lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <a19818a4-3457-7362-4deb-b981fdc9ba84@quicinc.com>
Date:   Sat, 22 Jul 2023 12:40:51 -0700
From:   Trilok Soni <quic_tsoni@...cinc.com>
To:     Giuliano Procida <gprocida@...gle.com>, <quic_johmoo@...cinc.com>
CC:     <masahiroy@...nel.org>, <nathan@...nel.org>,
        <ndesaulniers@...gle.com>, <nicolas@...sle.eu>,
        <linux-kbuild@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
        <linux-arm-kernel@...ts.infradead.org>,
        <linux-arm-msm@...r.kernel.org>, <gregkh@...uxfoundation.org>,
        <rdunlap@...radead.org>, <arnd@...db.de>, <andersson@...nel.org>,
        <tkjos@...gle.com>, <maennich@...gle.com>,
        <kernel-team@...roid.com>, <libabigail@...rceware.org>,
        <jorcrous@...zon.com>, <quic_satyap@...cinc.com>,
        <quic_eberman@...cinc.com>, <quic_gurus@...cinc.com>
Subject: Re: [PATCH] scripts/check-uapi.sh: add stgdiff support

On 7/20/2023 9:10 AM, Giuliano Procida wrote:
> Hi John.
> 
> I spent a few minutes adding stgdiff support to the script. It's
> really just for illustration purposes.
> 
> As I think you know, STG doesn't yet exist as a project outside of
> AOSP. Nevertheless, this may be useful to you as-is.
> 
> STG has quite a different philosophy to libabigil in terms of
> filtering out certain kinds of differences. Some of the things (like
> enum enumerator additions) are not considered harmless. The reasoning
> behind this is basically...
> https://en.wikipedia.org/wiki/Covariance_and_contravariance_(computer_science)
> 
> However, it does have --ignore interface_addition (and the related
> --ignore type_definition_addition) which can be used to detect whether
> one ABI is a subset of another.
> 
> I am looking at adding support for macro definitions (gcc -g3) to STG
> which will then let us cover significantly more of the UAPI surface.
> 
> Unfortunately, there are some headers which use anonymous enums to
> define constants (e.g. and ironically BTF). ABI tracking these types
> would require something a bit hacky. Or we could just name them.

Thank you Giuliano for trying the script w/ stg. We will review the 
modifications below.

Just to update everyone here that John is looking into the libabigail 
changes to reduce the false positives as discussed earlier in the email 
thread. There is some progress on the libabigail mailing list. Once we 
have enough changes made in the libabigail, John will update here with 
his results.

We have also submitted abstract in LPC 2023 Android MC as well about the 
UAPI checker. We hope to make a good progress before LPC.

---Trilok Soni

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ