| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 23 Oct 2013 08:03:00 +1100 From: Dave Chinner <david@...morbit.com> To: Eric Sandeen <sandeen@...deen.net> Cc: Geyslan Gregório Bem <geyslan@...il.com>, Ben Myers <bpm@....com>, Alex Elder <elder@...nel.org>, open list <linux-kernel@...r.kernel.org>, XFS FILESYSTEM <xfs@....sgi.com> Subject: Re: [PATCH] xfs: fix possible NULL dereference On Tue, Oct 22, 2013 at 03:49:01PM -0500, Eric Sandeen wrote: > On 10/22/13 3:39 PM, Dave Chinner wrote: > > On Tue, Oct 22, 2013 at 08:12:51AM -0200, Geyslan Gregório Bem wrote: > >> 2013/10/21 Dave Chinner <david@...morbit.com>: > >>> On Mon, Oct 21, 2013 at 07:00:59PM -0500, Eric Sandeen wrote: > >>>> On 10/21/13 6:56 PM, Dave Chinner wrote: > >>>>> On Mon, Oct 21, 2013 at 06:18:49PM -0500, Ben Myers wrote: > >>> > >>> Yes, but to continue the Devil's Advocate argument, the purpose of > >>> debug code isn't to enlightent the casual reader or drive-by > >>> patchers - it's to make life easier for people who actually spend > >>> time debugging the code. And the people who need the debug code > >>> are expected to understand why an ASSERT is not necessary. :) > >>> > >> Dave, Eric and Ben, > >> > >> This was catched by coverity (CID 102348). > > > > You should have put that in the patch description. > > > > Now I understand why there's been a sudden surge of irrelevant one > > line changes from random people that have never touched XFS before. > > > > <sigh> > > > > Ok, lets churn the code just to shut the stupid checker up. This > > doesn't fix a bug, it doesn't change behaviour, it just makes > > coverity happy. Convert it to the for loop plus ASSERT I mentioned > > in a previous message. > > You know, I respectfully disagree, but we might just have to agree > to disagree. The code, as it stands, tests for a null ptr > and then dereferences it. That's always going to raise some > eyebrows, coverity or not, debug code or not, drive by or not. > So even for future developers, making the code more self- > documenting about this behavior would be a plus, whether it's by > comment, by explicit ASSERT(), or whatever. (I don't think > that xfs_emerg() has quite enough context to make it obvious.) Sure, but if weren't for the fact that Coverity warned about it, nobody other that us people who work on the XFS code day in, day out would have even cared about it. That's kind of my point - again, as the Devil's Advocate - that coverity is encouraging drive-by "fixes" by people who don't actually understand any of the context, history and/or culture surrounding the code being modified. I have no problems with real bugs being fixed, but if we are modifying code for no gain other than closing "coverity doesn't like it" bugs, then we *should* be questioning whether the change is really necessary. Asking the question may not change the outcome, but we need to ask and answer the question regardless. > (We don't have to change code to shut up coverity; we can flag > it in the database and nobody else will see it.) Only if you are the first to see it and make an executive decision that it's not necessary to fix.... :/ Cheers, Dave. -- Dave Chinner david@...morbit.com -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists