| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 6 Oct 2018 08:51:16 -0700
From: Kees Cook <keescook@...omium.org>
To: Fengguang Wu <fengguang.wu@...el.com>
Cc: Joel Fernandes <joel@...lfernandes.org>,
Greg KH <gregkh@...uxfoundation.org>,
LKML <linux-kernel@...r.kernel.org>, LKP <lkp@...el.com>
Subject: Re: [PATCH v4.19-rc7] treewide: Replace more open-coded allocation
size multiplications
On Sat, Oct 6, 2018 at 1:49 AM, Fengguang Wu <fengguang.wu@...el.com> wrote:
> On Fri, Oct 05, 2018 at 08:14:34PM -0700, Joel Fernandes wrote:
>>
>> On Fri, Oct 05, 2018 at 05:22:35PM -0700, Greg KH wrote:
>>> And do we have a way to add a rule to 0-day to catch these so that they
>>> get a warning when they are added again?
>>
>>
>> They could just be added to scripts/coccinelle and 0-day will report them?
>>
>> For example, 0-day ran scripts/coccinelle/api/platform_no_drv_owner.cocci
>> on
>> a recently submitted patch and reported it here:
>>
>> https://lore.kernel.org/lkml/201808301856.vMNJerSs%25fengguang.wu@intel.com/
>>
>> But I'm not sure if 0-day runs make coccicheck on specific semantic
>> patches,
>> or runs all of them (CC'd Fengguang).
>
> 0-day runs all coccinelle scripts. However only auto report out
> warnings that are known to have low false positives.
>
> So if you add new coccinelle scripts that emit accurate enough
> warnings, it'd be good to inform the LKP team to add the new
> warnings to our auto-report-out white list.
It runs with MODE=report by default, yes? I'd need to expand the cases
to cover that (it is patch-only currently) so that would be a roughly
10,000 line Coccinelle script. :)
-Kees
--
Kees Cook
Pixel Security
Powered by blists - more mailing lists