lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <f1d27f1b-d822-3457-7ca9-c4c5a8b98365@web.de>
Date:   Fri, 24 Apr 2020 09:46:36 +0200
From:   Markus Elfring <Markus.Elfring@....de>
To:     Dejin Zheng <zhengdejin5@...il.com>,
        dri-devel@...ts.freedesktop.org, linux-fbdev@...r.kernel.org,
        Coccinelle <cocci@...teme.lip6.fr>
Cc:     linux-kernel@...r.kernel.org, kernel-janitors@...r.kernel.org,
        Andy Shevchenko <andy.shevchenko@...il.com>,
        Bartlomiej Zolnierkiewicz <b.zolnierkie@...sung.com>,
        Florian Tobias Schandinat <FlorianSchandinat@....de>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Ralf Bächle <ralf@...ux-mips.org>,
        Thomas Bogendörfer <tsbogend@...ha.franken.de>,
        Thomas Gleixner <tglx@...utronix.de>
Subject: Re: console: Complete exception handling in newport_probe()

> Sorry, I do not know how to use the SmPL script.

I would like to try again to make you more familiar with applications
of the Coccinelle software.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/dev-tools/coccinelle.rst?id=b4f633221f0aeac102e463a4be46a643b2e3b819#n9

Another small example according to a script for the semantic patch language:
@display@
expression e, x;
statement is, es;
type t;
@@
*e = (t) ioremap(...)
 ... when != if( \( !e \| e == NULL \| unlikely( \( !e \| e == NULL \) ) \| WARN_ON( \( !e \| e == NULL \) ) \) ) is else es
     when != iounmap(e)
 return x;



>> Would you like to let any more source code analysis tools help you
>> to find remaining update candidates?
>>
> yes, but I think the source code analysis tools only can found the simple
> repetitive issue.

The shown analysis approach can point 127 source files out from
the software “Linux next-20200423”. These files contain function implementations
which might need further development considerations.


> and need spend some time learning to use it.

You came along a few files where you noticed questionable source code.
Would you become interested to find similar places for another check?


elfring@...ne:~/Projekte/Linux/next-patched> XX=$(date) && spatch --no-loops --timeout 12 -j 4 --chunksize 1 -dir ~/Projekte/Linux/next-patched ~/Projekte/Coccinelle/janitor/show_questionable_ioremap_usage3.cocci > ~/Projekte/Bau/Linux/scripts/Coccinelle/ioremap/20200423/show_questionable_ioremap_usage3.diff 2> ~/Projekte/Bau/Linux/scripts/Coccinelle/ioremap/20200423/show_questionable_ioremap_usage3-errors.txt; YY=$(date) && echo "$XX | $YY"
Fr 24. Apr 09:08:44 CEST 2020 | Fr 24. Apr 09:10:37 CEST 2020

Would you like to extend your learning experiences accordingly?


> now, I think the best for me may be that read and check the source code.

How do you think about to reduce efforts for manual code inspection?

Regards,
Markus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ