From: Sabrina Dubroca <s...@queasysnail.net> Date: Sat, 3 Dec 2016 01:33:26 +0100
> I'd like to try something based on static analysis. We'd need a way to > tag cached pointers to skb->data (via ip_hdr() or whatever), and > propagate the notion that pskb_expand_head() makes these cached > pointers stale through layers of function calls. I don't know how > feasible this is with the tools we have. Perhaps create helpers that have some special attribute attached to them like "skb_volatile" or whatever. ip_hdr() et al would go through them. Then the static analysis tool is told that pskb_expand_head() "kills" all skb_volatile obtained values, and it could basically mark all such variables as uninitialized.
