lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1512487638.6321.80.camel@perches.com>
Date:   Tue, 05 Dec 2017 07:27:18 -0800
From:   Joe Perches <joe@...ches.com>
To:     "Tobin C. Harding" <me@...in.cc>
Cc:     Andrew Morton <akpm@...ux-foundation.org>,
        Andy Whitcroft <apw@...onical.com>,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] checkpatch: warn for use of %px

On Tue, 2017-12-05 at 20:44 +1100, Tobin C. Harding wrote:
> On Mon, Dec 04, 2017 at 11:24:24PM -0800, Joe Perches wrote:
> > On Tue, 2017-12-05 at 08:17 +1100, Tobin C. Harding wrote:
> > > Usage of the new %px specifier potentially leaks sensitive
> > > inforamtion. Printing kernel addresses exposes the kernel layout in
> > 
> > information

> I don't understand this comment? Do you mean the wording is wrong?
> I'll re-word as suggested below.

It's just a spelling typo correction.

[]
> > > Suggested-by: Andrew Morton <akpm@...ux-foundation.org>
> > > Signed-off-by: Tobin C. Harding <me@...in.cc>
> > > Co-Developed-by: Joe Perches <joe@...ches.com>
> > > Are you happy with this tagging? Needs your signed-off-by still.

I think signatures tags are pretty freeform and
I'm not particularly concerned about them.

I think Andrew Morton may object and change it
or remove it.  Have an:

Acked-by: Joe Perches <joe@...ches.com>

if the spellos and style bits are changed.

> > > diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
> > 
> > []
> > > @@ -1612,6 +1612,17 @@ sub raw_line {
> > >  	return $line;
> > >  }
> > >  
> > > +sub stat_real {
> > > +	my ($linenr, $lc) = @_;
> > > +
> > > +	my $stat_real = raw_line($linenr, 0);
> > > +	for (my $count = $linenr + 1; $count <= $lc; $count++) {
> > > +		$stat_real = $stat_real . "\n" . raw_line($count, 0);
> > > +	}
> > > +
> > > +	return $stat_real;
> > > +}
> > 
> > If you are going to make a subroutine of this
> > there are some other places it could be used too.
>
> Ok, I'm not super happy with sub routine name. Have you a better suggestion?

Maybe get_stat_real?

> > > +
> > >  sub cat_vet {
> > >  	my ($vet) = @_;
> > >  	my ($res, $coded);
> > > @@ -5747,24 +5758,35 @@ sub process {
> > >  		    defined $stat &&
> > >  		    $stat =~ /^\+(?![^\{]*\{\s*).*\b(\w+)\s*\(.*$String\s*,/s &&
> > >  		    $1 !~ /^_*volatile_*$/) {
> > > -			my $bad_extension = "";
> > > +			my ($specifier, $extension, $stat_real);
> > 
> > My preference is not to define multiple variables on a single line.
> > I'd rather have:
> > 			my $specifier;
> > 			my $extension;
> > 			my $stat_real;
> 
> No problem, is this a kernel wide thing or just a checkpatch thing (so I
> can follow your lead if need be in leaking_addresses.pl). Or is it the
> same as we do in C, in which case $extension and $specifier could be on
> a single line but not $stat_real?

It's a personal preference.

Perl can have pretty cryptic constructs and I prefer
reading it like C.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ