From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1750781AbdE0UD0 (ORCPT ); Sat, 27 May 2017 16:03:26 -0400 Received: from mail-io0-f174.google.com ([209.85.223.174]:35637 "EHLO mail-io0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750737AbdE0UDY (ORCPT ); Sat, 27 May 2017 16:03:24 -0400 MIME-Version: 1.0 In-Reply-To: <20170527084246.GB26844@infradead.org> References: <1495829844-69341-1-git-send-email-keescook@chromium.org> <1495829844-69341-12-git-send-email-keescook@chromium.org> <20170527084246.GB26844@infradead.org> From: Kees Cook Date: Sat, 27 May 2017 13:03:23 -0700 X-Google-Sender-Auth: c71Tf_9fZtVcHdDYZioqyEOAMPc Message-ID: Subject: Re: [PATCH v2 11/20] randstruct: Disable randomization of ACPICA structs To: Christoph Hellwig Cc: "kernel-hardening@lists.openwall.com" , Laura Abbott , "x86@kernel.org" , LKML , Bob Moore , Lv Zheng , "Rafael J. Wysocki" Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, May 27, 2017 at 1:42 AM, Christoph Hellwig wrote: > On Fri, May 26, 2017 at 01:17:15PM -0700, Kees Cook wrote: >> Since the ACPICA source is maintained externally to the kernel, we can >> neither switch it to designated initializers nor mark it >> __no_randomize_layout. Until ACPICA-upstream changes[1] land to handle the >> designated initialization, explicitly skip it in the plugin. >> >> [1] https://github.com/acpica/acpica/pull/248 > > I'd just overried the ACPIA bullshit process and just include these > changes, as they are a major improvement independent of any > reandomization. Well... I'd rather not. It's been explicitly NAKed by them already, which is why I sent the upstream solution (though it's being ignored currently). I don't want this to block randstruct any longer, so that's why I took a whitelisting approach here. -Kees -- Kees Cook Pixel Security