I believe this was originally reported by the grsecurity team who tweeted about it (link below).
RANDSTRUCT derives its hardening benefits from the attacker's lack of knowledge about the layout of kernel data structures. Keep the kernel image non-global in cases where RANDSTRUCT is in use to help keep the layout a secret. Signed-off-by: Dave Hansen <[email protected]> Reported-by: Kees Cook <[email protected]> Link: https://twitter.com/grsecurity/status/985678720630476800 Fixes: 8c06c7740 (x86/pti: Leave kernel text global for !PCID) Cc: Andrea Arcangeli <[email protected]> Cc: Andy Lutomirski <[email protected]> Cc: Arjan van de Ven <[email protected]> Cc: Borislav Petkov <[email protected]> Cc: Dan Williams <[email protected]> Cc: David Woodhouse <[email protected]> Cc: Greg Kroah-Hartman <[email protected]> Cc: Hugh Dickins <[email protected]> Cc: Josh Poimboeuf <[email protected]> Cc: Juergen Gross <[email protected]> Cc: Kees Cook <[email protected]> Cc: Linus Torvalds <[email protected]> Cc: Nadav Amit <[email protected]> Cc: Peter Zijlstra <[email protected]> Cc: Thomas Gleixner <[email protected]> Cc: Vlastimil Babka <[email protected]> Cc: [email protected] --- b/arch/x86/mm/pti.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff -puN arch/x86/mm/pti.c~pti-glb-disable-with-compile-options arch/x86/mm/pti.c --- a/arch/x86/mm/pti.c~pti-glb-disable-with-compile-options 2018-04-20 14:10:02.702749165 -0700 +++ b/arch/x86/mm/pti.c 2018-04-20 14:10:02.706749165 -0700 @@ -421,6 +421,16 @@ static inline bool pti_kernel_image_glob if (boot_cpu_has(X86_FEATURE_K8)) return false; + /* + * RANDSTRUCT derives its hardening benefits from the + * attacker's lack of knowledge about the layout of kernel + * data structures. Keep the kernel image non-global in + * cases where RANDSTRUCT is in use to help keep the layout a + * secret. + */ + if (IS_ENABLED(CONFIG_GCC_PLUGIN_RANDSTRUCT)) + return false; + return true; } _
