Re: [linux-next] automatic use of checkpatch.pl for security?

From: Kees Cook
Date: Tue Nov 09 2010 - 12:59:29 EST

Next message: Joe Perches: "[PATCH] fs/ext4/super.c: Use printf extension %pV"
Previous message: Greg KH: "Re: [GIT PULL] fixes for tidspbridge 2.6.37-rc1"
In reply to: David Daney: "Re: [linux-next] automatic use of checkpatch.pl for security?"
Next in thread: Lionel Debroux: "Re: [linux-next] automatic use of checkpatch.pl for security?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi David,

On Tue, Nov 09, 2010 at 09:44:30AM -0800, David Daney wrote:
> On 11/09/2010 09:33 AM, Kees Cook wrote:
> >In an effort to continue the constification work, it'd be nice to
> >not accidentally introduce regressions or add additional work. Since
> >checkpatch.pl already knows to warn about a lot of things including const
> >structures, it would be great to have all commits going through linux-next
> >(or something) have to pass at least a subset of checkpatch.pl's checks.
> >
> >For example, Lionel Debroux pointed out to me that looking at the last
> >1000 commits, there are a lot of warnings, including things like:
> >
> >WARNING: struct dma_map_ops should normally be const
> >#499: FILE: arch/mips/mm/dma-default.c:301:
> >+static struct dma_map_ops mips_default_dma_map_ops = {
> >
> >Can we add some kind of automatic checking to actually give checkpatch.pl
> >some real teeth for at least some of its checks?
> >
>
> Ok, did you actually try to make it const as suggested? If you had,
> you would have found that there are declarations throughout the code
> base that conflict with checkpatch.pl's suggestion.
>
> There are several things we could do:
>
> 1) Force people to clean up the entire kernel tree before making
> trivial changes that checkpatch.pl might complain about.
>
> 2) Change checkpatch.pl so that it doesn't complain about this.
>
> 3) Make reasonable changes and ignore the checkpatch.pl warning.
>
>
> In that specific case you cite, #3 was chosen.

Right, I don't want to suggest unreasonable changes; I want to try and
start a discussion about what might make a good addition to help avoid
obvious problems. (The chosen example was, perhaps, not a good one.)

> If you gate admission to linux-next with some sort of automated
> check like this, I fear the wrath of the disgruntled masses may fall
> upon you.

But it seems like it might be nice to do at least something there?

-Kees

--
Kees Cook
Ubuntu Security Team
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Joe Perches: "[PATCH] fs/ext4/super.c: Use printf extension %pV"
Previous message: Greg KH: "Re: [GIT PULL] fixes for tidspbridge 2.6.37-rc1"
In reply to: David Daney: "Re: [linux-next] automatic use of checkpatch.pl for security?"
Next in thread: Lionel Debroux: "Re: [linux-next] automatic use of checkpatch.pl for security?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]