lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 20 Dec 2018 12:27:45 +0300
From:   Dan Carpenter <dan.carpenter@...cle.com>
To:     Kangjie Lu <kjlu@....edu>
Cc:     devel@...verdev.osuosl.org, Kees Cook <keescook@...omium.org>,
        Arnd Bergmann <arnd@...db.de>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        linux-kernel@...r.kernel.org, pakki001@....edu,
        Aymen Qader <qader.aymen@...il.com>
Subject: Re: [PATCH] rts5208: add a missing check for the status of command
 sending

I think maybe this is the first kernel patch I have recieved from you.

When you're adding error handling there are a couple ways to go wrong
and this is what I look at when I review error handling patches:
1) The error handling is not required.
2) The error handling is not complete.

I have messed up on both of these in my own patches because sometimes
the code is complicated to understand.  Sometimes there isn't any way
to recover from errors.  For example, we sometimes deliberately assume
that the PCI bus is working because if it's not the real fix is to buy
new hardware.

Another thing that helps is to try write about the real world impact
about the patch in the changelog.  Try ask, why has that bug not been
found before?  Always take a look at how the function is called and the
wider context.

regards,
dan carpenter

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ