On Tue, Jan 3, 2017 at 3:55 PM, Bruce Korb <bruce.k...@gmail.com> wrote: > On Tue, Jan 3, 2017 at 3:47 PM, Kees Cook <keesc...@chromium.org> wrote: >>> how is the code to be verified so that >>> any use of things like offsetof and any >>> address/indexing is not impacted? > > As a tangential party, I am a bit curious: does the randomization > plugin result in a compact structure? I ask because I know many/most > programmers don't bother with it and so doing so ought to make the > data more compact.
http://git.kernel.org/cgit/linux/kernel/git/kees/linux.git/tree/scripts/gcc-plugins/randomize_layout_plugin.c?h=kspp/gcc-plugin/randstruct See full_shuffle() and performance_shuffle(). The latter keeps variables in the same cacheline. Neither attempt any kind of compaction. -Kees -- Kees Cook Nexus Security
