lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <b22e3c64fde74876acacdee701a46223@infineon.com>
Date:   Tue, 17 Oct 2017 15:22:22 +0000
From:   <Alexander.Steffen@...ineon.com>
To:     <zohar@...ux.vnet.ibm.com>
CC:     <linux-kernel@...r.kernel.org>, <kernel-janitors@...r.kernel.org>,
        <andriy.shevchenko@...ux.intel.com>,
        <elfring@...rs.sourceforge.net>, <linux-integrity@...r.kernel.org>,
        <linuxppc-dev@...ts.ozlabs.org>, <benh@...nel.crashing.org>,
        <clabbe.montjoie@...il.com>, <jarkko.sakkinen@...ux.intel.com>,
        <jgunthorpe@...idianresearch.com>, <jsnitsel@...hat.com>,
        <kgold@...ux.vnet.ibm.com>, <mpe@...erman.id.au>,
        <nayna@...ux.vnet.ibm.com>, <paulus@...ba.org>,
        <PeterHuewe@....de>, <stefanb@...ux.vnet.ibm.com>
Subject: RE: [PATCH 3/4] char/tpm: Improve a size determination in nine
 functions

> On Tue, 2017-10-17 at 11:50 +0000, Alexander.Steffen@...ineon.com
> wrote:
> > > > Replace the specification of data structures by pointer dereferences
> > > > as the parameter for the operator "sizeof" to make the corresponding
> > > > size
> > > > determination a bit safer according to the Linux coding style
> > > > convention.
> > >
> > >
> > > This patch does one style in favor of the other.
> >
> > I actually prefer that style, so I'd welcome this change :)
> 
> Style changes should be reviewed and documented, like any other code
> change, and added to Documentation/process/coding-style.rst or an
> equivalent file.
> 
> > > At the end it's Jarkko's call, though I would NAK this as I think some
> > > one already told this to you for some other similar patch(es).
> > >
> > >
> > > I even would suggest to stop doing this noisy stuff, which keeps people
> > > busy for nothing.
> >
> > Cleaning up old code is also worth something, even if does not
> > change one bit in the assembly output in the end...
> 
> Wow, you're opening the door really wide for all sorts of trivial
> changes!  Hope you have the time and inclination to review and comment
> on all of them.  I certainly don't.

Well, isn't the point of trivial changes that they are trivial to review? :) For things like that there is probably not even a need to run a test, though with sufficient automation that should not be a problem either.

> There is a major difference between adding these sorts of checks to
> the tools in the scripts directory or even to the zero day bots that
> catch different sorts of errors, BEFORE code is upstreamed, and
> patches like these, after the fact.

Catching those things early in the process is certainly preferable. But at some point you need to fix the existing code, or you'll end up with a mashup of different styles, just because you did not want to touch old code.

> After the code has been upstreamed, it is a lot more difficult to
> justify changes like this.  It impacts both code that is being
> developed AND backporting bug fixes.

Backporting could be an argument, but even that should not be allowed to block improvements indefinitely. I'd prefer a world in which the current code is nice and clean and easy to maintain, to a world where we never touch old code unless it is proven to be wrong.

But looking at the code in question, I cannot see how this should ever be a serious problem. Even when backporting a change takes now ten minutes instead of five, which means it is twice as hard, it is still not difficult.

Alexander

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ