On Tue, May 17, 2022 at 9:21 PM GONG, Ruiqi <gongruiqi1@xxxxxxxxxx> wrote: > > Randomize the layout of struct selinux_audit_data as suggested in [1], > since it contains a pointer to struct selinux_state, an already > randomized strucure. > > [1]: https://github.com/KSPP/linux/issues/188 > > Signed-off-by: GONG, Ruiqi <gongruiqi1@xxxxxxxxxx> > --- > security/selinux/include/avc.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h > index 2b372f98f2d7..5525b94fd266 100644 > --- a/security/selinux/include/avc.h > +++ b/security/selinux/include/avc.h > @@ -53,7 +53,7 @@ struct selinux_audit_data { > u32 denied; > int result; > struct selinux_state *state; > -}; > +} __randomize_layout; I'll apologize in advance for the stupid question, but does __randomize_layout result in any problems when the struct is used in a trace event? (see include/trace/events/avc.h) -- paul-moore.com