[PATCH v2 08/20] randstruct: Whitelist NIU struct page overloading

From: Kees Cook
Date: Fri May 26 2017 - 21:11:46 EST


The NIU ethernet driver intentionally stores a page struct pointer on
top of the "mapping" field. Whitelist this case:

drivers/net/ethernet/sun/niu.c: In function âniu_rx_pkt_ignoreâ:
drivers/net/ethernet/sun/niu.c:3402:10: note: found mismatched ssa struct pointer types: âstruct pageâ and âstruct address_spaceâ

*link = (struct page *) page->mapping;
~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Cc: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
---
scripts/gcc-plugins/randomize_layout_plugin.c | 2 ++
1 file changed, 2 insertions(+)

diff --git a/scripts/gcc-plugins/randomize_layout_plugin.c b/scripts/gcc-plugins/randomize_layout_plugin.c
index 5f4e59a78eeb..f777ead58ba8 100644
--- a/scripts/gcc-plugins/randomize_layout_plugin.c
+++ b/scripts/gcc-plugins/randomize_layout_plugin.c
@@ -43,6 +43,8 @@ struct whitelist_entry {
};

static const struct whitelist_entry whitelist[] = {
+ /* NIU overloads mapping with page struct */
+ { "drivers/net/ethernet/sun/niu.c", "page", "address_space" },
/* unix_skb_parms via UNIXCB() buffer */
{ "net/unix/af_unix.c", "unix_skb_parms", "char" },
/* big_key payload.data struct splashing */
--
2.7.4