From: "PaX Team" <pageexec@freemail.hu>
To: Julia Lawall <julia.lawall@lip6.fr>, Kees Cook <keescook@chromium.org>
Cc: Emese Revfy <re.emese@gmail.com>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>,
Dan Carpenter <dan.carpenter@oracle.com>,
Joe Perches <joe@perches.com>,
kernel-janitors@vger.kernel.org,
LKML <linux-kernel@vger.kernel.org>
Subject: Re: [kernel-hardening] Re: [PATCH] video: constify geode ops structures
Date: Tue, 10 Nov 2015 01:24:54 +0000 [thread overview]
Message-ID: <56414766.18876.2B8A87D7@pageexec.freemail.hu> (raw)
In-Reply-To: <CAGXu5jKzKAje_gtOQY7ukh67LLqmcWzVQ502V6akAB6ShH3h3w@mail.gmail.com>
> On Mon, Nov 9, 2015 at 1:55 PM, Julia Lawall <julia.lawall@lip6.fr> wrote:
> >> > What happens if some structures cannot be made const because there is a
> >> > reassignment somewhere? Is there any feedback about the problem?
the constify plugin basically simulates what a source level 'const' would
do (sets a specific flag on the 'tree' structure representing the so-called
main variant of the ops type, see my h2hc13 presentation for details) and
since this happens early in the frontend, the const violations will be
reported by the compiler just like as it would otherwise report such source
level problems.
this way one can simply put a do_const attribute on a type, recompile the
tree and see if the compiler ever reports an error to know if the given
constification attempt is viable for the given type or not (and by finding
the 'bad' assignments one can see where to consider rewriting the code
perhaps, we did this a lot in PaX for example to achieve the current level
of attack surface reduction).
cheers,
PaX Team
next prev parent reply other threads:[~2015-11-10 1:24 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-08 21:34 [PATCH] video: constify geode ops structures Julia Lawall
2015-11-08 22:16 ` Dan Carpenter
2015-11-08 22:24 ` Julia Lawall
2015-11-09 5:42 ` Dan Carpenter
2015-11-09 6:09 ` Joe Perches
2015-11-09 6:39 ` Julia Lawall
2015-11-09 13:30 ` [kernel-hardening] " Dan Carpenter
2015-11-09 18:12 ` Julia Lawall
2015-11-09 18:19 ` Joe Perches
2015-11-09 13:49 ` Dan Carpenter
2015-11-09 14:50 ` Julia Lawall
2015-11-09 16:39 ` Dan Carpenter
2015-11-09 17:05 ` Emese Revfy
2015-11-09 17:48 ` Julia Lawall
2015-11-09 21:24 ` Kees Cook
2015-11-09 21:55 ` Julia Lawall
2015-11-09 23:34 ` Kees Cook
2015-11-10 1:24 ` PaX Team [this message]
2015-11-10 15:44 ` Julia Lawall
2015-11-09 21:20 ` Kees Cook
2015-11-10 6:38 ` Christoph Hellwig
2015-11-10 20:34 ` Kees Cook
2015-11-10 20:49 ` Joe Perches
2015-11-10 22:02 ` Dan Carpenter
2015-11-10 22:17 ` Joe Perches
2015-11-10 22:34 ` Dan Carpenter
2015-11-10 22:39 ` Joe Perches
2015-11-24 11:28 ` Tomi Valkeinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56414766.18876.2B8A87D7@pageexec.freemail.hu \
--to=pageexec@freemail.hu \
--cc=dan.carpenter@oracle.com \
--cc=joe@perches.com \
--cc=julia.lawall@lip6.fr \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=kernel-janitors@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=re.emese@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox