Re: [PATCH] Replace HTTP links with HTTPS ones: BPF (Safe dynamic programs and tools)

From: Alexander A. Klimov
Date: Fri Jul 03 2020 - 02:39:06 EST




Am 03.07.20 um 00:08 schrieb Alexei Starovoitov:
On Thu, Jul 2, 2020 at 1:05 PM Alexander A. Klimov
<grandmaster@xxxxxxxxxxxx> wrote:

Rationale:
Reduces attack surface on kernel devs opening the links for MITM
as HTTPS traffic is much harder to manipulate.

Deterministic algorithm:
For each file:
If not .svg:
For each line:
If doesn't contain `\bxmlns\b`:
For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
If both the HTTP and HTTPS versions
return 200 OK and serve the same content:
Replace HTTP with HTTPS.

Signed-off-by: Alexander A. Klimov <grandmaster@xxxxxxxxxxxx>
---
Continuing my work started at 93431e0607e5.

If there are any URLs to be removed completely or at least not HTTPSified:
Just clearly say so and I'll *undo my change*.
See also https://lkml.org/lkml/2020/6/27/64

If there are any valid, but yet not changed URLs:
See https://lkml.org/lkml/2020/6/26/837

Documentation/bpf/bpf_devel_QA.rst | 4 ++--
Documentation/bpf/index.rst | 2 +-
Documentation/networking/af_xdp.rst | 2 +-
Documentation/networking/filter.rst | 2 +-
arch/x86/net/bpf_jit_comp.c | 2 +-
include/linux/bpf.h | 2 +-
include/linux/bpf_verifier.h | 2 +-
include/uapi/linux/bpf.h | 2 +-
kernel/bpf/arraymap.c | 2 +-
kernel/bpf/core.c | 2 +-
kernel/bpf/disasm.c | 2 +-
kernel/bpf/disasm.h | 2 +-
kernel/bpf/hashtab.c | 2 +-
kernel/bpf/helpers.c | 2 +-
kernel/bpf/syscall.c | 2 +-
kernel/bpf/verifier.c | 2 +-
kernel/trace/bpf_trace.c | 2 +-
lib/test_bpf.c | 2 +-
net/core/filter.c | 2 +-
samples/bpf/lathist_kern.c | 2 +-
samples/bpf/lathist_user.c | 2 +-
samples/bpf/sockex3_kern.c | 2 +-
samples/bpf/tracex1_kern.c | 2 +-
samples/bpf/tracex2_kern.c | 2 +-
samples/bpf/tracex3_kern.c | 2 +-
samples/bpf/tracex3_user.c | 2 +-
samples/bpf/tracex4_kern.c | 2 +-
samples/bpf/tracex4_user.c | 2 +-
samples/bpf/tracex5_kern.c | 2 +-
tools/include/uapi/linux/bpf.h | 2 +-
tools/lib/bpf/bpf.c | 2 +-
tools/lib/bpf/bpf.h | 2 +-
tools/testing/selftests/bpf/test_maps.c | 2 +-
tools/testing/selftests/bpf/test_verifier.c | 2 +-
34 files changed, 35 insertions(+), 35 deletions(-)

Nacked-by: Alexei Starovoitov <ast@xxxxxxxxxx>

Pls don't touch anything bpf related with such changes.
https://lore.kernel.org/linux-doc/20200526060544.25127-1-grandmaster@xxxxxxxxxxxx/
â merged.

https://lore.kernel.org/linux-doc/20200608181649.74883-1-grandmaster@xxxxxxxxxxxx/
â applied.

https://lore.kernel.org/linux-doc/20200620075402.22347-1-grandmaster@xxxxxxxxxxxx/
â applied.

https://lore.kernel.org/linux-doc/20200621133512.46311-1-grandmaster@xxxxxxxxxxxx/
â applied.

https://lore.kernel.org/linux-doc/20200621133552.46371-1-grandmaster@xxxxxxxxxxxx/
â applied.

https://lore.kernel.org/linux-doc/20200621133630.46435-1-grandmaster@xxxxxxxxxxxx/
â applied.

https://lore.kernel.org/linux-doc/20200627103050.71712-1-grandmaster@xxxxxxxxxxxx/
â applied.

https://lore.kernel.org/linux-doc/20200627103125.71828-1-grandmaster@xxxxxxxxxxxx/
â reviewed.

https://lore.kernel.org/linux-doc/20200627103151.71942-1-grandmaster@xxxxxxxxxxxx/
â reviewed.

This one â no, pls not.

Why exactly not? Are these URLs not being opened at all (What they're doing there then?) or have all who open them the HTTPS everywhere browser addon installed?