| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 10 Feb 2017 22:26:34 +0000
From: "Roberts, William C" <william.c.roberts@...el.com>
To: "Roberts, William C" <william.c.roberts@...el.com>,
Joe Perches <joe@...ches.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"apw@...onical.com" <apw@...onical.com>,
Andew Morton <akpm@...ux-foundation.org>
CC: "keescook@...omium.org" <keescook@...omium.org>,
"kernel-hardening@...ts.openwall.com"
<kernel-hardening@...ts.openwall.com>
Subject: RE: [PATCH] checkpatch: add warning on %pk instead of %pK usage
<snip>
> >
> > On Fri, 2017-02-10 at 11:37 -0800, william.c.roberts@...el.com wrote:
> > > From: William Roberts <william.c.roberts@...el.com>
> > >
> > > Sample output:
> > > WARNING: %pk is close to %pK, did you mean %pK?.
> > > \#20: FILE: drivers/char/applicom.c:230:
> > > + printk(KERN_INFO "Could not allocate IRQ %d for PCI
> > Applicom
> > > +device. %pk\n", dev->irq, pci_get_class);
> >
> > There isn't a single instance of this in the kernel tree.
> >
> > Maybe if this is really useful, then all the %p<foo> extensions should
> > be enumerated and all unknown uses should have warnings.
>
> I was thinking of doing that, but I figured I would start with the bare minimum
> patch.
>
> >
> > Something like:
> >
> > ---
> > scripts/checkpatch.pl | 9 +++++++++
> > 1 file changed, 9 insertions(+)
> >
> > diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl index
> > ad5ea5c545b2..8a90b457e8b5 100755
> > --- a/scripts/checkpatch.pl
> > +++ b/scripts/checkpatch.pl
> > @@ -5305,6 +5305,15 @@ sub process {
> > }
> > }
> >
> > +# check for vsprintf extension %p<foo> misuses
> > + if ($line =~ /\b$logFunctions\s*\(.*$String/) {
I don't see the normal string formatting routines in that list... I think this is too restrictive.
> > + my $format = get_quoted_string($line, $rawline);
Ahh thanks for that get_quoted_string().
> > + if ($format =~
> > /(\%[\*\d\.]*p(?![\WFfSsBKRraEhMmIiUDdgVCbGN]).)/) {
> > + WARN("VSPRINTF_POINTER_EXTENSION",
> > + "Invalid vsprintf pointer extension '$1'\n" .
> > $herecurr);
I think I'll send out a V2 with this part of the addition. I like that, and your wording.
> > + }
> > + }
> > +
> > # check for logging continuations
> > if ($line =~ /\bprintk\s*\(\s*KERN_CONT\b|\bpr_cont\s*\(/) {
> > WARN("LOGGING_CONTINUATION",
I did a grep on some of the patters to see what it would match against
Powered by blists - more mailing lists