lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 24 Jul 2019 20:07:07 -0700
From:   Andrew Morton <akpm@...ux-foundation.org>
To:     Matteo Croce <mcroce@...hat.com>
Cc:     Joe Perches <joe@...ches.com>, LKML <linux-kernel@...r.kernel.org>,
        Andy Whitcroft <apw@...onical.com>
Subject: Re: [PATCH v2] checkpatch.pl: warn on invalid commit id

On Thu, 11 Jul 2019 02:16:40 +0200 Matteo Croce <mcroce@...hat.com> wrote:

> It can happen that a commit message refers to an invalid commit id, because
> the referenced hash changed following a rebase, or simply by mistake.
> Add a check in checkpatch.pl which checks that an hash referenced by
> a Fixes tag, or just cited in the commit message, is a valid commit id.
> 
>     $ scripts/checkpatch.pl <<'EOF'
>     Subject: [PATCH] test commit
> 
>     Sample test commit to test checkpatch.pl
>     Commit 1da177e4c3f4 ("Linux-2.6.12-rc2") really exists,
>     commit 0bba044c4ce7 ("tree") is valid but not a commit,
>     while commit b4cc0b1c0cca ("unknown") is invalid.
> 
>     Fixes: f0cacc14cade ("unknown")
>     Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
>     EOF
>     WARNING: Unknown commit id '0bba044c4ce7', maybe rebased or not pulled?
>     #8:
>     commit 0bba044c4ce7 ("tree") is valid but not a commit,
> 
>     WARNING: Unknown commit id 'b4cc0b1c0cca', maybe rebased or not pulled?
>     #9:
>     while commit b4cc0b1c0cca ("unknown") is invalid.
> 
>     WARNING: Unknown commit id 'f0cacc14cade', maybe rebased or not pulled?
>     #11:
>     Fixes: f0cacc14cade ("unknown")
> 
>     total: 0 errors, 3 warnings, 4 lines checked
> 
> ...
>
> --- a/scripts/checkpatch.pl
> +++ b/scripts/checkpatch.pl
> @@ -2898,6 +2898,17 @@ sub process {
>  			}
>  		}
>  
> +# check for invalid commit id
> +		if ($in_commit_log && $line =~ /(^fixes:|\bcommit)\s+([0-9a-f]{6,40})\b/i) {
> +			my $id;
> +			my $description;
> +			($id, $description) = git_commit_info($2, undef, undef);
> +			if (!defined($id)) {
> +				WARN("UNKNOWN_COMMIT_ID",
> +				     "Unknown commit id '$2', maybe rebased or not pulled?\n" . $herecurr);
> +			}
> +		}
> +

What does it do if we're not operating in a git directory? For example,
I work in /usr/src/25 and my git repo is in ../git26.

Also, what happens relatively often is that someone quotes a linux-next
or long-term-stable hash.  If the user has those trees in the git repo,
I assume they won't be informed of the inappropriate hash?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ