lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20210128135437.GA8213@kadam>
Date:   Thu, 28 Jan 2021 16:54:37 +0300
From:   Dan Carpenter <dan.carpenter@...cle.com>
To:     smatch@...r.kernel.org
Cc:     linux-kernel@...r.kernel.org
Subject: smatch v1.71 released

Intro:

Smatch is a C static checker with a lot of kernel specific checks.  You
can download it from:  http://repo.or.cz/w/smatch.git.  Or if you prefer
a github mirror, then you can download it from
https://github.com/error27/smatch

The last time I made a release was in 2015. https://lwn.net/Articles/629250/
There have been over two thousand patches to Smatch in the past six
years but it's hard to point to any one thing as standing out.  One
thing I'm happy about is that Smatch is now much better at tracking
user controlled data.  Another thing which I can mention that I re-wrote
check_locking.c and wrote a blog entry about it:
https://blogs.oracle.com/linux/writing-the-ultimate-locking-check

The uninitialized variable warning that was mentioned in the relase
notes six years ago is more important than ever now that we have
disabled the GCC warning for uninitialized variables.  I really suggest
that people do add Smatch to their QC process.  You don't have to have
the full cross function database built.  Just do:

	~/path/to/smatch/smatch_scripts/kchecker drivers/file.c

You could also just build a sub directory:

	~/path/to/smatch/smatch_scripts/kchecker drivers/subdir/

If you don't use Smatch, that's fine as well because kbuild bot will
catch it or someone else will.  But probably it saves time for everyone
if developers run it themselves.

Building the cross function database is also really useful.  The
~/path/to/smatch/smatch_data/db/smdb.py script is helpful to understand
how function pointers are called or where struct members are set.
Building the database takes a long time to run but it's simple to do:
~/path/to/smatch/smatch_scripts/build_kernel_data.sh
And to test the whole kernel the command is:
~/path/to/smatch/smatch_scripts/test_kernel.sh

This is kind of a weird release because it's been so long since the
previous release.  I'm hoping to do more regular releases with better
release notes.  Releases are good because hopefully more people will do
a fresh pull and send me bug reports.  :)

regards,
dan carpenter

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ