[PATCH v3 05/35] checkpatch: Warn about capability_unsafe() without comment
Marco Elver
elver at google.com
Thu Sep 18 13:59:16 UTC 2025
Warn about applications of capability_unsafe() without a comment, to
encourage documenting the reasoning behind why it was deemed safe.
Signed-off-by: Marco Elver <elver at google.com>
---
scripts/checkpatch.pl | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
index e722dd6fa8ef..532075e67a96 100755
--- a/scripts/checkpatch.pl
+++ b/scripts/checkpatch.pl
@@ -6717,6 +6717,14 @@ sub process {
}
}
+# check for capability_unsafe without a comment.
+ if ($line =~ /\bcapability_unsafe\b/) {
+ if (!ctx_has_comment($first_line, $linenr)) {
+ WARN("CAPABILITY_UNSAFE",
+ "capability_unsafe without comment\n" . $herecurr);
+ }
+ }
+
# check of hardware specific defines
if ($line =~ m@^.\s*\#\s*if.*\b(__i386__|__powerpc64__|__sun__|__s390x__)\b@ && $realfile !~ m at include/asm-@) {
CHK("ARCH_DEFINES",
--
2.51.0.384.g4c02a37b29-goog
More information about the Linux-security-module-archive
mailing list