lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <yq17cgg58sp.fsf@ca-mkp.ca.oracle.com>
Date: Mon, 29 Apr 2024 14:31:19 -0400
From: "Martin K. Petersen" <martin.petersen@...cle.com>
To: Kees Cook <keescook@...omium.org>
Cc: Erick Archer <erick.archer@...look.com>,
        "James E.J. Bottomley"
 <jejb@...ux.ibm.com>,
        "Martin K. Petersen" <martin.petersen@...cle.com>,
        Bjorn Helgaas <bhelgaas@...gle.com>,
        Justin Stitt
 <justinstitt@...gle.com>,
        "Gustavo A. R. Silva" <gustavoars@...nel.org>,
        linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-hardening@...r.kernel.org
Subject: Re: [PATCH v3] scsi: csiostor: Use kcalloc() instead of kzalloc()


Kees,

>> This patch seems to be lost. Gustavo reviewed it on January 15, 2024
>> but the patch has not been applied since.
>
> This looks correct to me. I can pick this up if no one else snags it?

I guess my original reply didn't make it out, I don't see it in the
archives.

My objections were:

 1. The original code is more readable to me than the proposed
    replacement.

 2. The original code has worked since introduced in 2012. Nobody has
    touched it since, presumably it's fine.

 3. I don't have the hardware and thus no way of validating the proposed
    changes.

So what is the benefit of me accepting this patch? We have had several
regressions in these conversions. Had one just last week, almost
identical in nature to the one at hand.

I am all for fixing code which is undergoing active use and development.
But I really don't see the benefit of updating a legacy driver which
hasn't seen updates in ages. Why risk introducing a regression?

-- 
Martin K. Petersen	Oracle Linux Engineering

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ