Re: [PATCH v1 2/2] Mark functions with the __nocapture attribute
From: Rasmus Villemoes
Date: Tue Jun 28 2016 - 18:42:25 EST
On Tue, Jun 28 2016, "PaX Team" <pageexec@xxxxxxxxxxx> wrote:
> On 28 Jun 2016 at 22:50, Rasmus Villemoes wrote:
>
>> > +extern const char *kstrdup_const(const char *s, gfp_t gfp) __nocapture(1);
>>
>> OK, so this one is pretty dangerous, and probably wrong. If one does
>>
>> foo->bar = kstrdup_const(a-macro-that-might-be-a-string-literal)
>>
>> in an .init function, foo->bar will very likely become dangling.
>
> doesn't kstrdup_const omit the copy only for arguments that are stored in
> .rodata (which doesn't include .init.rodata* and other init sections)?
>
Ah, right. But that's a little subtle. Also, it kind of defeats the
purpose of kstrdup_const - but it's probably not actually called with a
string literal all that often.
In any case, I think there's still a problem with strchr() and friends.
Rasmus