| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 23 Jul 2017 07:07:59 +0200 (CEST)
From: Julia Lawall <julia.lawall@...6.fr>
To: "Gustavo A. R. Silva" <garsilva@...eddedor.com>
cc: Borislav Petkov <bp@...en8.de>,
Mauro Carvalho Chehab <mchehab@...nel.org>,
linux-edac@...r.kernel.org, linux-kernel@...r.kernel.org,
cocci@...teme.lip6.fr,
"Gustavo A. R. Silva" <gustavo@...eddedor.com>
Subject: Re: [PATCH] EDAC: remove unnecessary static in
edac_fake_inject_write()
On Sat, 22 Jul 2017, Gustavo A. R. Silva wrote:
> Hi Julia, Borislav,
>
> On 07/22/2017 11:22 AM, Gustavo A. R. Silva wrote:
> > Hi all,
> >
> > On 07/22/2017 01:36 AM, Borislav Petkov wrote:
> > > On Fri, Jul 21, 2017 at 10:08:12PM +0200, Julia Lawall wrote:
> > > > Someone pointed out that the rule is probably not OK when the address of
> > > > the static variable is taken, because then it is likely being used as
> > > > permanent storage.
> > >
> > > Makes sense to me.
> > >
> > > > An improved rule is:
> > >
> > > Do you think it is worth having it in scripts/coccinelle/ ?
> > >
> > > I don't think Gustavo would mind putting it there :)
> > >
> >
> > Absolutely, I'd be glad to help out. :)
> >
>
> I've been working on this issue today and, in my opinion, this script is even
> better:
>
> @bad exists@
> position p;
> identifier x;
> expression e;
> type T;
> @@
>
> static T x@p;
> ... when != x = e
> x = <+...x...+>
>
> @worse1 exists@
> position p;
> identifier x;
> type T;
> @@
>
> static T x@p;
> ...
> return &x;
>
> @worse2 exists@
> position p;
> identifier x;
> type T;
> @@
>
> static T *x@p;
> ...
> return x;
>
> @@
> identifier x;
> expression e;
> type T;
> position p != {bad.p,worse1.p,worse2.p};
> @@
>
> -static
> T x@p;
> ... when != x
> when strict
> ?x = e;
>
> It ignores all the cases in which the address of the static variable is
> returned to the caller function.
I don't understand why you want to restrict the address of a variable case
to returns. Storing the address in a field of a structure that has a
lifetime beyond the function body is a problem as well.
On the other hand returning the value stored in a static variable is not a
problem. That value exists independently of the variable that contains
it. The variable that conains it doesn't need to live on in any way.
>
> Also, there are some cases in which the maintainer can argue something like
> the following:
>
> https://lkml.org/lkml/2017/7/19/1381
>
> but that depends on the particular conditions in which the code is intended to
> be executed.
>
> What do you think?
The preserving values argument is not relevant. The rule checks that the
value is never used. DMA accesses should involve taking an address, which
we now disallow. It seems likely that anything large would have its
address taken too, but one could check manually for that. spgen provides
a section where you can describe such issues.
julia
> Thank you
> --
> Gustavo A. R. Silva
>
Powered by blists - more mailing lists