lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20240725094803.vvq7nvgjaupu5vjg@quack3>
Date: Thu, 25 Jul 2024 11:48:03 +0200
From: Jan Kara <jack@...e.cz>
To: Julian Sun <sunjunchao2870@...il.com>
Cc: Jan Kara <jack@...e.cz>, linux-wireless@...r.kernel.org,
	linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
	linux-kbuild@...r.kernel.org, brauner@...nel.org,
	viro@...iv.linux.org.uk, masahiroy@...nel.org,
	akpm@...ux-foundation.org, n.schier@....de, ojeda@...nel.org,
	djwong@...nel.org, kvalo@...nel.org
Subject: Re: [PATCH] scripts: reduce false positives in the macro_checker
 script.

On Thu 25-07-24 05:15:34, Julian Sun wrote:
> Jan Kara <jack@...e.cz> 于2024年7月25日周四 04:52写道:
> >
> > On Thu 25-07-24 03:58:30, Julian Sun wrote:
> > > Reduce false positives in the macro_checker
> > > in the following scenarios:
> > >   1. Conditional compilation
> > >   2. Macro definitions with only a single character
> > >   3. Macro definitions as (0) and (1)
> > >
> > > Before this patch:
> > >       sjc@sjc:linux$ ./scripts/macro_checker.py  fs | wc -l
> > >       99
> > >
> > > After this patch:
> > >       sjc@sjc:linux$ ./scripts/macro_checker.py  fs | wc -l
> > >       11
> > >
> > > Most of the current warnings are valid now.
> > >
> > > Signed-off-by: Julian Sun <sunjunchao2870@...il.com>
> > ...
> > >  def file_check_macro(file_path, report):
> > > +    # number of conditional compiling
> > > +    cond_compile = 0
> > >      # only check .c and .h file
> > >      if not file_path.endswith(".c") and not file_path.endswith(".h"):
> > >          return
> > > @@ -57,7 +72,14 @@ def file_check_macro(file_path, report):
> > >          while True:
> > >              line = f.readline()
> > >              if not line:
> > > -                return
> > > +                break
> > > +            line = line.strip()
> > > +            if line.startswith(cond_compile_mark):
> > > +                cond_compile += 1
> > > +                continue
> > > +            if line.startswith(cond_compile_end):
> > > +                cond_compile -= 1
> > > +                continue
> > >
> > >              macro = re.match(macro_pattern, line)
> > >              if macro:
> > > @@ -67,6 +89,11 @@ def file_check_macro(file_path, report):
> > >                      macro = macro.strip()
> > >                      macro += f.readline()
> > >                      macro = macro_strip(macro)
> > > +                if file_path.endswith(".c")  and cond_compile != 0:
> > > +                    continue
> > > +                # 1 is for #ifdef xxx at the beginning of the header file
> > > +                if file_path.endswith(".h") and cond_compile != 1:
> > > +                    continue
> > >                  check_macro(macro, report)
> > >
> > >  def get_correct_macros(path):
> >
> >
> > > So I don't think this is right. As far as I understand this skips any macros
> > > that are conditionally defined? Why? There is a lot of them and checking
> > > them is beneficial... The patterns you have added should be dealing with
> > > most of the conditional defines anyway.
> Yes, this skips all checks for conditional macro. This is because I
> observed that almost all false positives come from conditional
> compilation. Testing showed that skipping them does not cause the
> genuine warnings to disappear.
> Also as you said, it may still lead to skipping checks for genuinely
> problematic macro definitions. Perhaps we could provide an option that
> allows users to control whether or not to check macros under
> conditional compilation?

Yes, that could be useful.

								Honza
-- 
Jan Kara <jack@...e.com>
SUSE Labs, CR

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ