lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Fri, 21 Oct 2016 13:38:19 +0200
From:   SF Markus Elfring <elfring@...rs.sourceforge.net>
To:     Julia Lawall <julia.lawall@...6.fr>
Cc:     Dan Carpenter <dan.carpenter@...cle.com>,
        Jiri Kosina <jikos@...nel.org>,
        Geert Uytterhoeven <geert+renesas@...der.be>,
        LKML <linux-kernel@...r.kernel.org>,
        kernel-janitors@...r.kernel.org
Subject: Re: Improving software around DMA API usage?

> If you want to do something that might be useful, you could look into the
> problem of missing checks for dma mapping failure.  There is  nice slide
> presenatation about the issue:
> 
> http://www.slideshare.net/SamsungOSG/shuah-khan-dmamaperror

Thanks for your suggestion about the software development idea
"Detecting Silent Data Corruptions using Linux DMA Debug API"
by Shuah Khan (from the year 2013).


> The slides are from a few years ago, but I did a small test recently,
> and the problem seems to persist.

Does this information indicate anything about the corresponding software
development attention?


> This needs to be done slowly and carefully, because when there is a failure,
> you need to figure out what to do to clean up and what value to return.

I imagine that some tools can help here again with static source code analysis,
can't they?


> There is no point to clean up all of the other checkpatch errors in the file
> at the same time.

Do you prefer to leave them over for newcomers?   ;-)


> Just stay on the problem at hand.

* Can further evolution also around software like "Coccinelle" help to improve
  the described situation?

* Are the chances becoming better around advanced data flow analysis
  by other analysis and design approaches?

Regards,
Markus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ