lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 14 Feb 2019 11:01:09 +0100
From:   Markus Elfring <Markus.Elfring@....de>
To:     Wen Yang <wen.yang99@....com.cn>
Cc:     Julia Lawall <julia.lawall@...6.fr>,
        Gilles Muller <Gilles.Muller@...6.fr>,
        Nicolas Palix <nicolas.palix@...g.fr>,
        Michal Marek <michal.lkml@...kovi.net>,
        Yi Wang <wang.yi59@....com.cn>,
        Masahiro Yamada <yamada.masahiro@...ionext.com>,
        Wen Yang <yellowriver2010@...mail.com>,
        Cheng Shengyu <cheng.shengyu@....com.cn>,
        cocci@...teme.lip6.fr, linux-kernel@...r.kernel.org,
        kernel-janitors@...r.kernel.org
Subject: Re: [PATCH v4] coccinelle: semantic patch for missing put_device()

> The implementation of this semantic patch is:

Thanks for your extension of such a commit message.


I would interpret the provided SmPL code in the way that it will not generate
adjusted (patched) C code so far.
Source code search results will be presented by the operation mode “report” or “org”.

How do you think about to exchange the word “patch” by “code search”
at affected places (and in the subject) then?


> In a function, for variables returned by calling of_find_device_by_node(),

Do variables really get returned?

The provided pointer should usually be stored somewhere.


> c, for the rest of the situation, the current function should release the
>    reference by calling put_device, this patch will report the
>    corresponding error message.

* Do you expect that the desired object release should be performed only in
  the same function implementation?

* Would you like to pick any software development challenges up around
  inter-procedural data flow (or even escape) analysis for the shown use case?


> Further, for the case of b, the object returned to other functions may also
> have a reference leak, we will continue to develop other cocci scripts to
> further check the reference leak.

I am curious on how these approaches will evolve further.


> +// Copyright: (C) 2018-2019 Wen Yang, ZTE.  GPLv2.

Would you like to add a SPDX identifier?


> +coccilib.report.print_report(p2[0],

Thanks for a nicer indentation here.


> +			     "ERROR: missing put_device;"

Will change confidence considerations result in another fine-tuning for this message?


> +			      + " call of_find_device_by_node on line "

I find that such a split string literal can be unwanted.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/coding-style.rst?id=1f947a7a011fcceb14cb912f5481a53b18f1879a#n94


> +			      + " and return without releasing.")

Possible rewording?

+			      + " but without a corresponding object release within this function.")


Regards,
Markus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ