lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 29 Nov 2010 13:03:42 -0500
From:	Valdis.Kletnieks@...edu
To:	Américo Wang <xiyou.wangcong@...il.com>
Cc:	Hui Zhu <teawater@...il.com>, linux-kernel@...r.kernel.org,
	gdb@...rceware.org, hellogcc@...elists.org
Subject: Re: [PATCH] Built kernel without -O2 option

On Mon, 29 Nov 2010 16:52:50 +0800, Américo Wang said:

> >For example:
> >ifdef CONFIG_CC_CLOSE_OPTIMIZATION
> >CFLAGS_fpu.o                           += -O2
> >CFLAGS_aesni-intel_glue.o              += -O2
> >CFLAGS_ghash-clmulni-intel_glue.o      += -O2
> >endif
> 
> No, I didn't mean this, I meant some function that have to be inlined
> are those who only work when being inlined, e.g. current_text_addr().
> 
> I think it is not alone. :)

Anything that uses the gcc __builtin_return_adress() extension should also be
audited - that returns different results for inlined and non-inlined callers.


Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ