struct(type); - -- for (variant = TYPE_MAIN_VARIANT(type); variant; variant = TYPE_NEXT_VARIANT(variant)) { -- TYPE_ATTRIBUTES(type) = copy_list(TYPE_ATTRIBUTES(type)); -- TYPE_ATTRIBUTES(type) = tree_cons(get_identifier("randomize_considered"), NULL_TREE, TYPE_ATTRIBUTES(type)); -- } -+ add_type_attr(type, "randomize_considered", NULL_TREE); -+ - #ifdef __DEBUG_PLUGIN - fprintf(stderr, "Marking randomize_considered on struct %s\n", ORIG_TYPE_NAME(type)); - #ifdef __DEBUG_VERBOSE --- -2.39.5 - diff --git a/queue-5.4/randstruct-gcc-plugin-remove-bogus-void-member.patch b/queue-5.4/randstruct-gcc-plugin-remove-bogus-void-member.patch deleted file mode 100644 index a44e572ab2..0000000000 --- a/queue-5.4/randstruct-gcc-plugin-remove-bogus-void-member.patch +++ /dev/null @@ -1,119 +0,0 @@ -From 1277732ff03465d088cd0b647f73c0431dcc772f Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Sat, 26 Apr 2025 00:37:52 -0700 -Subject: randstruct: gcc-plugin: Remove bogus void member -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -From: Kees Cook - -[ Upstream commit e136a4062174a9a8d1c1447ca040ea81accfa6a8 ] - -When building the randomized replacement tree of struct members, the -randstruct GCC plugin would insert, as the first member, a 0-sized void -member. This appears as though it was done to catch non-designated -("unnamed") static initializers, which wouldn't be stable since they -depend on the original struct layout order. - -This was accomplished by having the side-effect of the "void member" -tripping an assert in GCC internals (count_type_elements) if the member -list ever needed to be counted (e.g. for figuring out the order of members -during a non-designated initialization), which would catch impossible type -(void) in the struct: - -security/landlock/fs.c: In function ‘hook_file_ioctl_common’: -security/landlock/fs.c:1745:61: internal compiler error: in count_type_elements, at expr.cc:7075 - 1745 | .u.op = &(struct lsm_ioctlop_audit) { - | ^ - -static HOST_WIDE_INT -count_type_elements (const_tree type, bool for_ctor_p) -{ - switch (TREE_CODE (type)) -... - case VOID_TYPE: - default: - gcc_unreachable (); - } -} - -However this is a redundant safety measure since randstruct uses the -__designated_initializer attribute both internally and within the -__randomized_layout attribute macro so that this would be enforced -by the compiler directly even when randstruct was not enabled (via --Wdesignated-init). - -A recent change in Landlock ended up tripping the same member counting -routine when using a full-struct copy initializer as part of an anonymous -initializer. This, however, is a false positive as the initializer is -copying between identical structs (and hence identical layouts). The -"path" member is "struct path", a randomized struct, and is being copied -to from another "struct path", the "f_path" member: - - landlock_log_denial(landlock_cred(file->f_cred), &(struct landlock_request) { - .type = LANDLOCK_REQUEST_FS_ACCESS, - .audit = { - .type = LSM_AUDIT_DATA_IOCTL_OP, - .u.op = &(struct lsm_ioctlop_audit) { - .path = file->f_path, - .cmd = cmd, - }, - }, - ... - -As can be seen with the coming randstruct KUnit test, there appears to -be no behavioral problems with this kind of initialization when the void -member is removed from the randstruct GCC plugin, so remove it. - -Reported-by: "Dr. David Alan Gilbert" -Closes: https://lore.kernel.org/lkml/Z_PRaKx7q70MKgCA@gallifrey/ -Reported-by: Mark Brown -Closes: https://lore.kernel.org/lkml/20250407-kbuild-disable-gcc-plugins-v1-1-5d46ae583f5e@kernel.org/ -Reported-by: WangYuli -Closes: https://lore.kernel.org/lkml/337D5D4887277B27+3c677db3-a8b9-47f0-93a4-7809355f1381@uniontech.com/ -Fixes: 313dd1b62921 ("gcc-plugins: Add the randstruct plugin") -Signed-off-by: Kees Cook -Signed-off-by: Sasha Levin ---- - scripts/gcc-plugins/randomize_layout_plugin.c | 18 +----------------- - 1 file changed, 1 insertion(+), 17 deletions(-) - -diff --git a/scripts/gcc-plugins/randomize_layout_plugin.c b/scripts/gcc-plugins/randomize_layout_plugin.c -index c7ff92b4189cb..a5aea51ecca99 100644 ---- a/scripts/gcc-plugins/randomize_layout_plugin.c -+++ b/scripts/gcc-plugins/randomize_layout_plugin.c -@@ -377,29 +377,13 @@ static int relayout_struct(tree type) - - shuffle(type, (tree *)newtree, shuffle_length); - -- /* -- * set up a bogus anonymous struct field designed to error out on unnamed struct initializers -- * as gcc provides no other way to detect such code -- */ -- list = make_node(FIELD_DECL); -- TREE_CHAIN(list) = newtree[0]; -- TREE_TYPE(list) = void_type_node; -- DECL_SIZE(list) = bitsize_zero_node; -- DECL_NONADDRESSABLE_P(list) = 1; -- DECL_FIELD_BIT_OFFSET(list) = bitsize_zero_node; -- DECL_SIZE_UNIT(list) = size_zero_node; -- DECL_FIELD_OFFSET(list) = size_zero_node; -- DECL_CONTEXT(list) = type; -- // to satisfy the constify plugin -- TREE_READONLY(list) = 1; -- - for (i = 0; i < num_fields - 1; i++) - TREE_CHAIN(newtree[i]) = newtree[i+1]; - TREE_CHAIN(newtree[num_fields - 1]) = NULL_TREE; - - main_variant = TYPE_MAIN_VARIANT(type); - for (variant = main_variant; variant; variant = TYPE_NEXT_VARIANT(variant)) { -- TYPE_FIELDS(variant) = list; -+ TYPE_FIELDS(variant) = newtree[0]; - TYPE_ATTRIBUTES(variant) = copy_list(TYPE_ATTRIBUTES(variant)); - TYPE_ATTRIBUTES(variant) = tree_cons(get_identifier("randomize_performed"), NULL_TREE, TYPE_ATTRIBUTES(variant)); - TYPE_ATTRIBUTES(variant) = tree_cons(get_identifier("designated_init"), NULL_TREE, TYPE_ATTRIBUTES(variant)); --- -2.39.5 - diff --git a/queue-5.4/series b/queue-5.4/series index 2a4b1d452a..9c791ca9bc 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -50,8 +50,6 @@ arm64-dts-rockchip-disable-unrouted-usb-controllers-.patch soc-aspeed-lpc-fix-impossible-judgment-condition.patch soc-aspeed-add-null-check-in-aspeed_lpc_enable_snoop.patch fbdev-core-fbcvt-avoid-division-by-0-in-fb_cvt_hperi.patch -randstruct-gcc-plugin-remove-bogus-void-member.patch -randstruct-gcc-plugin-fix-attribute-addition.patch perf-ui-browser-hists-set-actions-thread-before-call.patch perf-scripts-python-exported-sql-viewer.py-fix-patte.patch rpmsg-qcom_smd-fix-uninitialized-return-variable-in-.patch