* Re: [PATCH] scripts: Add intended executable mode and SPDX license
2020-08-27 9:24 [PATCH] scripts: Add intended executable mode and SPDX license Mrinal Pandey
@ 2020-08-27 9:34 ` Lukas Bulwahn
2020-08-27 9:43 ` Greg KH
` (2 subsequent siblings)
3 siblings, 0 replies; 9+ messages in thread
From: Lukas Bulwahn @ 2020-08-27 9:34 UTC (permalink / raw)
To: Mrinal Pandey
Cc: skhan, Linux-kernel-mentees, lukas.bulwahn, keescook, re.emese,
maennich, tglx, gregkh, akpm, kernel-hardening, linux-kernel,
linux-spdx
On Thu, 27 Aug 2020, Mrinal Pandey wrote:
> commit b72231eb7084 ("scripts: add spdxcheck.py self test") added the file
> spdxcheck-test.sh to the repository without the executable flag and license
> information.
>
> commit eb8305aecb95 ("scripts: Coccinelle script for namespace
> dependencies.") added the file nsdeps, commit 313dd1b62921 ("gcc-plugins:
> Add the randstruct plugin") added the file gcc-plugins/gen-random-seed.sh
> and commit 9b4ade226f74 ("xen: build infrastructure for generating
> hypercall depending symbols") added the file xen-hypercalls.sh without the
> executable bit.
>
> Set to usual modes for these files and provide the SPDX license for
> spdxcheck-test.sh. No functional changes.
>
> Signed-off-by: Mrinal Pandey <mrinalmni@gmail.com>
This is a contribution from a candidate of the Linux Kernel Onboarding
Mentorship. If successful, the candidate will work on improving
checkpatch.pl so that we get closer to a state where we can run it as a
bot reporting on patch submissions to mailing lists.
This was clean-up work we came across looking at SPDX license warnings,
script shebangs, and executable modes of files.
Acked-by: Lukas Bulwahn <lukas.bulwahn@gmail.com>
> ---
> applies cleanly on next-20200827
>
> Kees, Matthias, Thomas, please ack this patch.
>
> Andrew, please pick this minor non-urgent cleanup patch once the
> mainainers ack.
>
> scripts/gcc-plugins/gen-random-seed.sh | 0
> scripts/nsdeps | 0
> scripts/spdxcheck-test.sh | 1 +
> scripts/xen-hypercalls.sh | 0
> 4 files changed, 1 insertion(+)
> mode change 100644 => 100755 scripts/gcc-plugins/gen-random-seed.sh
> mode change 100644 => 100755 scripts/nsdeps
> mode change 100644 => 100755 scripts/spdxcheck-test.sh
> mode change 100644 => 100755 scripts/xen-hypercalls.sh
>
> diff --git a/scripts/gcc-plugins/gen-random-seed.sh b/scripts/gcc-plugins/gen-random-seed.sh
> old mode 100644
> new mode 100755
> diff --git a/scripts/nsdeps b/scripts/nsdeps
> old mode 100644
> new mode 100755
> diff --git a/scripts/spdxcheck-test.sh b/scripts/spdxcheck-test.sh
> old mode 100644
> new mode 100755
> index cfea6a0d1cc0..e2902520a081
> --- a/scripts/spdxcheck-test.sh
> +++ b/scripts/spdxcheck-test.sh
> @@ -1,4 +1,5 @@
> #!/bin/sh
> +# SPDX-License-Identifier: GPL-2.0
>
> for PYTHON in python2 python3; do
> # run check on a text and a binary file
> diff --git a/scripts/xen-hypercalls.sh b/scripts/xen-hypercalls.sh
> old mode 100644
> new mode 100755
> --
> 2.25.1
>
>
^ permalink raw reply [flat|nested] 9+ messages in thread* Re: [PATCH] scripts: Add intended executable mode and SPDX license
2020-08-27 9:24 [PATCH] scripts: Add intended executable mode and SPDX license Mrinal Pandey
2020-08-27 9:34 ` Lukas Bulwahn
@ 2020-08-27 9:43 ` Greg KH
2020-08-27 9:49 ` Lukas Bulwahn
2020-08-27 18:14 ` Kees Cook
2020-08-31 0:44 ` Andrew Morton
3 siblings, 1 reply; 9+ messages in thread
From: Greg KH @ 2020-08-27 9:43 UTC (permalink / raw)
To: Mrinal Pandey
Cc: skhan, Linux-kernel-mentees, lukas.bulwahn, keescook, re.emese,
maennich, tglx, akpm, kernel-hardening, linux-kernel, linux-spdx
On Thu, Aug 27, 2020 at 02:54:05PM +0530, Mrinal Pandey wrote:
> commit b72231eb7084 ("scripts: add spdxcheck.py self test") added the file
> spdxcheck-test.sh to the repository without the executable flag and license
> information.
>
> commit eb8305aecb95 ("scripts: Coccinelle script for namespace
> dependencies.") added the file nsdeps, commit 313dd1b62921 ("gcc-plugins:
> Add the randstruct plugin") added the file gcc-plugins/gen-random-seed.sh
> and commit 9b4ade226f74 ("xen: build infrastructure for generating
> hypercall depending symbols") added the file xen-hypercalls.sh without the
> executable bit.
>
> Set to usual modes for these files and provide the SPDX license for
> spdxcheck-test.sh. No functional changes.
>
> Signed-off-by: Mrinal Pandey <mrinalmni@gmail.com>
> ---
> applies cleanly on next-20200827
>
> Kees, Matthias, Thomas, please ack this patch.
>
> Andrew, please pick this minor non-urgent cleanup patch once the
> mainainers ack.
>
> scripts/gcc-plugins/gen-random-seed.sh | 0
> scripts/nsdeps | 0
> scripts/spdxcheck-test.sh | 1 +
> scripts/xen-hypercalls.sh | 0
> 4 files changed, 1 insertion(+)
> mode change 100644 => 100755 scripts/gcc-plugins/gen-random-seed.sh
> mode change 100644 => 100755 scripts/nsdeps
> mode change 100644 => 100755 scripts/spdxcheck-test.sh
> mode change 100644 => 100755 scripts/xen-hypercalls.sh
This does 2 different things in one patch, shouldn't this be 2 different
patches? One to change the permissions and one to add the SPDX line?
thanks,
greg k-h
^ permalink raw reply [flat|nested] 9+ messages in thread* Re: [PATCH] scripts: Add intended executable mode and SPDX license
2020-08-27 9:43 ` Greg KH
@ 2020-08-27 9:49 ` Lukas Bulwahn
2020-08-27 10:00 ` Greg KH
0 siblings, 1 reply; 9+ messages in thread
From: Lukas Bulwahn @ 2020-08-27 9:49 UTC (permalink / raw)
To: Greg KH
Cc: Mrinal Pandey, skhan, Linux-kernel-mentees, lukas.bulwahn,
keescook, re.emese, maennich, tglx, akpm, kernel-hardening,
linux-kernel, linux-spdx
On Thu, 27 Aug 2020, Greg KH wrote:
> On Thu, Aug 27, 2020 at 02:54:05PM +0530, Mrinal Pandey wrote:
> > commit b72231eb7084 ("scripts: add spdxcheck.py self test") added the file
> > spdxcheck-test.sh to the repository without the executable flag and license
> > information.
> >
> > commit eb8305aecb95 ("scripts: Coccinelle script for namespace
> > dependencies.") added the file nsdeps, commit 313dd1b62921 ("gcc-plugins:
> > Add the randstruct plugin") added the file gcc-plugins/gen-random-seed.sh
> > and commit 9b4ade226f74 ("xen: build infrastructure for generating
> > hypercall depending symbols") added the file xen-hypercalls.sh without the
> > executable bit.
> >
> > Set to usual modes for these files and provide the SPDX license for
> > spdxcheck-test.sh. No functional changes.
> >
> > Signed-off-by: Mrinal Pandey <mrinalmni@gmail.com>
> > ---
> > applies cleanly on next-20200827
> >
> > Kees, Matthias, Thomas, please ack this patch.
> >
> > Andrew, please pick this minor non-urgent cleanup patch once the
> > mainainers ack.
> >
> > scripts/gcc-plugins/gen-random-seed.sh | 0
> > scripts/nsdeps | 0
> > scripts/spdxcheck-test.sh | 1 +
> > scripts/xen-hypercalls.sh | 0
> > 4 files changed, 1 insertion(+)
> > mode change 100644 => 100755 scripts/gcc-plugins/gen-random-seed.sh
> > mode change 100644 => 100755 scripts/nsdeps
> > mode change 100644 => 100755 scripts/spdxcheck-test.sh
> > mode change 100644 => 100755 scripts/xen-hypercalls.sh
>
> This does 2 different things in one patch, shouldn't this be 2 different
> patches? One to change the permissions and one to add the SPDX line?
>
For me, this was one thing: minor cleanup; and taking one
minor patch is easier than taking two, but you make the call. Then, the
two or even three patches would also just travel through different trees,
the spdx tree and Andrew's.
Lukas
^ permalink raw reply [flat|nested] 9+ messages in thread* Re: [PATCH] scripts: Add intended executable mode and SPDX license
2020-08-27 9:49 ` Lukas Bulwahn
@ 2020-08-27 10:00 ` Greg KH
0 siblings, 0 replies; 9+ messages in thread
From: Greg KH @ 2020-08-27 10:00 UTC (permalink / raw)
To: Lukas Bulwahn
Cc: Mrinal Pandey, skhan, Linux-kernel-mentees, keescook, re.emese,
maennich, tglx, akpm, kernel-hardening, linux-kernel, linux-spdx
On Thu, Aug 27, 2020 at 11:49:31AM +0200, Lukas Bulwahn wrote:
>
>
> On Thu, 27 Aug 2020, Greg KH wrote:
>
> > On Thu, Aug 27, 2020 at 02:54:05PM +0530, Mrinal Pandey wrote:
> > > commit b72231eb7084 ("scripts: add spdxcheck.py self test") added the file
> > > spdxcheck-test.sh to the repository without the executable flag and license
> > > information.
> > >
> > > commit eb8305aecb95 ("scripts: Coccinelle script for namespace
> > > dependencies.") added the file nsdeps, commit 313dd1b62921 ("gcc-plugins:
> > > Add the randstruct plugin") added the file gcc-plugins/gen-random-seed.sh
> > > and commit 9b4ade226f74 ("xen: build infrastructure for generating
> > > hypercall depending symbols") added the file xen-hypercalls.sh without the
> > > executable bit.
> > >
> > > Set to usual modes for these files and provide the SPDX license for
> > > spdxcheck-test.sh. No functional changes.
> > >
> > > Signed-off-by: Mrinal Pandey <mrinalmni@gmail.com>
> > > ---
> > > applies cleanly on next-20200827
> > >
> > > Kees, Matthias, Thomas, please ack this patch.
> > >
> > > Andrew, please pick this minor non-urgent cleanup patch once the
> > > mainainers ack.
> > >
> > > scripts/gcc-plugins/gen-random-seed.sh | 0
> > > scripts/nsdeps | 0
> > > scripts/spdxcheck-test.sh | 1 +
> > > scripts/xen-hypercalls.sh | 0
> > > 4 files changed, 1 insertion(+)
> > > mode change 100644 => 100755 scripts/gcc-plugins/gen-random-seed.sh
> > > mode change 100644 => 100755 scripts/nsdeps
> > > mode change 100644 => 100755 scripts/spdxcheck-test.sh
> > > mode change 100644 => 100755 scripts/xen-hypercalls.sh
> >
> > This does 2 different things in one patch, shouldn't this be 2 different
> > patches? One to change the permissions and one to add the SPDX line?
> >
>
> For me, this was one thing: minor cleanup; and taking one
> minor patch is easier than taking two, but you make the call. Then, the
> two or even three patches would also just travel through different trees,
> the spdx tree and Andrew's.
License "additions" are good to separate from other changes, in case
people have questions/comments/objections about them, they can be easier
to discuss and possibly reverted.
More patches is not a problem :)
thanks,
greg k-h
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] scripts: Add intended executable mode and SPDX license
2020-08-27 9:24 [PATCH] scripts: Add intended executable mode and SPDX license Mrinal Pandey
2020-08-27 9:34 ` Lukas Bulwahn
2020-08-27 9:43 ` Greg KH
@ 2020-08-27 18:14 ` Kees Cook
2020-08-31 0:44 ` Andrew Morton
3 siblings, 0 replies; 9+ messages in thread
From: Kees Cook @ 2020-08-27 18:14 UTC (permalink / raw)
To: Mrinal Pandey
Cc: skhan, Linux-kernel-mentees, lukas.bulwahn, re.emese, maennich,
tglx, gregkh, akpm, linux-kernel, linux-spdx, Thierry Reding
On Thu, Aug 27, 2020 at 02:54:05PM +0530, Mrinal Pandey wrote:
> commit eb8305aecb95 ("scripts: Coccinelle script for namespace
> dependencies.") added the file nsdeps, commit 313dd1b62921 ("gcc-plugins:
> Add the randstruct plugin") added the file gcc-plugins/gen-random-seed.sh
> and commit 9b4ade226f74 ("xen: build infrastructure for generating
> hypercall depending symbols") added the file xen-hypercalls.sh without the
> executable bit.
> [...]
> scripts/gcc-plugins/gen-random-seed.sh | 0
> scripts/nsdeps | 0
> scripts/spdxcheck-test.sh | 1 +
> scripts/xen-hypercalls.sh | 0
> 4 files changed, 1 insertion(+)
> mode change 100644 => 100755 scripts/gcc-plugins/gen-random-seed.sh
> mode change 100644 => 100755 scripts/nsdeps
> mode change 100644 => 100755 scripts/spdxcheck-test.sh
> mode change 100644 => 100755 scripts/xen-hypercalls.sh
I can't find "official" guidance on this right now, but I'm pretty sure
this (having execute bits set correctly) wasn't something we could depend
on (i.e. regular "diff" output doesn't support it (just git's diff),
and copies of the tree (or tarballs, etc) may have missed the bits). All
the portions of the kernel that uses these kinds of files explicitly
specify the interpreter (or universally set the execute bit)[1]. As such,
is this change useful?
It might be better to _remove_ execute bits to catch the places where
the build is accidentally depending on them. ;)
-Kees
[1] These all use CONFIG_SHELL:
scripts/gcc-plugins/Makefile:
$(CONFIG_SHELL) $(srctree)/$(src)/gen-random-seed.sh $@ $(objtree)/include/generated/randomize_layout_hash.h
Makefile:
$(Q)$(CONFIG_SHELL) $(srctree)/scripts/nsdeps
arch/x86/entry/syscalls/Makefile:
quiet_cmd_hypercalls = HYPERCALLS $@
cmd_hypercalls = $(CONFIG_SHELL) '$<' $@ $(filter-out $<,$^)
...
$(out)/xen-hypercalls.h: $(srctree)/scripts/xen-hypercalls.sh
$(call if_changed,hypercalls)
And I can't even find anything in the kernel that calls
scripts/spdxcheck-test.sh :) I think that should likely be moved into
the selftests directory and wired up.
--
Kees Cook
^ permalink raw reply [flat|nested] 9+ messages in thread* Re: [PATCH] scripts: Add intended executable mode and SPDX license
2020-08-27 9:24 [PATCH] scripts: Add intended executable mode and SPDX license Mrinal Pandey
` (2 preceding siblings ...)
2020-08-27 18:14 ` Kees Cook
@ 2020-08-31 0:44 ` Andrew Morton
2020-08-31 5:45 ` Lukas Bulwahn
3 siblings, 1 reply; 9+ messages in thread
From: Andrew Morton @ 2020-08-31 0:44 UTC (permalink / raw)
To: Mrinal Pandey
Cc: skhan, Linux-kernel-mentees, lukas.bulwahn, keescook, re.emese,
maennich, tglx, gregkh, kernel-hardening, linux-kernel,
linux-spdx
On Thu, 27 Aug 2020 14:54:05 +0530 Mrinal Pandey <mrinalmni@gmail.com> wrote:
> commit b72231eb7084 ("scripts: add spdxcheck.py self test") added the file
> spdxcheck-test.sh to the repository without the executable flag and license
> information.
The x bit shouldn't matter.
If someone downloads and applies patch-5.9.xz (which is a supported way
of obtaining a kernel) then patch(1) will erase the x bit anyway.
Is some other script invoking spdxcheck-test.sh directly, instead of
using `/bin/sh spdxcheck-test.sh'? If so, please let's fix that.
^ permalink raw reply [flat|nested] 9+ messages in thread* Re: [PATCH] scripts: Add intended executable mode and SPDX license
2020-08-31 0:44 ` Andrew Morton
@ 2020-08-31 5:45 ` Lukas Bulwahn
2020-08-31 19:20 ` Kees Cook
0 siblings, 1 reply; 9+ messages in thread
From: Lukas Bulwahn @ 2020-08-31 5:45 UTC (permalink / raw)
To: Andrew Morton, keescook
Cc: Mrinal Pandey, skhan, Linux-kernel-mentees, lukas.bulwahn,
re.emese, maennich, tglx, gregkh, kernel-hardening, linux-kernel,
linux-spdx
On Sun, 30 Aug 2020, Andrew Morton wrote:
> On Thu, 27 Aug 2020 14:54:05 +0530 Mrinal Pandey <mrinalmni@gmail.com> wrote:
>
> > commit b72231eb7084 ("scripts: add spdxcheck.py self test") added the file
> > spdxcheck-test.sh to the repository without the executable flag and license
> > information.
>
> The x bit shouldn't matter.
>
> If someone downloads and applies patch-5.9.xz (which is a supported way
> of obtaining a kernel) then patch(1) will erase the x bit anyway.
>
Andrew, Kees,
thanks for the feedback.
As his mentor, I see two valuable tasks for Mrinal to work on:
1. Document this knowledge how scripts should be called, not relying on
the executable bit, probably best somewhere here:
./Documentation/kbuild/makefiles.rst, a new section on using dedicated
scripts in chapter 3 ("The kbuild files").
https://www.kernel.org/doc/html/latest/kbuild/makefiles.html#the-kbuild-files
2. Determine if there are places in the build Makefiles that do rely on
the executable bit and fix those script invocations. (Kees' idea of remove
all executable bits and see...)
Lukas
^ permalink raw reply [flat|nested] 9+ messages in thread* Re: [PATCH] scripts: Add intended executable mode and SPDX license
2020-08-31 5:45 ` Lukas Bulwahn
@ 2020-08-31 19:20 ` Kees Cook
0 siblings, 0 replies; 9+ messages in thread
From: Kees Cook @ 2020-08-31 19:20 UTC (permalink / raw)
To: Lukas Bulwahn
Cc: Andrew Morton, Mrinal Pandey, skhan, Linux-kernel-mentees,
re.emese, maennich, tglx, gregkh, kernel-hardening, linux-kernel,
linux-spdx
On Mon, Aug 31, 2020 at 07:45:25AM +0200, Lukas Bulwahn wrote:
>
>
> On Sun, 30 Aug 2020, Andrew Morton wrote:
>
> > On Thu, 27 Aug 2020 14:54:05 +0530 Mrinal Pandey <mrinalmni@gmail.com> wrote:
> >
> > > commit b72231eb7084 ("scripts: add spdxcheck.py self test") added the file
> > > spdxcheck-test.sh to the repository without the executable flag and license
> > > information.
> >
> > The x bit shouldn't matter.
> >
> > If someone downloads and applies patch-5.9.xz (which is a supported way
> > of obtaining a kernel) then patch(1) will erase the x bit anyway.
> >
>
> Andrew, Kees,
>
> thanks for the feedback.
>
> As his mentor, I see two valuable tasks for Mrinal to work on:
>
> 1. Document this knowledge how scripts should be called, not relying on
> the executable bit, probably best somewhere here:
> ./Documentation/kbuild/makefiles.rst, a new section on using dedicated
> scripts in chapter 3 ("The kbuild files").
>
> https://www.kernel.org/doc/html/latest/kbuild/makefiles.html#the-kbuild-files
Yes, that would be excellent.
> 2. Determine if there are places in the build Makefiles that do rely on
> the executable bit and fix those script invocations. (Kees' idea of remove
> all executable bits and see...)
I think this has value, yes. I don't think patches to remove the x bits
are needed, but any cases where they are depended on need to be fixed.
And I think "3" could be "wire up or remove spdx shell script"
--
Kees Cook
^ permalink raw reply [flat|nested] 9+ messages in thread