| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 24 Apr 2020 09:46:36 +0200
From: Markus Elfring <Markus.Elfring@....de>
To: Dejin Zheng <zhengdejin5@...il.com>,
dri-devel@...ts.freedesktop.org, linux-fbdev@...r.kernel.org,
Coccinelle <cocci@...teme.lip6.fr>
Cc: linux-kernel@...r.kernel.org, kernel-janitors@...r.kernel.org,
Andy Shevchenko <andy.shevchenko@...il.com>,
Bartlomiej Zolnierkiewicz <b.zolnierkie@...sung.com>,
Florian Tobias Schandinat <FlorianSchandinat@....de>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Ralf Bächle <ralf@...ux-mips.org>,
Thomas Bogendörfer <tsbogend@...ha.franken.de>,
Thomas Gleixner <tglx@...utronix.de>
Subject: Re: console: Complete exception handling in newport_probe()
> Sorry, I do not know how to use the SmPL script.
I would like to try again to make you more familiar with applications
of the Coccinelle software.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/dev-tools/coccinelle.rst?id=b4f633221f0aeac102e463a4be46a643b2e3b819#n9
Another small example according to a script for the semantic patch language:
@display@
expression e, x;
statement is, es;
type t;
@@
*e = (t) ioremap(...)
... when != if( \( !e \| e == NULL \| unlikely( \( !e \| e == NULL \) ) \| WARN_ON( \( !e \| e == NULL \) ) \) ) is else es
when != iounmap(e)
return x;
>> Would you like to let any more source code analysis tools help you
>> to find remaining update candidates?
>>
> yes, but I think the source code analysis tools only can found the simple
> repetitive issue.
The shown analysis approach can point 127 source files out from
the software “Linux next-20200423”. These files contain function implementations
which might need further development considerations.
> and need spend some time learning to use it.
You came along a few files where you noticed questionable source code.
Would you become interested to find similar places for another check?
elfring@...ne:~/Projekte/Linux/next-patched> XX=$(date) && spatch --no-loops --timeout 12 -j 4 --chunksize 1 -dir ~/Projekte/Linux/next-patched ~/Projekte/Coccinelle/janitor/show_questionable_ioremap_usage3.cocci > ~/Projekte/Bau/Linux/scripts/Coccinelle/ioremap/20200423/show_questionable_ioremap_usage3.diff 2> ~/Projekte/Bau/Linux/scripts/Coccinelle/ioremap/20200423/show_questionable_ioremap_usage3-errors.txt; YY=$(date) && echo "$XX | $YY"
Fr 24. Apr 09:08:44 CEST 2020 | Fr 24. Apr 09:10:37 CEST 2020
Would you like to extend your learning experiences accordingly?
> now, I think the best for me may be that read and check the source code.
How do you think about to reduce efforts for manual code inspection?
Regards,
Markus
Powered by blists - more mailing lists