| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 10 Feb 2017 15:49:31 -0800
From: Joe Perches <joe@...ches.com>
To: "Roberts, William C" <william.c.roberts@...el.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"apw@...onical.com" <apw@...onical.com>,
Andew Morton <akpm@...ux-foundation.org>
Cc: "keescook@...omium.org" <keescook@...omium.org>,
"kernel-hardening@...ts.openwall.com"
<kernel-hardening@...ts.openwall.com>,
Julia Lawall <julia.lawall@...6.fr>,
Emese Revfy <re.emese@...il.com>
Subject: Re: [PATCH] checkpatch: add warning on %pk instead of %pK usage
(adding Emese Revfy and Julia Lawall)
On Fri, 2017-02-10 at 23:31 +0000, Roberts, William C wrote:
> The problem starts to get hairy when we think of how often folks roll their own logging macros (see some small sampling at the end).
>
> I think we would want to add DEBUG DBG and sn?printf and maybe consider dropping the \b on the regex so it's a bit more matchy but still shouldn't
> end up matching on any ASM as you pointed out in the V2 nack.
>
> Ill break this down into:
> 1. the patch as I know you'll take it, as you wrote it :-P
> 2. Adding to the logging macros
> 3. exploring making it less matchy
checkpatch is a line-oriented bunch of regexes
and doesn't know what is a __printf format.
It won't ever be "perfect" for this sort of
format verification checking.
Another way to do this is to write a gcc compiler
plugin that verifies the %p<foo> format types and
emits a warning/error.
That's probably the "best" solution.
Maybe coccinelle could help too.
Powered by blists - more mailing lists