lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Wed, 2 Mar 2011 22:44:56 +0100 (CET)
From:	Thomas Gleixner <tglx@...utronix.de>
To:	Randy Dunlap <randy.dunlap@...cle.com>
cc:	Chen Liu <chenliunju@...il.com>, linux-kernel@...r.kernel.org,
	scsi <linux-scsi@...r.kernel.org>
Subject: Re: [Patch] Patch for bug 13547

On Wed, 2 Mar 2011, Randy Dunlap wrote:

> On Wed, 2 Mar 2011 14:28:51 -0500 Chen Liu wrote:
> 
> [adding linux-scsi]
> 
> > Hi everyone,
> > 
> > There is a patch generated by the tool R2Fix for bug 13547. Could you
> > take a look at them? Thanks!
> > The patch:
> > --- linux-2.6.30/drivers/scsi/FlashPoint.c    2009-06-09
> > 23:05:27.000000000 -0400
> > +++ /tmp/cocci-output-726-34f8c9-FlashPoint.c    2011-02-23
> > 22:05:29.765164083 -0500
> > @@ -1212,7 +1212,7 @@ static unsigned long FlashPoint_Hardware
> > 
> >      ioport = pCardInfo->si_baseaddr;
> > 
> > -    for (thisCard = 0; thisCard <= MAX_CARDS; thisCard++) {
> > +    for (thisCard = 0; thisCard < MAX_CARDS; thisCard++) {
> > 
> >          if (thisCard == MAX_CARDS) {
> 
> 
> Please fix the R2Fix tool to generate patches correctly:
> The +++ file name is incorrect.
> 
> The patch is whitespace-damaged.  gmail isn't good at preserving
> tabs -- they have been converted to spaces, so the patch does not
> apply cleanly.
> 
> If this patch is applied, how does this function return FAILURE?
> I don't think that is does -- I think the patch is bad.

You forgot to mention, that the subject line of this patch is
completely useless. What the heck is bug 13547?

The changelog is not only missing the proper Signed-off-by, it's also
missing a reasonable explanation what the bug is and why the fix is
correct.

Time to study Documentation/SubmittingPatches and
Documentation/SubmitChecklist.

Chen,

please stop sending the output of some tool built around coccinelle
unless you can explain in your own words what the bug is and why the
patch solves the problem.

Tools are not perfect and we really don't need a replacement of
existing bugs by tool generated ones or worse the introduction of new
bugs by a failure of a tool.

Automated tools are nice to help to detect problems, but the ultimate
tool to validate that the automated tool did not trip over a false
positive and provided the correct fix is your brain. Please use it.

Thanks,

	tglx

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ