From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S935291AbdADG1K (ORCPT <rfc822;w@1wt.eu>);
        Wed, 4 Jan 2017 01:27:10 -0500
Received: from mail3-relais-sop.national.inria.fr ([192.134.164.104]:28588
        "EHLO mail3-relais-sop.national.inria.fr" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S934880AbdADG1H (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 4 Jan 2017 01:27:07 -0500
X-IronPort-AV: E=Sophos;i="5.33,458,1477954800"; 
   d="scan'208";a="206875482"
Date: Wed, 4 Jan 2017 07:27:03 +0100 (CET)
From: Julia Lawall <julia.lawall@lip6.fr>
X-X-Sender: jll@hadrien
To: Kees Cook <keescook@chromium.org>
cc: Joe Perches <joe@perches.com>, LKML <linux-kernel@vger.kernel.org>,
        Dan Carpenter <error27@gmail.com>, Oleg Drokin <oleg.drokin@intel.com>,
        Andreas Dilger <andreas.dilger@intel.com>,
        James Simmons <jsimmons@infradead.org>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        "John L. Hammond" <john.hammond@intel.com>,
        Emoly Liu <emoly.liu@intel.com>,
        Vitaly Fertman <vitaly_fertman@xyratex.com>,
        Bruno Faccini <bruno.faccini@intel.com>,
        Bruce Korb <bruce.korb@gmail.com>, devel@driverdev.osuosl.org
Subject: Re: Designated initializers, struct randomization and addressing?
In-Reply-To: <CAGXu5jJUHZi5LUxFjG9XfKgipBpGYfdfUXM8q_xEWqQrqtq1Tw@mail.gmail.com>
Message-ID: <alpine.DEB.2.20.1701040726310.2004@hadrien>
References: <20161217010045.GA140343@beast> <1482254995.1984.20.camel@perches.com> <CAGXu5jJUHZi5LUxFjG9XfKgipBpGYfdfUXM8q_xEWqQrqtq1Tw@mail.gmail.com>
User-Agent: Alpine 2.20 (DEB 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org



On Tue, 3 Jan 2017, Kees Cook wrote:

> On Tue, Dec 20, 2016 at 9:29 AM, Joe Perches <joe@perches.com> wrote:
> > On Fri, 2016-12-16 at 17:00 -0800, Kees Cook wrote:
> >> Prepare to mark sensitive kernel structures for randomization by making
> > sure they're using designated initializers.
> >
> > About the designated initializer patches,
> > which by themselves are fine of course,
> > and the fundamental randomization plugin,
> > c guarantees that struct member ordering
> > is as specified.
> >
> > how is the code to be verified so that
> > any use of things like offsetof and any
> > address/indexing is not impacted?
>
> AIUI, offsetof() works correctly in the face of this plugin, since the
> ordering happens before the pass that handles offsetof(). Anything
> that _does not_ use offsetof(), however, needs fixing. Based on the
> work done in grsecurity, I don't see any added offsetof() uses that
> are specific to the randomization plugin.
>
> (Note that the randomization plugin is only on function pointer
> structures, where using an offsetof() should be rare to none, and on
> hand-selected structures, where missing offsetof() should be easy to
> audit.)

What is the precise definition of "function pointer structures"?  Only
function pointers?  At least one function pointer?

thanks,
julia