| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAGXu5j+uvo3CDaKRwFm9p-GxDhZDqoWC7mOt7eo=HaNJUE8WPQ@mail.gmail.com>
Date: Tue, 3 Jan 2017 16:13:44 -0800
From: Kees Cook <keescook@...omium.org>
To: Bruce Korb <bruce.korb@...il.com>
Cc: Joe Perches <joe@...ches.com>, LKML <linux-kernel@...r.kernel.org>,
Julia Lawall <julia.lawall@...6.fr>,
Dan Carpenter <error27@...il.com>,
Oleg Drokin <oleg.drokin@...el.com>,
Andreas Dilger <andreas.dilger@...el.com>,
James Simmons <jsimmons@...radead.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
"John L. Hammond" <john.hammond@...el.com>,
Emoly Liu <emoly.liu@...el.com>,
Vitaly Fertman <vitaly_fertman@...atex.com>,
Bruno Faccini <bruno.faccini@...el.com>,
devel@...verdev.osuosl.org
Subject: Re: Designated initializers, struct randomization and addressing?
On Tue, Jan 3, 2017 at 3:55 PM, Bruce Korb <bruce.korb@...il.com> wrote:
> On Tue, Jan 3, 2017 at 3:47 PM, Kees Cook <keescook@...omium.org> wrote:
>>> how is the code to be verified so that
>>> any use of things like offsetof and any
>>> address/indexing is not impacted?
>
> As a tangential party, I am a bit curious: does the randomization
> plugin result in a compact structure? I ask because I know many/most
> programmers don't bother with it and so doing so ought to make the
> data more compact.
http://git.kernel.org/cgit/linux/kernel/git/kees/linux.git/tree/scripts/gcc-plugins/randomize_layout_plugin.c?h=kspp/gcc-plugin/randstruct
See full_shuffle() and performance_shuffle(). The latter keeps
variables in the same cacheline. Neither attempt any kind of
compaction.
-Kees
--
Kees Cook
Nexus Security
Powered by blists - more mailing lists