On Tue, Dec 20, 2016 at 9:29 AM, Joe Perches <joe@xxxxxxxxxxx> wrote: > On Fri, 2016-12-16 at 17:00 -0800, Kees Cook wrote: >> Prepare to mark sensitive kernel structures for randomization by making > sure they're using designated initializers. > > About the designated initializer patches, > which by themselves are fine of course, > and the fundamental randomization plugin, > c guarantees that struct member ordering > is as specified. > > how is the code to be verified so that > any use of things like offsetof and any > address/indexing is not impacted? AIUI, offsetof() works correctly in the face of this plugin, since the ordering happens before the pass that handles offsetof(). Anything that _does not_ use offsetof(), however, needs fixing. Based on the work done in grsecurity, I don't see any added offsetof() uses that are specific to the randomization plugin. (Note that the randomization plugin is only on function pointer structures, where using an offsetof() should be rare to none, and on hand-selected structures, where missing offsetof() should be easy to audit.) -Kees -- Kees Cook Nexus Security _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
