Clang 15 Lands Support To Randomize Structure Layout, Linux Prepares To Use It

Written by Michael Larabel in LLVM on 18 April 2022 at 05:49 AM EDT. 16 Comments
LLVM
In matching behavior already provided by the GCC compiler, LLVM/Clang has landed "RandStruct" functionality to allow optionally randomizing the structure layout for C code.

The Clang RandStruct support is implemented similarly to GCC and intended as compile-time hardening to make it harder for attackers to retrieve data from program structures. The support can be enabled via the "-frandomize-layout-seed=" or "-frandomize-layout-seed-file=" options for providing the deterministic random seed for allowing reproducible builds.

The patch was merged last week into what will be LLVM/Clang 15 this autumn.

Meanwhile Google's Kees Cook has prepared for-next/randstruct with the Linux kernel RandStruct integration to be extended to also work with the Clang compiler. To now the Linux kernel's RandStruct support has obviously just worked with the GCC compiler for randomizing the Linux kernel's sensitive structures in the name of greater security. Look for this Clang support in for-next/randstruct to land with the Linux 5.19 kernel this summer.

Making use of the Linux kernel's RandStruct hardening can induce some performance impact but there is also a build-time tunable for trying to limit the randomization of the structure layout to cache line sized groups of members to lessen that performance cost albeit with reduced randomization.
16 Comments
Related News
How AMD Is Taking Standard C/C++ Code To Run Directly On GPUs
The 2024 LLVM Developers’ Meeting Videos Now Online
LLVM Merges Support The For Tenstorrent TT-Ascalon-D8 RISC-V CPU
AMD Begins Adding "GFX950" GPU Support To LLVM For Next CDNA Accelerator
LLVM Clang 20 Merges Intel Diamond Rapids Support With "-march=diamondrapids"
Red Hat Engineer Nikita Popov Now The Lead Maintainer For LLVM
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
Linus Torvalds Comes Out Against "Completely Broken" x86_64 Feature Levels
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
How AMD Is Taking Standard C/C++ Code To Run Directly On GPUs
Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal
COSMIC Alpha 4 Released For System76's Rust-Based Desktop
GNU Shepherd 1.0 Service Manager Released As "Solid Tool" Alternative To systemd
KDE Starts December By Landing A Number Of New Features