lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20231023184411.73919423@kernel.org>
Date: Mon, 23 Oct 2023 18:44:11 -0700
From: Jakub Kicinski <kuba@...nel.org>
To: Philip Li <philip.li@...el.com>
Cc: "Nambiar, Amritha" <amritha.nambiar@...el.com>,
 <oe-kbuild-all@...ts.linux.dev>, kernel test robot <lkp@...el.com>,
 <netdev@...r.kernel.org>, <pabeni@...hat.com>
Subject: Re: [net-next PATCH v5 01/10] netdev-genl: spec: Extend netdev
 netlink spec in YAML for queue

On Tue, 24 Oct 2023 09:02:46 +0800 Philip Li wrote:
> > I understand and appreciate the effort. 
> > 
> > I think that false positive has about a 100x the negative effect of a
> > true positive. If more than 1% of checkpatch warnings are ignored, we
> > should *not* report them to the list. Currently in networking we fully
> > trust the build bot and as soon as a patch set gets a reply from you it
> > gets auto-dropped from our review queue.  
> 
> Thanks for the trust. Sorry I didn't notice the false checkpatch report leads
> to trouble. From below info, may i understand networking already runs own
> checkpatch? Also consider the checkpatch reports from bot still contains quite
> some false ones, probably we can pause the checkpatch reporting for network
> side if it doesn't add much value and causes trouble?

Yes, correct, we already run checkpatch --strict on all patches.

If you have the ability to selectively disable checkpatch for net/ and
drivers/net, and/or patches which CC netdev@...r, that'd be great!


FWIW we have a simple dashboard reporting which checks in our own
local build fail the most: https://netdev.bots.linux.dev/checks.html
Not sure if it's of any interest to you, but that's where I got the
false positive rate I mentioned previously.

> > And the maintainer is not very receptive to improvements for false
> > positives:
> > https://lore.kernel.org/all/20231013172739.1113964-1-kuba@kernel.org/  
> 
> I see. We got this pattern as well, what we do now is to maintain the pattern
> internally to avoid unnecessary reports (some are extracted below). I'm looking
> for publishing these patterns later, which may get more inputs to filter out
> unnecessary reports.
> 
> == part of low confidence patterns of checkpatch in bot ==

Interesting!

> __func__ should be used instead of gcc specific __FUNCTION__

This one I don't see failing often.

> line over 80 characters

This one happens a lot, yes.

> LINUX_VERSION_CODE should be avoided, code should be for the version to which it is merged

This is very rare upstream.

> Missing commit description - Add an appropriate one

Should be rare upstream..

> please write a help paragraph that fully describes the config symbol

This check I think is semi-broken in checkpatch.
Sometimes it just doesn't recognize the help even if symbol has it.
So yes, we see if false-positive as well.

> Possible repeated word: 'Google'

Yes! :)

> Possible unwrapped commit description \(prefer a maximum 75 chars per line\)

This one indeed has a lot of false positives. It should check if
*majority* of the commit message lines (excluding tags) are too long,
not any single line. Because one line can be a crash dump or a commit
reference, and be longer for legit reasons..

Every now and then I feel like we should fork checkpatch or start a new
tool which would report only high-confidence problems.

> > > But as you mentioned above, we will take furture care to the output
> > > of checkpatch to be conservative for the reporting.  
> > 
> > FWIW the most issues that "get through" in networking are issues 
> > in documentation (warnings for make htmldocs) :(  
> 
> Do you suggest that warnings for make htmldocs or kernel-doc warning when building
> with W=1 can be ignored and no need to send them to networking side?

No, no, the opposite! Documentation is one part we currently don't test,
even tho we should.

Do you run make htmldocs as part of kernel build bot? As you allude to -
W=1 checks kdoc already, and scripts/kernel-doc can be used to validate
headers even more easily. But to validate the ReST files under
Documentation/ one has to actually run make htmldocs (or perhaps some
other docs target), not just a normal build.

Powered by blists - more mailing lists