lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 22 Nov 2020 10:23:28 -0800
From:   Joe Perches <joe@...ches.com>
To:     James Bottomley <James.Bottomley@...senPartnership.com>,
        Tom Rix <trix@...hat.com>, Matthew Wilcox <willy@...radead.org>
Cc:     clang-built-linux@...glegroups.com, linux-hyperv@...r.kernel.org,
        linux-kernel@...r.kernel.org, xen-devel@...ts.xenproject.org,
        tboot-devel@...ts.sourceforge.net, kvm@...r.kernel.org,
        linux-crypto@...r.kernel.org, linux-acpi@...r.kernel.org,
        devel@...ica.org, amd-gfx@...ts.freedesktop.org,
        dri-devel@...ts.freedesktop.org, intel-gfx@...ts.freedesktop.org,
        netdev@...r.kernel.org, linux-media@...r.kernel.org,
        MPT-FusionLinux.pdl@...adcom.com, linux-scsi@...r.kernel.org,
        linux-wireless@...r.kernel.org,
        ibm-acpi-devel@...ts.sourceforge.net,
        platform-driver-x86@...r.kernel.org, linux-usb@...r.kernel.org,
        linux-omap@...r.kernel.org, linux-fbdev@...r.kernel.org,
        ecryptfs@...r.kernel.org, linux-fsdevel@...r.kernel.org,
        cluster-devel@...hat.com, linux-mtd@...ts.infradead.org,
        keyrings@...r.kernel.org, netfilter-devel@...r.kernel.org,
        coreteam@...filter.org, alsa-devel@...a-project.org,
        bpf@...r.kernel.org, linux-bluetooth@...r.kernel.org,
        linux-nfs@...r.kernel.org, patches@...nsource.cirrus.com
Subject: Re: [RFC] MAINTAINERS tag for cleanup robot

On Sun, 2020-11-22 at 08:49 -0800, James Bottomley wrote:
> We can enforce sysfs_emit going forwards
> using tools like checkpatch

It's not really possible for checkpatch to find or warn about
sysfs uses of sprintf. checkpatch is really just a trivial
line-by-line parser and it has no concept of code intent.

It just can't warn on every use of the sprintf family.
There are just too many perfectly valid uses.

> but there's no benefit and a lot of harm to
> be done by trying to churn the entire tree

Single uses of sprintf for sysfs is not really any problem.

But likely there are still several possible overrun sprintf/snprintf
paths in sysfs.  Some of them are very obscure and unlikely to be
found by a robot as the logic for sysfs buf uses can be fairly twisty.

But provably correct conversions IMO _should_ be done and IMO churn
considerations should generally have less importance.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ