lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Fri, 14 Oct 2016 17:54:45 +0530
From:   Vaishali Thakkar <vaishali.thakkar@...cle.com>
To:     Lars-Peter Clausen <lars@...afoo.de>,
        Julia Lawall <julia.lawall@...6.fr>
Cc:     mmarek@...e.com, Gilles Muller <Gilles.Muller@...6.fr>,
        nicolas.palix@...g.fr, cocci@...teme.lip6.fr,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] Coccinelle: misc: Improve the script for more accurate
 results



On Friday 14 October 2016 02:21 PM, Lars-Peter Clausen wrote:
> On 10/13/2016 07:01 PM, Vaishali Thakkar wrote:
>>
>>
>> On Thursday 13 October 2016 09:45 PM, Julia Lawall wrote:
>>>
>>>
>>> On Thu, 13 Oct 2016, Vaishali Thakkar wrote:
>>>
>>>> Currently because of the left associativity of the operators,
>>>> pattern IRQF_ONESHOT | flags does not match with the pattern
>>>> when we have more than one flag after the disjunction. This
>>>> eventually results in giving false positives by the script.
>>>> The patch eliminates these FPs by improving the rule.
>>>>
>>>> Also, add a new rule to eliminate the false positives given by
>>>> the new line issue.
>>>>
>>>> Misc:
>>>>
>>>> 1. Add support for the context, org and report mode in the case
>>>>    of devm_request_threaded_irq
>>>> 2. To be consistent with other scripts, change the confidence
>>>>    level to 'Moderate'
>>>
>>> I'm getting a lot more reports for context mode than for patch mode, eg
>>> for sound/pcmcia/vx/vxpocket.c.  Is this normal?
>>
>> This seems to be because of the ... in '*request_threaded_irq@p(...)'.
>> Usually I think we should have same rules for the patch  and context mode.
>> But the original code does not do that. So, I was not sure if that was
>> intentional or not.
>> [just in case, person wants to check all cases of these functions using
>> context mode]
> 
> To be honest, I don't remember if it was intentional or not. But looking at
> it now, I'd say context mode should use the same pattern as the report mode.
> The way it is right now context mode certainly generates a fair amount of
> false positives.
> 
> As for your patch I'd say split this into multiple patches, one patch to add
> the missing devm_ variants to the context and report mode and one patch to
> improve the matching, since these are two independent changes.

Sure. I'll send the revised version with 3 patches. One more with changing 
the rule of context mode. 

> 

-- 
Vaishali

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ