On Fri, May 26, 2017 at 1:23 PM, Linus Torvalds
<torva...@linux-foundation.org> wrote:
> On Fri, May 26, 2017 at 1:17 PM, Kees Cook <keesc...@chromium.org> wrote:
>> This marks most of the layout of task_struct as randomizable, but leaves
>> thread_info and scheduler state untouched at the start, and thread_struct
>> untouched at the end.
>
> I think you want to abstract this out somehow, because this is both
> ugly and bad:
>
>> + /* This begins the randomizable portion of task_struct... */
>> +#if GCC_VERSION >= 40600
>> + struct {
>> +#endif
>
> when you could instead just introduce something like
>
> #if GCC_VERSION >= 40600
> #define randomized_struct_fields_start struct {
> #define randomized_struct_fields_end } __randomize_layout;
> #else
> #define randomized_struct_fields_start
> #define randomized_struct_fields_end
> #endif
>
> and then this pattern is
> (a) more-or-less self-documenting
> (b) usable in other places too.
> (c) maybe some future compiler wants that struct field to have some
> "randomize-me attribute" or something
>
> Hmm?
There were so many options and they all seems weird for various
reason. :) I'll use your idea, it looks much cleaner, thanks!
-Kees
--
Kees Cook
Pixel Security
