| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 23 Sep 2013 21:11:45 -0700 From: Andi Kleen <andi@...stfloor.org> To: Marcelo Sousa <marceloabsousa@...il.com> Cc: linux-kernel@...r.kernel.org, msousa@...ox.ac.uk Subject: Re: Lightweight type analysis for memory safety through verification of API uses Marcelo Sousa <marceloabsousa@...il.com> writes: > I've designed and implemented a tool similar to sparse and CQUAL that > does type inference of user specified type qualifiers, e.g. iomem. It > receives an API specification with the type qualifiers and also a > partial order, e.g. IOAddr is not compatible with KernelAddr and > ioremap returns a pointer to IOAddr while __kmalloc returns a pointer > to a KernelAddr. Tracking iomem is ultimatively not very interesting, as in many common architectures it's just a normal pointer. __user is much more interesting, as that is real security bugs. You can probably find some in standard security advisories. Really interesting would be static lock set tracking for pointers and similar. -Andi -- ak@...ux.intel.com -- Speaking for myself only -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists