lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 3 Jan 2017 22:35:26 -0800
From:   Kees Cook <keescook@...omium.org>
To:     Julia Lawall <julia.lawall@...6.fr>
Cc:     Joe Perches <joe@...ches.com>, LKML <linux-kernel@...r.kernel.org>,
        Dan Carpenter <error27@...il.com>,
        Oleg Drokin <oleg.drokin@...el.com>,
        Andreas Dilger <andreas.dilger@...el.com>,
        James Simmons <jsimmons@...radead.org>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        "John L. Hammond" <john.hammond@...el.com>,
        Emoly Liu <emoly.liu@...el.com>,
        Vitaly Fertman <vitaly_fertman@...atex.com>,
        Bruno Faccini <bruno.faccini@...el.com>,
        Bruce Korb <bruce.korb@...il.com>, devel@...verdev.osuosl.org
Subject: Re: Designated initializers, struct randomization and addressing?

On Tue, Jan 3, 2017 at 10:27 PM, Julia Lawall <julia.lawall@...6.fr> wrote:
>
>
> On Tue, 3 Jan 2017, Kees Cook wrote:
>
>> On Tue, Dec 20, 2016 at 9:29 AM, Joe Perches <joe@...ches.com> wrote:
>> > On Fri, 2016-12-16 at 17:00 -0800, Kees Cook wrote:
>> >> Prepare to mark sensitive kernel structures for randomization by making
>> > sure they're using designated initializers.
>> >
>> > About the designated initializer patches,
>> > which by themselves are fine of course,
>> > and the fundamental randomization plugin,
>> > c guarantees that struct member ordering
>> > is as specified.
>> >
>> > how is the code to be verified so that
>> > any use of things like offsetof and any
>> > address/indexing is not impacted?
>>
>> AIUI, offsetof() works correctly in the face of this plugin, since the
>> ordering happens before the pass that handles offsetof(). Anything
>> that _does not_ use offsetof(), however, needs fixing. Based on the
>> work done in grsecurity, I don't see any added offsetof() uses that
>> are specific to the randomization plugin.
>>
>> (Note that the randomization plugin is only on function pointer
>> structures, where using an offsetof() should be rare to none, and on
>> hand-selected structures, where missing offsetof() should be easy to
>> audit.)
>
> What is the precise definition of "function pointer structures"?  Only
> function pointers?  At least one function pointer?

For randstruct and constify, the automatic selection is done on
structures with only function pointers. (Additional structures can be
added via a compiler attribute marking.)

See is_pure_ops_struct():

http://git.kernel.org/cgit/linux/kernel/git/kees/linux.git/tree/scripts/gcc-plugins/randomize_layout_plugin.c?h=kspp/gcc-plugin/randstruct

-Kees

-- 
Kees Cook
Nexus Security

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ