lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <1512682043.1845.10.camel@perches.com>
Date:   Thu, 07 Dec 2017 13:27:23 -0800
From:   Joe Perches <joe@...ches.com>
To:     "Tobin C. Harding" <me@...in.cc>
Cc:     Andy Whitcroft <apw@...onical.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 3/3] checkpatch: warn for use of %px

On Fri, 2017-12-08 at 08:15 +1100, Tobin C. Harding wrote:
> On Fri, Dec 08, 2017 at 08:06:53AM +1100, Tobin C. Harding wrote:
> > On Wed, Dec 06, 2017 at 02:37:08PM +1100, Tobin C. Harding wrote:
> > > Usage of the new %px specifier potentially leaks sensitive
> > > inforamtion. Printing kernel addresses exposes the kernel layout in
> > > memory, this is potentially exploitable. We have tools in the kernel to
> > > help us do the right thing. We can have checkpatch warn developers of
> > > potential dangers of using %px.
> > > 
> > > Have checkpatch emit a warning for usage of specifier %px.
> > > 
> > > Signed-off-by: Tobin C. Harding <me@...in.cc>
> > > Co-developed-by: Joe Perches <joe@...ches.com>
> > 
> >   Co-Developed-by:
> > 
> > Woops.
> > 
> > Joe I didn't quite understand what you meant when you said that this
> > could go in via any tree. I'm still learning the whole kernel tree
> > management thing. Don't checkpatch patches go in via Andy's tree?
> > 
> > https://git.kernel.org/pub/scm/linux/kernel/git/apw/checkpatch.git/
> 
> Oh, I see that tree is not super active. If there are no NACK's do you
> want me to put this through my tree? Perhaps once the Co-Developed-by
> stuff is in an acceptable form we could put them all together? Please do
> say if I'm going about things wrong, here to learn.

No worries, you could push it through your tree.

btw:  Here's an attempt at the case-sensitive signature matching
---
 scripts/checkpatch.pl | 47 ++++++++++++++++++++++++------------------
-----
 1 file changed, 24 insertions(+), 23 deletions(-)

diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
index 6b130a4116fa..59e8d62e0eb0 100755
--- a/scripts/checkpatch.pl
+++ b/scripts/checkpatch.pl
@@ -461,16 +461,18 @@ our $logFunctions = qr{(?x:
 	seq_vprintf|seq_printf|seq_puts
 )};
 
-our $signature_tags = qr{(?xi:
-	Signed-off-by:|
-	Acked-by:|
-	Tested-by:|
-	Reviewed-by:|
-	Reported-by:|
-	Suggested-by:|
-	To:|
-	Cc:
-)};
+our @valid_signatures = (
+	"Signed-off-by:",
+	"Acked-by:",
+	"Tested-by:",
+	"Reviewed-by:",
+	"Reported-by:",
+	"Suggested-by:",
+	"Co-Developed-by:",
+	"To:",
+	"Cc:"
+);
+my $signature_tags = "(?x:" . join('|', @valid_signatures) . ")";
 
 our @typeListMisordered = (
 	qr{char\s+(?:un)?signed},
@@ -2467,35 +2469,34 @@ sub process {
 			my $sign_off = $2;
 			my $space_after = $3;
 			my $email = $4;
-			my $ucfirst_sign_off = ucfirst(lc($sign_off));
+			my $preferred_sign_off = ucfirst(lc($sign_off));
 
-			if ($sign_off !~ /$signature_tags/) {
+			if ($sign_off !~ /$signature_tags/i) {
 				WARN("BAD_SIGN_OFF",
 				     "Non-standard signature: $sign_off\n" . $herecurr);
-			}
-			if (defined $space_before && $space_before ne "") {
+			} elsif ($sign_off !~ /$signature_tags/) {
+				$preferred_sign_off = $valid_signatures[ grep { $valid_signatures[$_] eq $sign_off } 0..$#valid_signatures ];
 				if (WARN("BAD_SIGN_OFF",
-					 "Do not use whitespace before $ucfirst_sign_off\n" . $herecurr) &&
+					 "'$preferred_sign_off' is the preferred signature form\n" . $herecurr) &&
 				    $fix) {
-					$fixed[$fixlinenr] =
-					    "$ucfirst_sign_off $email";
+					$fixed[$fixlinenr] = "$preferred_sign_off $email";
 				}
 			}
-			if ($sign_off =~ /-by:$/i && $sign_off ne $ucfirst_sign_off) {
+			if (defined $space_before && $space_before ne "") {
 				if (WARN("BAD_SIGN_OFF",
-					 "'$ucfirst_sign_off' is the preferred signature form\n" . $herecurr) &&
+					 "Do not use whitespace before $preferred_sign_off\n" . $herecurr) &&
 				    $fix) {
 					$fixed[$fixlinenr] =
-					    "$ucfirst_sign_off $email";
+					    "$preferred_sign_off $email";
 				}
-
 			}
+
 			if (!defined $space_after || $space_after ne " ") {
 				if (WARN("BAD_SIGN_OFF",
-					 "Use a single space after $ucfirst_sign_off\n" . $herecurr) &&
+					 "Use a single space after $preferred_sign_off\n" . $herecurr) &&
 				    $fix) {
 					$fixed[$fixlinenr] =
-					    "$ucfirst_sign_off $email";
+					    "$preferred_sign_off $email";
 				}
 			}

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ