From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1755340AbcFQIUh (ORCPT <rfc822;w@1wt.eu>);
	Fri, 17 Jun 2016 04:20:37 -0400
Received: from mail-wm0-f67.google.com ([74.125.82.67]:34604 "EHLO
	mail-wm0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1754191AbcFQIUc (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Fri, 17 Jun 2016 04:20:32 -0400
Date: Fri, 17 Jun 2016 10:20:27 +0200
From: Ingo Molnar <mingo@kernel.org>
To: Kees Cook <keescook@chromium.org>
Cc: Baoquan He <bhe@redhat.com>, Borislav Petkov <bp@suse.de>,
        Yinghai Lu <yinghai@kernel.org>, "H. Peter Anvin" <hpa@zytor.com>,
        Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>,
        "x86@kernel.org" <x86@kernel.org>,
        Andrew Morton <akpm@linux-foundation.org>,
        Josh Poimboeuf <jpoimboe@redhat.com>,
        Andrey Ryabinin <aryabinin@virtuozzo.com>,
        "H.J. Lu" <hjl.tools@gmail.com>, Dmitry Vyukov <dvyukov@google.com>,
        LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v9 3/5] x86/KASLR: Randomize virtual address separately
Message-ID: <20160617082026.GA4791@gmail.com>
References: <1464216334-17200-1-git-send-email-keescook@chromium.org>
 <1464216334-17200-4-git-send-email-keescook@chromium.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1464216334-17200-4-git-send-email-keescook@chromium.org>
User-Agent: Mutt/1.5.24 (2015-08-30)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org


* Kees Cook <keescook@chromium.org> wrote:

> -unsigned char *choose_random_location(unsigned long input,
> -				      unsigned long input_size,
> -				      unsigned long output,
> -				      unsigned long output_size)
> +void choose_random_location(unsigned long input,
> +			    unsigned long input_size,
> +			    unsigned long *output,
> +			    unsigned long output_size,
> +			    unsigned long *virt_addr)
>  {
> -	unsigned long choice = output;
>  	unsigned long random_addr;
>  
> +	/* By default, keep output position unchanged. */
> +	*virt_addr = *output;

So I applied this, after fixing a conflict with a recent hibernation related 
change, but it would be nice to further clean up the types in this file, in 
particular could we please propagate 'const' for all input-only pointers?

For example in the above function it would be obvious at a glance if it said 
something like:

 void choose_random_location(unsigned long input,
			    unsigned long input_size,
			    const unsigned long *output,
			    unsigned long output_size,
			    unsigned long *virt_addr)

when reading such a function prototype I can immediately tell: 'yeah, while it's 
named "output", it's in fact a read-only input parameter - the _real_ output of 
the function is 'virt_addr'.)

In addition to that it would also be useful to eliminate the 'virt_addr' parameter 
altogether, and use an 'unsigned long' return value to set virt_addr in misc.c.

Ok?

Thanks,

	Ingo