lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <a38e45d210f07e47bfde70e366d23f9755290d25.camel@perches.com>
Date: Mon, 10 Jun 2024 08:10:06 -0700
From: Joe Perches <joe@...ches.com>
To: Dan Carpenter <dan.carpenter@...aro.org>, Andrew Morton
	 <akpm@...ux-foundation.org>
Cc: Thorsten Leemhuis <linux@...mhuis.info>, Andy Whitcroft
 <apw@...onical.com>,  Dwaipayan Ray <dwaipayanray1@...il.com>, Lukas
 Bulwahn <lukas.bulwahn@...il.com>,  linux-kernel@...r.kernel.org, Greg
 Kroah-Hartman <gregkh@...uxfoundation.org>,  Arnd Bergmann <arnd@...db.de>,
 Kees Cook <keescook@...omium.org>, Sasha Levin <sashal@...nel.org>, Tom
 Gall <tom.gall@...aro.org>,  kernel-janitors@...r.kernel.org
Subject: Re: [PATCH v4 RESEND] checkpatch: check for missing Fixes tags

On Mon, 2024-06-10 at 14:13 +0300, Dan Carpenter wrote:
> This check looks for common words that probably indicate a patch
> is a fix.  For now the regex is:
> 
> 	(?:(?:BUG: K.|UB)SAN: |Call Trace:|stable\@|syzkaller)/)
> 
> Why are stable patches encouraged to have a fixes tag?  Some people mark
> their stable patches as "# 5.10" etc.  This is useful but a Fixes tag is
> still a good idea.  For example, the Fixes tag helps in review.  It
> helps people to not cherry-pick buggy patches without also
> cherry-picking the fix.
> 
> Also if a bug affects the 5.7 kernel some people will round it up to
> 5.10+ because 5.7 is not supported on kernel.org.  It's possible the Bad
> Binder bug was caused by this sort of gap where companies outside of
> kernel.org are supporting different kernels from kernel.org.
> 
> Should it be counted as a Fix when a patch just silences harmless
> WARN_ON() stack trace.  Yes.  Definitely.
> 
> Is silencing compiler warnings a fix?  It seems unfair to the original
> authors, but we use -Werror now, and warnings break the build so let's
> just add Fixes tags.  I tell people that silencing static checker
> warnings is not a fix but the rules on this vary by subsystem.
> 
> Is fixing a minor LTP issue (Linux Test Project) a fix?  Probably?  It's
> hard to know what to do if the LTP test has technically always been
> broken.
> 
> One clear false positive from this check is when someone updated their
> debug output and included before and after Call Traces.  Or when crashes
> are introduced deliberately for testing.  In those cases, you should
> just ignore checkpatch.
[]
> diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
[]
> +# These indicate a bug fix
> +		if (!$in_header_lines && !$is_patch &&
> +			$line =~ /^This reverts commit/) {
> +			$is_revert = 1;
> +		}
> +
> +		if (!$in_header_lines && !$is_patch &&
> +		    $line =~ /(?:(?:BUG: K.|UB)SAN: |Call Trace:|stable\@|syzkaller)/) {
> +			$needs_fixes_tag = 1;

Maybe use
		    $line =~ /((?:(?:BUG: K.|UB)SAN: |Call Trace:|stable\@|syzkaller))/) {
			$needs_fixes_tag = $1;

> @@ -7697,6 +7715,12 @@ sub process {
>  		ERROR("NOT_UNIFIED_DIFF",
>  		      "Does not appear to be a unified-diff format patch\n");
>  	}
> +	if ($is_patch && $has_commit_log && $chk_fixes_tag) {
> +		if ($needs_fixes_tag && !$is_revert && !$fixes_tag) {

and

+		if ($needs_fixes_tag ne "" && !$is_revert && !$fixes_tag) {

> +			WARN("MISSING_FIXES_TAG",
> +			     "This looks like a fix but there is no Fixes: tag\n");

and

			     "The commit message has '$needs_fixes_tag', perhaps it also needs a 'Fixes:' tag?\n");


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ