Re: [PATCH] video: constify geode ops structures
From: Kees Cook
Date: Mon Nov 09 2015 - 16:20:20 EST
On Sun, Nov 8, 2015 at 2:16 PM, Dan Carpenter <dan.carpenter@xxxxxxxxxx> wrote:
> Cool. So, in grsec they use a GCC plugin to make these const
> automatically since they only contain function pointers. There about
> 100 struct types marked as __no_const. Kees would like to adopt the
> grsec pluggin approach I expect. Do you have an idea how many structs
> only contain function pointers or how many consts we would have to add
> to get the same effect without the plugin?
Just to remind everyone: while we certainly want to clean these up in
the code where possible, we still want to make the constification
plugin part of the regular builds. We want to provide a
secure-by-default build, even when vendors are adding their own
out-of-tree code when producing Linux-based products. So, we'll always
want to have the plugin as a back-stop for out-of-tree code, or places
where const was accidentally missed upstream.
-Kees
>
> regards,
> dan carpenter
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
--
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/