Received: by 10.223.185.116 with SMTP id b49csp2948588wrg; Mon, 5 Mar 2018 11:16:48 -0800 (PST) X-Google-Smtp-Source: AG47ELtnKsye+xrFmwJ55OM5Lyy0w8BDaBf2uFBUcB2i8qIPF4dxcDPlaZISSnbHH6bPwDZKlfcu X-Received: by 10.99.120.205 with SMTP id t196mr12606297pgc.392.1520277408046; Mon, 05 Mar 2018 11:16:48 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1520277408; cv=none; d=google.com; s=arc-20160816; b=a492Gg2hNcib5dP9CD9WrHdyaKI3vQpoOA3ZTgDzsxLhWwy6Z9QIjcuLSQOj6YoTL8 ifKXYDSKBKbRJPXsXKbFkRY56SFOwbJTOguj414etom7jZRLNuOJn/LZw0+V2obS6xDW 3YNLhP2neUcZ6SVxljUkVjJkUkXpwR4c41KEXnuJ9zHc4g5JdYWDlWrEhxE8mWF2qnCC L9BWUQFU/rcAdDijySpDI9JHI/pAW5HfKHiKXe06NWMJA/JbAi2Ub/kyMSOsYUF8TcCi H+n9U8o65XwHR2VjhPUGqsnV31vsFh8mYdDFZs1OcMe9xusiOQtnM+9YRY1gQ1p09BK9 2nDQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature:dkim-signature :arc-authentication-results; bh=f7IgiULnIYeZ6kEsjRk+2hgR8EmZep/65W9g0gbSj4w=; b=Cd/B57hAkv65mbTi9S8FbGKGBd4nMHBM9BR499ErwmZMYNOHPzG1b7B77zH0iyoQgf H22QoA0nsilIuSEHbDtWZu/njQ6ZjVhYgERmjhRZsb6dWyBg9y4qVNlQ/c0Z7Z64DYXM pumTq1LsuKavvg694r7wBMuGcVi837/Y1X0cbPtgnQ7H+0lYz0m3p9/Q0gpaDWNeRWcX S9z/BNRie0cHF7nMt3JD7elf7k8PbRfT60MBXSFqraeUPtqTZ1/ZNSPpWuCxQ4AgP0xj Hssm21lXHMOUPbIIlS/PQ0Zw1aFIh9nABYXxGzl1Kaz2zIPT+eXOe2VV0oOYMybY/r0x 3Pvg== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=HHUkD6/U; dkim=fail header.i=@chromium.org header.s=google header.b=d1OMBbQg; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f127si8688569pgc.49.2018.03.05.11.16.33; Mon, 05 Mar 2018 11:16:47 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=HHUkD6/U; dkim=fail header.i=@chromium.org header.s=google header.b=d1OMBbQg; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752686AbeCETPj (ORCPT + 99 others); Mon, 5 Mar 2018 14:15:39 -0500 Received: from mail-ua0-f195.google.com ([209.85.217.195]:46808 "EHLO mail-ua0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751490AbeCETPh (ORCPT ); Mon, 5 Mar 2018 14:15:37 -0500 Received: by mail-ua0-f195.google.com with SMTP id d1so10347554ual.13 for ; Mon, 05 Mar 2018 11:15:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=f7IgiULnIYeZ6kEsjRk+2hgR8EmZep/65W9g0gbSj4w=; b=HHUkD6/U954ZDeOijf8AMJ4KJZYQUCkcGa/for9tr/U4jpAA/iQcyYNZbDe/j/cR/3 J/XdMbJslQkINuYiR9q83uxB4ezaB4nmYIS/hhZi9JTQKy9A7vSSYCvveQChFFsb4l88 YG4E1q3wL5erz2e9W7QjaYCeM7nfbaaIM2WPnuV09fuKpw375ajVKpPFhgfD/n8MWxp4 37N3p/eXoJZUlpH73GGVtv7NPK6fakbeDYmgsJl1QCX9+GAtdh/4bQMFPokXAa2JlyR5 Qf/g2VaG2RSUWzeNBQ+rVWcyFHZ6Zo7ESoq5xK+JQKRkSNLN6JwQmyuGYuaP/rOfXKm6 p4Jw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=f7IgiULnIYeZ6kEsjRk+2hgR8EmZep/65W9g0gbSj4w=; b=d1OMBbQgr+LDQpnVKmNpDN44cXR/07BpGCwGFGPnMGXFG3ymi/Rw+pts7rZ1OFyjqy yDa+nvJdqZYbxakf1TpUjgkdsuSEtgSKmHNwxbyCdc35sszMVQlfvFme9WYX3DP2pbRv 2N+8+zXkOI4K7rTY0CK0mERLqrq03m8vZcX8A= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=f7IgiULnIYeZ6kEsjRk+2hgR8EmZep/65W9g0gbSj4w=; b=bZ8g9k4PvzWcE5vw2bW0bunyAiJ53x+NwvKQ5FfA5Xf37iXH4L1TMhjivRyyIh25u8 fpBQKfZEFjXobQFE7azS1Vl4V0tVVXJorUTc3dY2v3jXUOCAehNUo76e9QRGdggHvHsB LjYZH9sywly3Ya1qrVH2dj5kOOdxY29a5VCQGb8KpNUuOwOHZecelVZOnlRvMfxcr7Ek D2SbF+Mqvm0/U51u+FFaBIB5w1rzT73dMZXfwZ5L0fsw/bRH4OfdnzvVt8nhlKCGj5wp YVlCVOiIdswAM50XIRbyentwaRktoiDyQhqPYdNr7bbWKyRI6Sxba1Y60+7EyuDx9uND whwQ== X-Gm-Message-State: APf1xPBHAjKIonJDylBdaDdbtqbF4PApgUSlw7EAot2X2NHpllveK9Md R2aN06i8MgMsIPJuatvuhPJzCBkFDVk+mbvdOc2R3w== X-Received: by 10.159.54.227 with SMTP id p90mr11543554uap.74.1520277336372; Mon, 05 Mar 2018 11:15:36 -0800 (PST) MIME-Version: 1.0 Received: by 10.31.242.140 with HTTP; Mon, 5 Mar 2018 11:15:35 -0800 (PST) In-Reply-To: References: <6be06ce5-87e6-0d9d-55b9-6c70c3578ecf@maciej.szmigiero.name> From: Kees Cook Date: Mon, 5 Mar 2018 11:15:35 -0800 X-Google-Sender-Auth: 95GxM90fk6sDNH7e8HQPESv9RTY Message-ID: Subject: Re: RANDSTRUCT structs need linux/compiler_types.h (Was: [nfsd4] potentially hardware breaking regression in 4.14-rc and 4.13.11) To: Masahiro Yamada Cc: Linus Torvalds , "Maciej S. Szmigiero" , Patrick McLean , Emese Revfy , Al Viro , Bruce Fields , "Darrick J. Wong" , Linux Kernel Mailing List , Linux NFS Mailing List , Thorsten Leemhuis , "kernel-hardening@lists.openwall.com" Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Mar 5, 2018 at 1:27 AM, Masahiro Yamada wrote: > Sorry for chiming in late. > > I noticed this thread today, > honestly, the commit made me upset. > > > Can I suggest another way to make it less fragile? > __attribute((...)) can be placed after 'struct'. > > > So, we can write: > > > struct __randomize_layout path { > struct vfsmount *mnt; > struct dentry *dentry; > }; > > > instead of > > > struct path { > struct vfsmount *mnt; > struct dentry *dentry; > } __randomize_layout; Ugh. I had tried this after the struct _name_, not after "struct" itself. This does fix it, though it remains fragile, as you mention. > If we force the former notation, > the undefined __randomize_layout results in a build error > instead of silent broken code generation. > > > It is true somebody can still place > __randomize_layout after the closing brace, > but can we check this by coccicheck or checkpatch.pl? > (we can describe it in coding style documentation, of course) > > > IMHO, we should not (ab)use include/linux/kconfig.h > to bring in misc things. I'm happy to send a patch that reverts the other changes and relocates all the markings... Linus, how would you like this to go? -Kees -- Kees Cook Pixel Security