LKML Archive on lore.kernel.org
 help / color / Atom feed
From: Kees Cook <keescook@chromium.org>
To: Mrinal Pandey <mrinalmni@gmail.com>
Cc: skhan@linuxfoundation.org,
	Linux-kernel-mentees@lists.linuxfoundation.org,
	lukas.bulwahn@gmail.com, re.emese@gmail.com, maennich@google.com,
	tglx@linutronix.de, gregkh@linuxfoundation.org,
	akpm@linux-foundation.org, linux-kernel@vger.kernel.org,
	linux-spdx@vger.kernel.org, Thierry Reding <treding@nvidia.com>
Subject: Re: [PATCH] scripts: Add intended executable mode and SPDX license
Date: Thu, 27 Aug 2020 11:14:28 -0700
Message-ID: <202008271102.FEB906C88@keescook> (raw)
In-Reply-To: <20200827092405.b6hymjxufn2nvgml@mrinalpandey>

On Thu, Aug 27, 2020 at 02:54:05PM +0530, Mrinal Pandey wrote:
> commit eb8305aecb95 ("scripts: Coccinelle script for namespace
> dependencies.") added the file nsdeps, commit 313dd1b62921 ("gcc-plugins:
> Add the randstruct plugin") added the file gcc-plugins/gen-random-seed.sh
> and commit 9b4ade226f74 ("xen: build infrastructure for generating
> hypercall depending symbols") added the file xen-hypercalls.sh without the
> executable bit.
> [...]
>  scripts/gcc-plugins/gen-random-seed.sh | 0
>  scripts/nsdeps                         | 0
>  scripts/spdxcheck-test.sh              | 1 +
>  scripts/xen-hypercalls.sh              | 0
>  4 files changed, 1 insertion(+)
>  mode change 100644 => 100755 scripts/gcc-plugins/gen-random-seed.sh
>  mode change 100644 => 100755 scripts/nsdeps
>  mode change 100644 => 100755 scripts/spdxcheck-test.sh
>  mode change 100644 => 100755 scripts/xen-hypercalls.sh

I can't find "official" guidance on this right now, but I'm pretty sure
this (having execute bits set correctly) wasn't something we could depend
on (i.e. regular "diff" output doesn't support it (just git's diff),
and copies of the tree (or tarballs, etc) may have missed the bits). All
the portions of the kernel that uses these kinds of files explicitly
specify the interpreter (or universally set the execute bit)[1]. As such,
is this change useful?

It might be better to _remove_ execute bits to catch the places where
the build is accidentally depending on them. ;)

-Kees


[1] These all use CONFIG_SHELL:

scripts/gcc-plugins/Makefile:
  $(CONFIG_SHELL) $(srctree)/$(src)/gen-random-seed.sh $@ $(objtree)/include/generated/randomize_layout_hash.h

Makefile:
       $(Q)$(CONFIG_SHELL) $(srctree)/scripts/nsdeps

arch/x86/entry/syscalls/Makefile:
quiet_cmd_hypercalls = HYPERCALLS $@
      cmd_hypercalls = $(CONFIG_SHELL) '$<' $@ $(filter-out $<,$^)
...
$(out)/xen-hypercalls.h: $(srctree)/scripts/xen-hypercalls.sh
        $(call if_changed,hypercalls)

And I can't even find anything in the kernel that calls
scripts/spdxcheck-test.sh :) I think that should likely be moved into
the selftests directory and wired up.


-- 
Kees Cook

  parent reply index

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-08-27  9:24 Mrinal Pandey
2020-08-27  9:34 ` Lukas Bulwahn
2020-08-27  9:43 ` Greg KH
2020-08-27  9:49   ` Lukas Bulwahn
2020-08-27 10:00     ` Greg KH
2020-08-27 18:14 ` Kees Cook [this message]
2020-08-31  0:44 ` Andrew Morton
2020-08-31  5:45   ` Lukas Bulwahn
2020-08-31 19:20     ` Kees Cook

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=202008271102.FEB906C88@keescook \
    --to=keescook@chromium.org \
    --cc=Linux-kernel-mentees@lists.linuxfoundation.org \
    --cc=akpm@linux-foundation.org \
    --cc=gregkh@linuxfoundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-spdx@vger.kernel.org \
    --cc=lukas.bulwahn@gmail.com \
    --cc=maennich@google.com \
    --cc=mrinalmni@gmail.com \
    --cc=re.emese@gmail.com \
    --cc=skhan@linuxfoundation.org \
    --cc=tglx@linutronix.de \
    --cc=treding@nvidia.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

LKML Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/lkml/0 lkml/git/0.git
	git clone --mirror https://lore.kernel.org/lkml/1 lkml/git/1.git
	git clone --mirror https://lore.kernel.org/lkml/2 lkml/git/2.git
	git clone --mirror https://lore.kernel.org/lkml/3 lkml/git/3.git
	git clone --mirror https://lore.kernel.org/lkml/4 lkml/git/4.git
	git clone --mirror https://lore.kernel.org/lkml/5 lkml/git/5.git
	git clone --mirror https://lore.kernel.org/lkml/6 lkml/git/6.git
	git clone --mirror https://lore.kernel.org/lkml/7 lkml/git/7.git
	git clone --mirror https://lore.kernel.org/lkml/8 lkml/git/8.git
	git clone --mirror https://lore.kernel.org/lkml/9 lkml/git/9.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 lkml lkml/ https://lore.kernel.org/lkml \
		linux-kernel@vger.kernel.org
	public-inbox-index lkml

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-kernel


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git