| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <07bfc0b4676d07274acdcdf38752f73573938382.camel@perches.com>
Date: Tue, 11 Jul 2023 05:31:14 -0700
From: Joe Perches <joe@...ches.com>
To: Dan Carpenter <dan.carpenter@...aro.org>,
Thorsten Leemhuis <linux@...mhuis.info>,
Andy Whitcroft <apw@...onical.com>,
Dwaipayan Ray <dwaipayanray1@...il.com>,
Lukas Bulwahn <lukas.bulwahn@...il.com>,
linux-kernel@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Arnd Bergmann <arnd@...db.de>,
Kees Cook <keescook@...omium.org>,
Sasha Levin <sashal@...nel.org>,
Tom Gall <tom.gall@...aro.org>, kernel-janitors@...r.kernel.org
Subject: Re: [PATCH v3] checkpatch: check for missing Fixes tags
On Tue, 2023-07-11 at 10:44 +0300, Dan Carpenter wrote:
> This check looks for common words that probably indicate a patch
> is a fix. For now the regex is:
>
> (?:(?:BUG: K.|UB)SAN: |Call Trace:|stable\@|syzkaller)/)
>
> Why are stable patches encouraged to have a fixes tag? Some people mark
> their stable patches as "# 5.10" etc. This is useful but a Fixes tag is
> still a good idea. For example, the Fixes tag helps in review. It
> helps people to not cherry-pick buggy patches without also
> cherry-picking the fix.
>
> Also if a bug affects the 5.7 kernel some people will round it up to
> 5.10+ because 5.7 is not supported on kernel.org. It's possible the Bad
> Binder bug was caused by this sort of gap where companies outside of
> kernel.org are supporting different kernels from kernel.org.
>
> Should it be counted as a Fix when a patch just silences harmless
> WARN_ON() stack trace. Yes. Definitely.
>
> Is silencing compiler warnings a fix? It seems unfair to the original
> authors, but we use -Werror now, and warnings break the build so let's
> just add Fixes tags. I tell people that silencing static checker
> warnings is not a fix but the rules on this vary by subsystem.
>
> Is fixing a minor LTP issue (Linux Test Project) a fix? Probably? It's
> hard to know what to do if the LTP test has technically always been
> broken.
>
> One clear false positive from this check is when someone updated their
> debug output and included before and after Call Traces. Or when crashes
> are introduced deliberately for testing. In those cases, you should
> just ignore checkpatch.
>
> Signed-off-by: Dan Carpenter <dan.carpenter@...aro.org>
> ---
> v3: Add UBSAN to the regex as Kees suggested.
>
> v2: I fixed the formatting issues Joe pointed out.
But just added another.
> diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
[]
> @@ -3186,6 +3193,16 @@ sub process {
> }
> }
>
> +# These indicate a bug fix
> + if (!$in_header_lines && !$is_patch &&
> + $line =~ /^This reverts commit/) {
> + $is_revert = 1;
> + }
> +
> + if (!$in_header_lines && !$is_patch &&
> + $line =~ /(?:(?:BUG: K.|UB)SAN: |Call Trace:|stable\@|syzkaller)/) {
align to open parenthesis please
Powered by blists - more mailing lists