releases/5.19.9/efi-libstub-disable-struct-randomization.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From 1a3887924a7e6edd331be76da7bf4c1e8eab4b1e Mon Sep 17 00:00:00 2001
 From: Ard Biesheuvel <ardb@kernel.org>
 Date: Mon, 22 Aug 2022 19:20:33 +0200
 Subject: efi: libstub: Disable struct randomization

 From: Ard Biesheuvel <ardb@kernel.org>

 commit 1a3887924a7e6edd331be76da7bf4c1e8eab4b1e upstream.

 The EFI stub is a wrapper around the core kernel that makes it look like
 a EFI compatible PE/COFF application to the EFI firmware. EFI
 applications run on top of the EFI runtime, which is heavily based on
 so-called protocols, which are struct types consisting [mostly] of
 function pointer members that are instantiated and recorded in a
 protocol database.

 These structs look like the ideal randomization candidates to the
 randstruct plugin (as they only carry function pointers), but of course,
 these protocols are contracts between the firmware that exposes them,
 and the EFI applications (including our stubbed kernel) that invoke
 them. This means that struct randomization for EFI protocols is not a
 great idea, and given that the stub shares very little data with the
 core kernel that is represented as a randomizable struct, we're better
 off just disabling it completely here.

 Cc: <stable@vger.kernel.org> # v4.14+
 Reported-by: Daniel Marth <daniel.marth@inso.tuwien.ac.at>
 Tested-by: Daniel Marth <daniel.marth@inso.tuwien.ac.at>
 Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
 Acked-by: Kees Cook <keescook@chromium.org>
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 ---
  drivers/firmware/efi/libstub/Makefile |    7 +++++++
  1 file changed, 7 insertions(+)

 --- a/drivers/firmware/efi/libstub/Makefile
 +++ b/drivers/firmware/efi/libstub/Makefile
 @@ -37,6 +37,13 @@ KBUILD_CFLAGS			:= $(cflags-y) -Os -DDIS
  				   $(call cc-option,-fno-addrsig) \
  				   -D__DISABLE_EXPORTS

 +#
 +# struct randomization only makes sense for Linux internal types, which the EFI
 +# stub code never touches, so let's turn off struct randomization for the stub
 +# altogether
 +#
 +KBUILD_CFLAGS := $(filter-out $(RANDSTRUCT_CFLAGS), $(KBUILD_CFLAGS))
 +
  # remove SCS flags from all objects in this directory
  KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_SCS), $(KBUILD_CFLAGS))
  # disable LTO
	From 1a3887924a7e6edd331be76da7bf4c1e8eab4b1e Mon Sep 17 00:00:00 2001
	From: Ard Biesheuvel <ardb@kernel.org>
	Date: Mon, 22 Aug 2022 19:20:33 +0200
	Subject: efi: libstub: Disable struct randomization

	From: Ard Biesheuvel <ardb@kernel.org>

	commit 1a3887924a7e6edd331be76da7bf4c1e8eab4b1e upstream.

	The EFI stub is a wrapper around the core kernel that makes it look like
	a EFI compatible PE/COFF application to the EFI firmware. EFI
	applications run on top of the EFI runtime, which is heavily based on
	so-called protocols, which are struct types consisting [mostly] of
	function pointer members that are instantiated and recorded in a
	protocol database.

	These structs look like the ideal randomization candidates to the
	randstruct plugin (as they only carry function pointers), but of course,
	these protocols are contracts between the firmware that exposes them,
	and the EFI applications (including our stubbed kernel) that invoke
	them. This means that struct randomization for EFI protocols is not a
	great idea, and given that the stub shares very little data with the
	core kernel that is represented as a randomizable struct, we're better
	off just disabling it completely here.

	Cc: <stable@vger.kernel.org> # v4.14+
	Reported-by: Daniel Marth <daniel.marth@inso.tuwien.ac.at>
	Tested-by: Daniel Marth <daniel.marth@inso.tuwien.ac.at>
	Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
	Acked-by: Kees Cook <keescook@chromium.org>
	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	---
	drivers/firmware/efi/libstub/Makefile \| 7 +++++++
	1 file changed, 7 insertions(+)

	--- a/drivers/firmware/efi/libstub/Makefile
	+++ b/drivers/firmware/efi/libstub/Makefile
	@@ -37,6 +37,13 @@ KBUILD_CFLAGS := $(cflags-y) -Os -DDIS
	$(call cc-option,-fno-addrsig) \
	-D__DISABLE_EXPORTS

	+#
	+# struct randomization only makes sense for Linux internal types, which the EFI
	+# stub code never touches, so let's turn off struct randomization for the stub
	+# altogether
	+#
	+KBUILD_CFLAGS := $(filter-out $(RANDSTRUCT_CFLAGS), $(KBUILD_CFLAGS))
	+
	# remove SCS flags from all objects in this directory
	KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_SCS), $(KBUILD_CFLAGS))
	# disable LTO