Re: [PATCH v1 7/7] tools: add userspace linker table sandbox

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Aug 23, 2016 at 10:30 AM, Arnaldo Carvalho de Melo
<acme@xxxxxxxxxx> wrote:
> Em Mon, Aug 22, 2016 at 05:28:42PM -0700, H. Peter Anvin escreveu:
>> On August 22, 2016 5:07:39 PM PDT, "Luis R. Rodriguez" <mcgrof@xxxxxxxxxx> wrote:
>> >On Fri, Aug 19, 2016 at 03:31:47PM -0700, Kees Cook wrote:
>> >> On Fri, Aug 19, 2016 at 2:41 PM,  <mcgrof@xxxxxxxxxx> wrote:
>> >> >  tools/Makefile                                     |   3 +-
>> >> >  .../arch/x86/include/generated/asm/section-core.h  |   1 +
>> >> >  tools/arch/x86/include/generated/ranges.h          |   1 +
>> >> >  tools/arch/x86/include/generated/tables.h          |   1 +
>> >> >  tools/include/asm-generic/ranges.h                 | 103 ++++
>> >> >  tools/include/asm-generic/section-core.h           | 341
>
>> >> >  tools/include/asm-generic/tables.h                 |  50 ++
>
>> >> Aren't a bunch of these files exact duplicates of the headers in
>> >include/linux?
>
>> >Indeed... This a userspace tools/ architecture decision that was made
>> >long ago, so its not up to me, I am just following the strategy
>> >devised and picked up.  Refer to
>> >7d7d1bf1d1dabe435ef50efb051724b8664749cb ("perf bench: Copy kernel
>> >files needed to build mem{cpy,set} x86_64 benchmarks") for an example
>> >of previous similar work. By sharing header files this enable more
>> >tools/ to be hacked on.
>
>> I think this is a legacy from before the uapi change that should
>> really be fixed.  If we need to export additional kernel structures
>> for the tools, we could define a third level of we really need it.
>
> No, it is something recent, its just that from time to time files that
> tools/ included from outside, i.e. from the kernel sources, made tools/
> break, so after discussion with Linus and Ingo[1], it was decided we would

This [1] reference seems missing. I'm curious to see the thread. I
wonder if something could be done to just generate the needed headers
from the canonical locations into the tools/ locations?

> grab copies and never more access anything outside tools/ directly.
>
> Instead we would check for changes and warn the tools/ developers about
> it, so that they could check what has changed, that could mean changes
> should/could be done to tools/ using those headers.

Is there anything automated in place to notice when these changes happen?

-Kees

-- 
Kees Cook
Nexus Security
--
To unsubscribe from this list: send the line "unsubscribe linux-arch" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Kernel]     [Kernel Newbies]     [x86 Platform Driver]     [Netdev]     [Linux Wireless]     [Netfilter]     [Bugtraq]     [Linux Filesystems]     [Yosemite Discussion]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Device Mapper]

  Powered by Linux