Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 12 Oct 2018 02:52:53 +0800
From: Carter Cheng <>
Subject: Re: link time analysis for the kernel.

Thanks for the detailed reply. I actually am exploring whether it's
feasible perhaps in the coming months for me to look at implementing some
kind of automatic solution to the memory safety issue. I posted about this
briefly before earlier this month on the mailing list. I am currently
reviewing the relevant papers I have found and doing some exploratory
thinking about the problem.

On Fri, Oct 12, 2018 at 12:59 AM Kees Cook <> wrote:

> On Thu, Oct 11, 2018 at 9:38 AM, Carter Cheng <>
> wrote:
> > There are some detaills about the current procedures for linking the
> kernel
> > that I am unfamiliar with. My understanding is that GCC and Clang both
> have
> > the ability to do link time analysis and transforms on code but is it
> > possible to write link time passes that will run on the kernel since the
> > linking phase is a bit different (i.e. doesnt produce an ELF file)?
> I think you'd need to build with LTO for this to work. I'm not sure
> what the state of gcc and LTO against the kernel is right now, but it
> works under Clang[0] with some patches[1].
> For gcc, once you get LTO working, I assume you'd want to write a
> linker plugin[2].
> >
> > Are there other tools that are used for the purpose of analysing the
> kernel
> > and patching it? I have encountered a tool called Coccinelle but I am
> > uncertain if CTL can be used to simulate the analysis I would need for
> > adding and eliding runtime checks on various pointer operations.
> Coccinelle isn't a linker, but rather a static analysis and semantic
> patching tool. It's possible it might be able to do what you need,
> though. What are you working on, specifically?
> > I assume from previous discussions that the gcc would be best since clang
> > still doesn't correctly compile the kernel without patches.
> Building the kernel for arm64 works well with Clang. Doing x86 builds
> requires a little more work, but that should be solved soon only
> asm-goto support lands (it's under development now...)
> -Kees
> [0]
> [1]
> [2]
> --
> Kees Cook
> Pixel Security

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.