On Mon, Nov 9, 2015 at 9:48 AM, Julia Lawall <julia.lawall@xxxxxxx> wrote: > On Mon, 9 Nov 2015, Emese Revfy wrote: > >> On Mon, 9 Nov 2015 14:50:47 +0000 (GMT) >> Julia Lawall <julia.lawall@xxxxxxx> wrote: >> > > Actually, it looks like Emese Revfy is going to merge the GCC plugin >> > > constify stuff sooner rather than later so maybe adding all these consts >> > > isn't going to be needed. >> > >> > Is there any advantage of const over the plugin? The consts are easy to >> > add. >> >> Hi, >> >> I think it's a very good advantage that the plugin constifies automatically >> without regular maintenance (e.g., generate patches with coccinelle, >> send patches to the maintainers every new kernel version). ;) >> But if it doesn't convince you, I did constification by hand (with a coccinelle >> script) some years ago. >> There are too many types that can be const and it took too long to prepare and >> get the maintainers to accept the patches. >> And it never ends as there are always new types that can be const. > > What happens if some structures cannot be made const because there is a > reassignment somewhere? Is there any feedback about the problem? AIUI, for now, we can't make those const (though I would be happy to be corrected). My hope would be to allow reassignment using something like PaX's kernel_open/kernel_close inlines to allow for temporary modification of read-only things (as part of the KERNEXEC feature). -Kees > > julia > >> >> > Does the plugin help for structures that have non-function fields? >> Yes, it does. See __do_const here: >> http://www.openwall.com/lists/kernel-hardening/2015/11/06/11 >> or more about the constify plugin: >> https://pax.grsecurity.net/docs/PaXTeam-H2HC13-PaX-gcc-plugins.pdf >> >> -- >> Emese >> -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
