Andrea Zuccherelli: > Hi, was looking for the grsec repository too. > Only found this for constify_plugin.c: > > http://www.grsecurity.net/~ephox/const_plugin/constify_plugin.c
Thank you. I've tried by myself, and found '-fplugin-arg-constify_plugin-no-constify' switch works expectedly. I got http://www.grsecurity.net/~ephox/const_plugin/test.c too, and slightly modfied as a.c. $ gcc -fplugin=./constify_plugin.so a.c a.c: In function 'main': a.c:30:2: error: assignment of read-only variable 'b' a.c:32:2: error: assignment of member 'foo' in read-only object $ gcc -fplugin=./constify_plugin.so -fplugin-arg-constify_plugin-no-constify a.c $ <-- no messages $ cat a.c #define NULL (void *)0 struct ops3 { void (* foo1)(void); void (* foo)(void); void (* foo2)(void); void (* foo3)(void); } __attribute((no_const)); struct ops { void (* foo1)(void); void (* foo)(void); void (* foo2)(void); void (* foo3)(void); }; #if 1 struct { const struct ops3 *ops3; const struct ops *ops; } no; #endif struct ops3 a, aa; struct ops b, bb; int main() { a = aa; b = bb; a.foo2 = NULL; b.foo = NULL; return 0; } $ gcc --version gcc (Debian 4.6.2-9) 4.6.2 Copyright (C) 2011 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. I don't see "no_const attribute used on type that is not constified" message here, and I don't know why you got it. If the grsec patch modifies the declaration of "struct fsnotify_ops" as "const", then the message you got hfsnotify.c:208:2: error: assignment of read-only member 'br_hfsn_ops' might be correct, since - "struct au_branch" is not const. - the variable "br" is not const either. - the variable "br->br_hfsn_ops" is not declared as const either, but its type "struct fsnotify_ops" is handled as const. This is just my guess. If the constify_plugin handles - "struct au_branch" is const or - the variable "br" is const or - the variable "br->br_hfsn_ops" is declared as const then I am afraid there is something wrong in the constify_plugin. But this is not your case, right? So I'd suggest you to dive into these as next step. - Does the grsec patch (or someone else) modifies the declaration of "struct fsnotify_ops" as "const"? - Does gcc have another option not to produce "no_const attribute used ..."? J. R. Okajima ------------------------------------------------------------------------------ Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex infrastructure or vast IT resources to deliver seamless, secure access to virtual desktops. With this all-in-one solution, easily deploy virtual desktops for less than the cost of PCs and save 60% on VDI infrastructure costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
