lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <Z79S0Uzxx9VJM5tY@probook>
Date: Wed, 26 Feb 2025 17:43:45 +0000
From: J. Neuschäfer <j.ne@...teo.net>
To: Alan Stern <stern@...land.harvard.edu>
Cc: j.ne@...teo.net, Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	linux-usb@...r.kernel.org, usb-storage@...ts.one-eyed-alien.net,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 0/9] usb: storage: Mark various arrays as const

On Wed, Feb 26, 2025 at 12:02:02PM -0500, Alan Stern wrote:
> On Wed, Feb 26, 2025 at 03:17:22PM +0100, 'Jonathan Neuschäfer via B4 Relay' via USB Mass Storage on Linux wrote:
> > While reading code, I noticed that some arrays in USB mass storage
> > drivers are declared static but not const, even though they are not
> > modified. This patchset marks them const.
> > 
> > All patches were compile-tested.
> > 
> > Signed-off-by: Jonathan Neuschäfer <j.ne@...teo.net>
> > ---
> > Changes in v2:
> > - Add new patches 2-9
> > - Use consistent authorship information
> > - Link to v1: https://lore.kernel.org/r/20250225-misc-const-v1-1-121ff3b86437@posteo.net
> 
> The patches themselves look good, but I still think you should explain 
> in the patch descriptions why declaring these arrays const is worth 
> doing.
> 
> Merely saying _what_ you are doing isn't good enough.  We can tell what 
> a patch does just by reading it.  What we can't always tell is _why_ you 
> would want to do it.  That is what needs to be explained.
> 
> The explanation doesn't have to be terribly long or detailed, but you 
> should not omit it entirely.

Fair enough, I'll add such explanations to the patches.

Roughly, my motivations are:

 - Moving data to read-only memory can prevent unintended modifications
   and the hard-to-debug issue that might follow
 - Const makes it easier for human readers to know what to expect


Best regards

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ