On Tue, Jan 26, 2021 at 12:43:16PM -0600, Josh Poimboeuf wrote: > On Tue, Jan 26, 2021 at 09:56:10AM -0800, Kees Cook wrote: > > On Mon, Jan 25, 2021 at 04:19:53PM -0600, Josh Poimboeuf wrote: > > > On Mon, Jan 25, 2021 at 02:03:07PM -0800, Kees Cook wrote: > > > > On Mon, Jan 25, 2021 at 02:42:10PM -0600, Josh Poimboeuf wrote: > > > > > When a GCC version mismatch is detected, print a warning and disable the > > > > > plugin. The only exception is the RANDSTRUCT plugin which needs all > > > > > code to see the same struct layouts. In that case print an error. > > > > > > > > I prefer this patch as-is: only randstruct needs a hard failure. The > > > > others likely work (in fact, randstruct likely works too). > > > > > > I'm curious about this last statement, why would randstruct likely work? > > > > > > Even struct module has '__randomize_layout', wouldn't basic module init > > > go splat? > > > > No; the seed is part of the generate includes -- you'll get the same > > layout with the same seed. > > Right, but don't you need the plugin enabled to make use of that seed, > so the structs get interpreted properly by the module? Or am I > completely misunderstanding how this plugin works? Having the plugin enabled or not is part of the Kconfig ... you can't build anything if you change Kconfig. I feel like I'm missing something... -- Kees Cook
