Re: [PATCH] selinux: add __randomize_layout to selinux_audit_data

From: Paul Moore
Date: Tue May 17 2022 - 21:39:28 EST

Next message: Hao, Xudong: "RE: [KVM] 5fc3cfa62b: kernel-selftests.kvm.vmx_pmu_msrs_test.fail"
Previous message: Shida Zhang: "[PATCH v2] cgroup: remove the superfluous judgment"
In reply to: GONG, Ruiqi: "[PATCH] selinux: add __randomize_layout to selinux_audit_data"
Next in thread: Gong Ruiqi: "Re: [PATCH] selinux: add __randomize_layout to selinux_audit_data"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, May 17, 2022 at 9:21 PM GONG, Ruiqi <gongruiqi1@xxxxxxxxxx> wrote:
>
> Randomize the layout of struct selinux_audit_data as suggested in [1],
> since it contains a pointer to struct selinux_state, an already
> randomized strucure.
>
> [1]: https://github.com/KSPP/linux/issues/188
>
> Signed-off-by: GONG, Ruiqi <gongruiqi1@xxxxxxxxxx>
> ---
> security/selinux/include/avc.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h
> index 2b372f98f2d7..5525b94fd266 100644
> --- a/security/selinux/include/avc.h
> +++ b/security/selinux/include/avc.h
> @@ -53,7 +53,7 @@ struct selinux_audit_data {
> u32 denied;
> int result;
> struct selinux_state *state;
> -};
> +} __randomize_layout;

I'll apologize in advance for the stupid question, but does
__randomize_layout result in any problems when the struct is used in a
trace event? (see include/trace/events/avc.h)

--
paul-moore.com

Next message: Hao, Xudong: "RE: [KVM] 5fc3cfa62b: kernel-selftests.kvm.vmx_pmu_msrs_test.fail"
Previous message: Shida Zhang: "[PATCH v2] cgroup: remove the superfluous judgment"
In reply to: GONG, Ruiqi: "[PATCH] selinux: add __randomize_layout to selinux_audit_data"
Next in thread: Gong Ruiqi: "Re: [PATCH] selinux: add __randomize_layout to selinux_audit_data"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]