lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 27 Jan 2020 12:04:37 +0000
From:   David Laight <David.Laight@...LAB.COM>
To:     'Nick Desaulniers' <ndesaulniers@...gle.com>,
        Peter Zijlstra <peterz@...radead.org>
CC:     Will Deacon <will@...nel.org>, LKML <linux-kernel@...r.kernel.org>,
        linux-arch <linux-arch@...r.kernel.org>,
        kernel-team <kernel-team@...roid.com>,
        Michael Ellerman <mpe@...erman.id.au>,
        "Linus Torvalds" <torvalds@...ux-foundation.org>,
        Segher Boessenkool <segher@...nel.crashing.org>,
        Christian Borntraeger <borntraeger@...ibm.com>,
        Luc Van Oostenryck <luc.vanoostenryck@...il.com>,
        Arnd Bergmann <arnd@...db.de>,
        Peter Oberparleiter <oberpar@...ux.ibm.com>,
        Masahiro Yamada <masahiroy@...nel.org>,
        Pablo Neira Ayuso <pablo@...filter.org>,
        "Jozsef Kadlecsik" <kadlec@...filter.org>,
        Florian Westphal <fw@...len.de>,
        "David S. Miller" <davem@...emloft.net>
Subject: RE: [PATCH v2 02/10] netfilter: Avoid assigning 'const' pointer to
 non-const pointer

From: Nick Desaulniers
> Sent: 24 January 2020 17:20
...
> > > Good thing it's the variable being modified was not declared const; I
> > > get spooked when I see -Wdiscarded-qualifiers because of Section
> > > 6.7.3.6 of the ISO C11 draft spec:
> > >
> > > ```
> > > If an attempt is made to modify an object defined with a const-qualified
> > > type through use of an lvalue with non-const-qualified type,
> > > the behavior is undefined.

Well some old systems had small integer constants at fixes addresses.
So 'const int one = 1;'  would be a reference to the global constant.
An assignment like '*(int *)&one = 2;' would change the value of the
system-wide 'one' constant'.

Pretty much 'undefined'.

But no excuse for the compiler just discarding the code.

I suspect that the code to remove 'const' needs to 'launder' the value
through a suitable integer type.

	David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ