On 10.09.2024 10:18, Nicola Vetrini wrote: > On 2024-09-10 08:26, Jan Beulich wrote: >> On 10.09.2024 06:46, Stefano Stabellini wrote: >>> On Mon, 9 Sep 2024, Jan Beulich wrote: >>>> On 07.09.2024 15:03, Nicola Vetrini wrote: >>>>> + * - R18.2 >>>>> + - Subtraction between pointers encapsulated by macro >>>>> page_to_mfn >>>>> + are safe. >>>>> + - Tagged as `safe` for ECLAIR. >>>> >>>> This one is a result of using frame_table[], aiui. Alternative >>>> approaches >>>> were discussed before. Did that not lead anywhere, requiring a purely >>>> textual / configurational deviation? >>> >>> During the last MISRA discussion we agree that this was an acceptable >>> approach. What else did you have in mind? >> >> One was to have the linker scripts provide the symbol. I think there >> were >> one or two more, yet I - perhaps wrongly - haven't been taking notes >> ... >> > > One thing I'm fairly sure has been suggested for symbols that were not > linker-defined is the following mitigation: > > gcc -fsanitize=address,pointer-subtract > ASAN_OPTIONS=detect_invalid_pointer_pairs=2 ./a.out
ASAN in general was mentioned in the discussion, yet it didn't look like anyone would be up to actually making ASAN usable with Xen. Iirc Andrew estimated the effort to a man-year. Jan
