On Tue, Jan 3, 2017 at 10:27 PM, Julia Lawall <julia.lawall@xxxxxxx> wrote: > > > On Tue, 3 Jan 2017, Kees Cook wrote: > >> On Tue, Dec 20, 2016 at 9:29 AM, Joe Perches <joe@xxxxxxxxxxx> wrote: >> > On Fri, 2016-12-16 at 17:00 -0800, Kees Cook wrote: >> >> Prepare to mark sensitive kernel structures for randomization by making >> > sure they're using designated initializers. >> > >> > About the designated initializer patches, >> > which by themselves are fine of course, >> > and the fundamental randomization plugin, >> > c guarantees that struct member ordering >> > is as specified. >> > >> > how is the code to be verified so that >> > any use of things like offsetof and any >> > address/indexing is not impacted? >> >> AIUI, offsetof() works correctly in the face of this plugin, since the >> ordering happens before the pass that handles offsetof(). Anything >> that _does not_ use offsetof(), however, needs fixing. Based on the >> work done in grsecurity, I don't see any added offsetof() uses that >> are specific to the randomization plugin. >> >> (Note that the randomization plugin is only on function pointer >> structures, where using an offsetof() should be rare to none, and on >> hand-selected structures, where missing offsetof() should be easy to >> audit.) > > What is the precise definition of "function pointer structures"? Only > function pointers? At least one function pointer? For randstruct and constify, the automatic selection is done on structures with only function pointers. (Additional structures can be added via a compiler attribute marking.) See is_pure_ops_struct(): http://git.kernel.org/cgit/linux/kernel/git/kees/linux.git/tree/scripts/gcc-plugins/randomize_layout_plugin.c?h=kspp/gcc-plugin/randstruct -Kees -- Kees Cook Nexus Security _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
