lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <2025102124-punctuate-kilogram-da50@gregkh>
Date: Tue, 21 Oct 2025 18:46:45 +0200
From: Greg KH <gregkh@...uxfoundation.org>
To: Gabriele Paoloni <gpaoloni@...hat.com>
Cc: shuah@...nel.org, linux-kselftest@...r.kernel.org,
	linux-kernel@...r.kernel.org, corbet@....net,
	linux-doc@...r.kernel.org, linux-mm@...ck.org,
	safety-architecture@...ts.elisa.tech, acarmina@...hat.com,
	kstewart@...uxfoundation.org, chuckwolber@...il.com
Subject: Re: [RFC PATCH v2 0/3] Add testable code specifications

On Tue, Oct 21, 2025 at 11:42:24AM +0200, Gabriele Paoloni wrote:
> Hi Greg
> 
> On Tue, Oct 21, 2025 at 9:35 AM Greg KH <gregkh@...uxfoundation.org> wrote:
> >
> > On Wed, Sep 10, 2025 at 06:59:57PM +0200, Gabriele Paoloni wrote:
> > > [1] was an initial proposal defining testable code specifications for
> > > some functions in /drivers/char/mem.c.
> > > However a Guideline to write such specifications was missing and test
> > > cases tracing to such specifications were missing.
> > > This patchset represents a next step and is organised as follows:
> > > - patch 1/3 contains the Guideline for writing code specifications
> > > - patch 2/3 contains examples of code specfications defined for some
> > >   functions of drivers/char/mem.c
> > > - patch 3/3 contains examples of selftests that map to some code
> > >   specifications of patch 2/3
> > >
> > > [1] https://lore.kernel.org/all/20250821170419.70668-1-gpaoloni@redhat.com/
> >
> > "RFC" implies there is a request.  I don't see that here, am I missing
> > that?  Or is this "good to go" and want us to seriously consider
> > accepting this?
> 
> I assumed that an RFC (as in request for comments) that comes with proposed
> changes to upstream files would be interpreted as a request for feedbacks
> associated with the proposed changes (what is wrong or what is missing);
> next time I will communicate the request explicitly.
> 
> WRT this specific patchset, the intent is to introduce formalism in specifying
> code behavior (so that the same formalism can also be used to write and
> review test cases), so my high level asks would be:
> 
> 1) In the first part of patch 1/3 we explain why we are doing this and the high
> level goals. Do you agree with these? Are these clear?

No, and no.

I think this type of thing is, sadly, folly.  You are entering into a
path that never ends with no clear goal that you are conveying here to
us.

I might be totally wrong, but I fail to see what you want to have happen
in the end.

Every in-kernel api documented in a "formal" way like this?  Or a
subset?  If a subset, which ones specifically?  How many?  And who is
going to do that?  And who is going to maintain it?  And most
importantly, why is it needed at all?

For some reason Linux has succeeded in pretty much every place an
operating system is needed for cpus that it can run on (zephyr for those
others that it can not.)  So why are we suddenly now, after many
decades, requiring basic user/kernel stuff to be formally documented
like this?

In the past, when we have had "validating bodies" ask for stuff like
this, the solution is to provide it in a big thick book, outside of the
kernel, by the company that wishes to sell such a product to that
organization to justify the cost of doing that labor.  In every instance
that I know of, that book sits on a shelf and gathers dust, while Linux
is just updated over the years in those sites to new versions and the
book goes quickly out of date as no one really cares about it, except
it having been a check-box for a purchase order requirement.

That's business craziness, no need to get us involved in all of that.
Heck, look at the stuff around FIPS certification for more insanity.
That's a check-box that is required by organizations and then totally
ignored and never actually run at all by the user.  I feel this is much
the same.

So step back, and tell us exactly what files and functions and apis are
needed to be documented in this stilted and formal way, who exactly is
going to be doing all of that work, and why we should even consider
reviewing and accepting and most importantly, maintaining such a thing
for the next 40+ years.

> 2) In the rest of the patchset we introduce the formalism, we propose some
> specs (in patch 2) and associated selftests (in patch 3). Please let us know
> if there is something wrong, missing or to be improved.

I made many comments on patch 3, the most important one being that the
tests created do not seem to follow any of the standards we have for
Linux kernel tests for no documented reason.

The irony of submitting tests for formal specifications that do not
follow documented policies is rich :)

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ