On Fri, Dec 13, 2019 at 01:36:38PM -0500, Stephen Smalley wrote: > On 12/13/19 1:05 PM, Kees Cook wrote: > > On Fri, Dec 13, 2019 at 10:40:54AM -0500, Stephen Smalley wrote: > > > See $(subject). If yes, there are some obvious candidates among the SELinux > > > data structures for randomized layouts to avoid fixed locations for > > > enforcing, initialized, etc. If not, then no point in pursuing it. Doesn't > > > look like Fedora enables it, probably because they'd have to publish the > > > random seeds anyway for third party kernel modules. But maybe it would be > > > useful for some distros/users? ChromeOS? Android? > > > > It is used by "in-house" kernel builders who optimize for high security > > above all other things (I've talked to a few of them over the years > > when finding out what defenses they've wanted). I've also seen Huawai > > Android patches that seem to indicate they're using it as well, but I > > haven't been able to determine if any released devices are shipping with > > it enabled. I've also had several people ask after the Clang randstruct > > port, which is ongoing[1] by a couple people (added to CC). > > > > I think it would be very handy to add some more markings to sensitive > > data structures. Please send patches! > > Do you know if there is something inhibiting usage in e.g. Pixel devices? > Performance impact? In Android, the use of Clang for building the kernel inhibits it, as RANDSTRUCT support for Clang is still in development. The move to Clang for AOSP kernels is motivated for enabling CFI [1] and other features such as SCS [2]. AFAIK the move to Clang is already in effect for quite awhile in the kernels running on Pixel devices. About performance, the gcc RANDSTRUCT implementation also includes a performance-preserving feature where randomization takes cacheline boundary into consideration. The Clang implementation is expected to have this as well. It's a valid concern and definitely garners testing for anyone enabling the feature. [1] https://source.android.com/devices/tech/debug/cfi [2] https://source.android.com/devices/tech/debug/shadow-call-stack -- Dan Aloni
