| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 17 Oct 2017 15:22:22 +0000
From: <Alexander.Steffen@...ineon.com>
To: <zohar@...ux.vnet.ibm.com>
CC: <linux-kernel@...r.kernel.org>, <kernel-janitors@...r.kernel.org>,
<andriy.shevchenko@...ux.intel.com>,
<elfring@...rs.sourceforge.net>, <linux-integrity@...r.kernel.org>,
<linuxppc-dev@...ts.ozlabs.org>, <benh@...nel.crashing.org>,
<clabbe.montjoie@...il.com>, <jarkko.sakkinen@...ux.intel.com>,
<jgunthorpe@...idianresearch.com>, <jsnitsel@...hat.com>,
<kgold@...ux.vnet.ibm.com>, <mpe@...erman.id.au>,
<nayna@...ux.vnet.ibm.com>, <paulus@...ba.org>,
<PeterHuewe@....de>, <stefanb@...ux.vnet.ibm.com>
Subject: RE: [PATCH 3/4] char/tpm: Improve a size determination in nine
functions
> On Tue, 2017-10-17 at 11:50 +0000, Alexander.Steffen@...ineon.com
> wrote:
> > > > Replace the specification of data structures by pointer dereferences
> > > > as the parameter for the operator "sizeof" to make the corresponding
> > > > size
> > > > determination a bit safer according to the Linux coding style
> > > > convention.
> > >
> > >
> > > This patch does one style in favor of the other.
> >
> > I actually prefer that style, so I'd welcome this change :)
>
> Style changes should be reviewed and documented, like any other code
> change, and added to Documentation/process/coding-style.rst or an
> equivalent file.
>
> > > At the end it's Jarkko's call, though I would NAK this as I think some
> > > one already told this to you for some other similar patch(es).
> > >
> > >
> > > I even would suggest to stop doing this noisy stuff, which keeps people
> > > busy for nothing.
> >
> > Cleaning up old code is also worth something, even if does not
> > change one bit in the assembly output in the end...
>
> Wow, you're opening the door really wide for all sorts of trivial
> changes! Hope you have the time and inclination to review and comment
> on all of them. I certainly don't.
Well, isn't the point of trivial changes that they are trivial to review? :) For things like that there is probably not even a need to run a test, though with sufficient automation that should not be a problem either.
> There is a major difference between adding these sorts of checks to
> the tools in the scripts directory or even to the zero day bots that
> catch different sorts of errors, BEFORE code is upstreamed, and
> patches like these, after the fact.
Catching those things early in the process is certainly preferable. But at some point you need to fix the existing code, or you'll end up with a mashup of different styles, just because you did not want to touch old code.
> After the code has been upstreamed, it is a lot more difficult to
> justify changes like this. It impacts both code that is being
> developed AND backporting bug fixes.
Backporting could be an argument, but even that should not be allowed to block improvements indefinitely. I'd prefer a world in which the current code is nice and clean and easy to maintain, to a world where we never touch old code unless it is proven to be wrong.
But looking at the code in question, I cannot see how this should ever be a serious problem. Even when backporting a change takes now ten minutes instead of five, which means it is twice as hard, it is still not difficult.
Alexander
Powered by blists - more mailing lists