2024-06-10 11:13:52

by Dan Carpenter

[permalink] [raw]
Subject: [PATCH v4 RESEND] checkpatch: check for missing Fixes tags

This check looks for common words that probably indicate a patch
is a fix. For now the regex is:

(?:(?:BUG: K.|UB)SAN: |Call Trace:|stable\@|syzkaller)/)

Why are stable patches encouraged to have a fixes tag? Some people mark
their stable patches as "# 5.10" etc. This is useful but a Fixes tag is
still a good idea. For example, the Fixes tag helps in review. It
helps people to not cherry-pick buggy patches without also
cherry-picking the fix.

Also if a bug affects the 5.7 kernel some people will round it up to
5.10+ because 5.7 is not supported on kernel.org. It's possible the Bad
Binder bug was caused by this sort of gap where companies outside of
kernel.org are supporting different kernels from kernel.org.

Should it be counted as a Fix when a patch just silences harmless
WARN_ON() stack trace. Yes. Definitely.

Is silencing compiler warnings a fix? It seems unfair to the original
authors, but we use -Werror now, and warnings break the build so let's
just add Fixes tags. I tell people that silencing static checker
warnings is not a fix but the rules on this vary by subsystem.

Is fixing a minor LTP issue (Linux Test Project) a fix? Probably? It's
hard to know what to do if the LTP test has technically always been
broken.

One clear false positive from this check is when someone updated their
debug output and included before and after Call Traces. Or when crashes
are introduced deliberately for testing. In those cases, you should
just ignore checkpatch.

Signed-off-by: Dan Carpenter <[email protected]>
Acked-by: Greg Kroah-Hartman <[email protected]>
Reviewed-by: Kees Cook <[email protected]>
---
Hi, Andrew, I sent this patch last year. It's a pretty good patch. I
probably erred on the side of avoiding false positives.

v4: Fix another formatting issue.
v3: Add UBSAN to the regex as Kees suggested.
v2: I fixed the formatting issues Joe pointed out. I also silenced the
warning if the commit was a Revert because revert patches already
include the hash.

scripts/checkpatch.pl | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)

diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
index 2b812210b412..13763164eb6c 100755
--- a/scripts/checkpatch.pl
+++ b/scripts/checkpatch.pl
@@ -28,6 +28,7 @@ my %verbose_messages = ();
my %verbose_emitted = ();
my $tree = 1;
my $chk_signoff = 1;
+my $chk_fixes_tag = 1;
my $chk_patch = 1;
my $tst_only;
my $emacs = 0;
@@ -88,6 +89,7 @@ Options:
-v, --verbose verbose mode
--no-tree run without a kernel tree
--no-signoff do not check for 'Signed-off-by' line
+ --no-fixes-tag do not check for 'Fixes:' tag
--patch treat FILE as patchfile (default)
--emacs emacs compile window format
--terse one line per report
@@ -295,6 +297,7 @@ GetOptions(
'v|verbose!' => \$verbose,
'tree!' => \$tree,
'signoff!' => \$chk_signoff,
+ 'fixes-tag!' => \$chk_fixes_tag,
'patch!' => \$chk_patch,
'emacs!' => \$emacs,
'terse!' => \$terse,
@@ -1257,6 +1260,7 @@ sub git_commit_info {
}

$chk_signoff = 0 if ($file);
+$chk_fixes_tag = 0 if ($file);

my @rawlines = ();
my @lines = ();
@@ -2636,6 +2640,9 @@ sub process {

our $clean = 1;
my $signoff = 0;
+ my $fixes_tag = 0;
+ my $is_revert = 0;
+ my $needs_fixes_tag = 0;
my $author = '';
my $authorsignoff = 0;
my $author_sob = '';
@@ -3189,6 +3196,16 @@ sub process {
}
}

+# These indicate a bug fix
+ if (!$in_header_lines && !$is_patch &&
+ $line =~ /^This reverts commit/) {
+ $is_revert = 1;
+ }
+
+ if (!$in_header_lines && !$is_patch &&
+ $line =~ /(?:(?:BUG: K.|UB)SAN: |Call Trace:|stable\@|syzkaller)/) {
+ $needs_fixes_tag = 1;
+ }

# Check Fixes: styles is correct
if (!$in_header_lines &&
@@ -3201,6 +3218,7 @@ sub process {
my $id_length = 1;
my $id_case = 1;
my $title_has_quotes = 0;
+ $fixes_tag = 1;

if ($line =~ /(\s*fixes:?)\s+([0-9a-f]{5,})\s+($balanced_parens)/i) {
my $tag = $1;
@@ -7697,6 +7715,12 @@ sub process {
ERROR("NOT_UNIFIED_DIFF",
"Does not appear to be a unified-diff format patch\n");
}
+ if ($is_patch && $has_commit_log && $chk_fixes_tag) {
+ if ($needs_fixes_tag && !$is_revert && !$fixes_tag) {
+ WARN("MISSING_FIXES_TAG",
+ "This looks like a fix but there is no Fixes: tag\n");
+ }
+ }
if ($is_patch && $has_commit_log && $chk_signoff) {
if ($signoff == 0) {
ERROR("MISSING_SIGN_OFF",


2024-06-10 15:10:31

by Joe Perches

[permalink] [raw]
Subject: Re: [PATCH v4 RESEND] checkpatch: check for missing Fixes tags

On Mon, 2024-06-10 at 14:13 +0300, Dan Carpenter wrote:
> This check looks for common words that probably indicate a patch
> is a fix. For now the regex is:
>
> (?:(?:BUG: K.|UB)SAN: |Call Trace:|stable\@|syzkaller)/)
>
> Why are stable patches encouraged to have a fixes tag? Some people mark
> their stable patches as "# 5.10" etc. This is useful but a Fixes tag is
> still a good idea. For example, the Fixes tag helps in review. It
> helps people to not cherry-pick buggy patches without also
> cherry-picking the fix.
>
> Also if a bug affects the 5.7 kernel some people will round it up to
> 5.10+ because 5.7 is not supported on kernel.org. It's possible the Bad
> Binder bug was caused by this sort of gap where companies outside of
> kernel.org are supporting different kernels from kernel.org.
>
> Should it be counted as a Fix when a patch just silences harmless
> WARN_ON() stack trace. Yes. Definitely.
>
> Is silencing compiler warnings a fix? It seems unfair to the original
> authors, but we use -Werror now, and warnings break the build so let's
> just add Fixes tags. I tell people that silencing static checker
> warnings is not a fix but the rules on this vary by subsystem.
>
> Is fixing a minor LTP issue (Linux Test Project) a fix? Probably? It's
> hard to know what to do if the LTP test has technically always been
> broken.
>
> One clear false positive from this check is when someone updated their
> debug output and included before and after Call Traces. Or when crashes
> are introduced deliberately for testing. In those cases, you should
> just ignore checkpatch.
[]
> diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
[]
> +# These indicate a bug fix
> + if (!$in_header_lines && !$is_patch &&
> + $line =~ /^This reverts commit/) {
> + $is_revert = 1;
> + }
> +
> + if (!$in_header_lines && !$is_patch &&
> + $line =~ /(?:(?:BUG: K.|UB)SAN: |Call Trace:|stable\@|syzkaller)/) {
> + $needs_fixes_tag = 1;

Maybe use
$line =~ /((?:(?:BUG: K.|UB)SAN: |Call Trace:|stable\@|syzkaller))/) {
$needs_fixes_tag = $1;

> @@ -7697,6 +7715,12 @@ sub process {
> ERROR("NOT_UNIFIED_DIFF",
> "Does not appear to be a unified-diff format patch\n");
> }
> + if ($is_patch && $has_commit_log && $chk_fixes_tag) {
> + if ($needs_fixes_tag && !$is_revert && !$fixes_tag) {

and

+ if ($needs_fixes_tag ne "" && !$is_revert && !$fixes_tag) {

> + WARN("MISSING_FIXES_TAG",
> + "This looks like a fix but there is no Fixes: tag\n");

and

"The commit message has '$needs_fixes_tag', perhaps it also needs a 'Fixes:' tag?\n");