lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sat, 22 Jul 2017 21:31:13 -0500
From:   "Gustavo A. R. Silva" <garsilva@...eddedor.com>
To:     Borislav Petkov <bp@...en8.de>, Julia Lawall <julia.lawall@...6.fr>
Cc:     Mauro Carvalho Chehab <mchehab@...nel.org>,
        linux-edac@...r.kernel.org, linux-kernel@...r.kernel.org,
        cocci@...teme.lip6.fr,
        "Gustavo A. R. Silva" <gustavo@...eddedor.com>
Subject: Re: [PATCH] EDAC: remove unnecessary static in
 edac_fake_inject_write()

Hi Julia, Borislav,

On 07/22/2017 11:22 AM, Gustavo A. R. Silva wrote:
> Hi all,
>
> On 07/22/2017 01:36 AM, Borislav Petkov wrote:
>> On Fri, Jul 21, 2017 at 10:08:12PM +0200, Julia Lawall wrote:
>>> Someone pointed out that the rule is probably not OK when the address of
>>> the static variable is taken, because then it is likely being used as
>>> permanent storage.
>>
>> Makes sense to me.
>>
>>> An improved rule is:
>>
>> Do you think it is worth having it in scripts/coccinelle/ ?
>>
>> I don't think Gustavo would mind putting it there :)
>>
>
> Absolutely, I'd be glad to help out. :)
>

I've been working on this issue today and, in my opinion, this script is 
even better:

@bad exists@
position p;
identifier x;
expression e;
type T;
@@

static T x@p;
... when != x = e
x = <+...x...+>

@worse1 exists@
position p;
identifier x;
type T;
@@

static T x@p;
...
return &x;

@worse2 exists@
position p;
identifier x;
type T;
@@

static T *x@p;
...
return x;

@@
identifier x;
expression e;
type T;
position p != {bad.p,worse1.p,worse2.p};
@@

-static
   T x@p;
   ... when != x
       when strict
?x = e;

It ignores all the cases in which the address of the static variable is 
returned to the caller function.

Also, there are some cases in which the maintainer can argue something 
like the following:

https://lkml.org/lkml/2017/7/19/1381

but that depends on the particular conditions in which the code is 
intended to be executed.

What do you think?

Thank you
--
Gustavo A. R. Silva

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ