lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sat, 4 Dec 2021 15:34:19 +0500
From:   Ameer Hamza <amhamza.mgc@...il.com>
To:     Greg KH <gregkh@...uxfoundation.org>
Cc:     arve@...roid.com, tkjos@...roid.com, maco@...roid.com,
        joel@...lfernandes.org, christian@...uner.io,
        Hridya Valsaraju <hridya@...gle.com>,
        Suren Baghdasaryan <surenb@...gle.com>,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] binder: fixed coverity warning by moving pr_warn outside
 lock

On Sat, Dec 04, 2021 at 10:00:32AM +0100, Greg KH wrote:
> A: http://en.wikipedia.org/wiki/Top_post
> Q: Were do I find info about this thing called top-posting?
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
> A: Top-posting.
> Q: What is the most annoying thing in e-mail?
> 
> A: No.
> Q: Should I include quotations after my reply?
> 
> http://daringfireball.net/2007/07/on_top
Thank you so much sharing the useful post as I have just started my open source journey very recently

> 
> On Sat, Dec 04, 2021 at 01:50:44PM +0500, Ameer Hamza wrote:
> > Thank you Greg for your response. The link to Coverity warning:
> > https://scan5.coverity.com/reports.htm#v56991/p10063/fileInstanceId=204668511&defectInstanceId=52305699&mergedDefectId=1494148
> 
> That link does not seem to be public.  What project are you looking at?
Its Linux project under coverity scan and CID for this warning is 1494148

> 
> > I have seen similar warnings if the print operation is used inside a lock,
> > i.e., Coverity speculates a possible deadlock scenario, which might be a
> > false positive because internal printk implementation uses a separate lock.
> 
> When dealing with Coverity, it is up to you to determine if what it says
> is actually true before sending out patches for it, due to the HUGE
> number of false-positives it spits out.
I will keep keep this under consideration for now, thanks

Best Regards,
Hamza

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ