lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Sun, 23 Apr 2017 14:36:05 +0200
From:   SF Markus Elfring <elfring@...rs.sourceforge.net>
To:     Tobias Jakobi <tjakobi@...h.uni-bielefeld.de>,
        dmaengine@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
        linux-samsung-soc@...r.kernel.org
Cc:     Dan Williams <dan.j.williams@...el.com>,
        Javier Martinez Canillas <javier@....samsung.com>,
        Krzysztof Kozlowski <krzk@...nel.org>,
        Kukjin Kim <kgene@...nel.org>,
        LKML <linux-kernel@...r.kernel.org>,
        kernel-janitors@...r.kernel.org
Subject: Re: s3c24xx: Use devm_kcalloc() in s3c24xx_dma_probe()

>> Its implementation of the check “ALLOC_WITH_MULTIPLY” considers only an other
>> search pattern so far.
>>
>> * Do you find it worthwhile to add a prefix like “devm_” to the used
>>   regular expression?
>>
>> * Would like to improve any related scripts for the semantic patch language
>>   (Coccinelle software) a bit more?
> I don't understand why you're asking this.

Software developers and code reviewers have got different opinions
about such checks and their relevance.


> I'm talking about the _output_ of checkpatch,

This information is clear at first glance.


> not about the script itself.

But it will not provide the warning you might be looking for
while you seem to find my source code analysis approach and
notifications improvable.
I assume that you might be interested in corresponding extensions
for the involved search patterns.


> But undoubtedly your patch is motivated by the output of said tool.

This tool implemented some checks.


> Hence you should mention that.

Additional tools take also care for similar software development concerns,
don't they?

Can it be appropriate to omit the reference to only one Perl script
for related use cases?

Regards,
Markus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ