lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <87fsel4zno.fsf@intel.com>
Date:   Mon, 14 Nov 2022 12:07:55 +0200
From:   Jani Nikula <jani.nikula@...el.com>
To:     Karol Herbst <kherbst@...hat.com>,
        Kees Cook <keescook@...omium.org>
Cc:     Lyude Paul <lyude@...hat.com>,
        Thomas Zimmermann <tzimmermann@...e.de>,
        linux-kernel@...r.kernel.org, Ilia Mirkin <imirkin@...m.mit.edu>,
        Daniel Vetter <daniel@...ll.ch>,
        Ben Skeggs <bskeggs@...hat.com>,
        David Airlie <airlied@...il.com>,
        "Nathan E. Egge" <unlord@...h.org>,
        dri-devel@...ts.freedesktop.org, nouveau@...ts.freedesktop.org,
        Dave Airlie <airlied@...hat.com>,
        "Gustavo A. R. Silva" <gustavo@...eddedor.com>,
        linux-next@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: Re: Coverity: nouveau_dp_irq(): Null pointer dereferences

On Fri, 11 Nov 2022, Karol Herbst <kherbst@...hat.com> wrote:
> On Fri, Nov 11, 2022 at 9:16 PM Kees Cook <keescook@...omium.org> wrote:
>>
>> On Fri, Nov 11, 2022 at 09:06:54PM +0100, Karol Herbst wrote:
>> > On Fri, Nov 11, 2022 at 8:21 PM Kees Cook <keescook@...omium.org> wrote:
>> > >
>> > > On Fri, Nov 11, 2022 at 11:13:17AM +0200, Jani Nikula wrote:
>> > > > On Thu, 10 Nov 2022, coverity-bot <keescook@...omium.org> wrote:
>> > > > > Hello!
>> > > > >
>> > > > > This is an experimental semi-automated report about issues detected by
>> > > > > Coverity from a scan of next-20221110 as part of the linux-next scan project:
>> > > > > https://scan.coverity.com/projects/linux-next-weekly-scan
>> > > > >
>> > > > > You're getting this email because you were associated with the identified
>> > > > > lines of code (noted below) that were touched by commits:
>> > > > >
>> > > > >   Mon Aug 31 19:10:08 2020 -0400
>> > > > >     a0922278f83e ("drm/nouveau/kms/nv50-: Refactor and cleanup DP HPD handling")
>> > > >
>> > > > Hi Kees, this looks like a good idea, but maybe double check the Cc list
>> > > > generation? I was Cc'd on four mails today that I thought were
>> > > > irrelevant to me.
>> > >
>> > > Hi!
>> > >
>> > > Heh, I was recently asked to _expand_ the CC list. :)
>> > >
>> > > For these last pass of reports, I added a get_maintainers.pl run to the
>> > > identified commit. In this instance, the commit touched:
>> > >
>> > >  drivers/gpu/drm/nouveau/dispnv04/disp.c     |    6 +
>> > >  drivers/gpu/drm/nouveau/dispnv50/disp.c     |  192 ++++++++++++++++++++++--------------------------
>> > >  drivers/gpu/drm/nouveau/nouveau_connector.c |   14 ---
>> > >  drivers/gpu/drm/nouveau/nouveau_display.c   |    2
>> > >  drivers/gpu/drm/nouveau/nouveau_display.h   |    2
>> > >  drivers/gpu/drm/nouveau/nouveau_dp.c        |  132 ++++++++++++++++++++++++++++-----
>> > >  drivers/gpu/drm/nouveau/nouveau_encoder.h   |   33 +++++++-
>> > >  7 files changed, 244 insertions(+), 137 deletions(-)
>> > >
>> > > And the get_maintainers.pl rationale was:
>> > >
>> > > Ben Skeggs <bskeggs@...hat.com> (supporter:DRM DRIVER FOR NVIDIA GEFORCE/QUADRO GPUS,commit_signer:1/1=100%,commit_signer:6/16=38%,authored:4/16=25%,added_lines:23/124=19%,removed_lines:36/152=24%)
>> > > Karol Herbst <kherbst@...hat.com> (supporter:DRM DRIVER FOR NVIDIA GEFORCE/QUADRO GPUS,commit_signer:2/1=100%)
>> > > Lyude Paul <lyude@...hat.com> (supporter:DRM DRIVER FOR NVIDIA GEFORCE/QUADRO GPUS,commit_signer:9/16=56%,authored:6/16=38%,added_lines:92/124=74%,removed_lines:107/152=70%)
>> > > David Airlie <airlied@...il.com> (maintainer:DRM DRIVERS)
>> > > Daniel Vetter <daniel@...ll.ch> (maintainer:DRM DRIVERS)
>> > > Ilia Mirkin <imirkin@...m.mit.edu> (commit_signer:1/1=100%,authored:1/1=100%,added_lines:2/2=100%,removed_lines:2/2=100%)
>> > > "Nathan E. Egge" <unlord@...h.org> (commit_signer:1/1=100%)
>> > > Jani Nikula <jani.nikula@...el.com> (commit_signer:6/16=38%)
>> > > Dave Airlie <airlied@...hat.com> (commit_signer:5/16=31%)
>> > > Thomas Zimmermann <tzimmermann@...e.de> (commit_signer:4/16=25%,authored:4/16=25%)
>> > > dri-devel@...ts.freedesktop.org (open list:DRM DRIVER FOR NVIDIA GEFORCE/QUADRO GPUS)
>> > > nouveau@...ts.freedesktop.org (open list:DRM DRIVER FOR NVIDIA GEFORCE/QUADRO GPUS)
>> > >
>> >
>> > I'd say it's good enough to message supporters and the mailing lists
>> > for at least Nouveau code, maybe even all drm drivers.
>>
>> i.e. leave out the commit_signer hits?
>>
>
> yes.

Agreed.

I understand the point of commit_signer, but I don't think
get_maintainers.pl does a very good job with the heuristics, or
filtering out "insignificant" contributions to the files being changed.

BR,
Jani.

>
>> > Not sure what to do about actual maintainers, but I doubt Dave and
>> > Daniel want to be CCed on every Coverity report here either.
>>
>> I updated the CC logic based on this feedback:
>> https://lore.kernel.org/linux-hardening/87h6zgfub4.fsf@kernel.org/
>>
>> So maybe just mailing lists?
>>
>
> That should be good enough, but maybe the DRM subsystem is big enough
> so it's reasonable to add special rules. For Nouveau either way is
> fine.
>
>> --
>> Kees Cook
>>
>

-- 
Jani Nikula, Intel Open Source Graphics Center

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ