| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ZHZpcli2UmdzHgme@bhelgaas>
Date: Tue, 30 May 2023 16:24:02 -0500
From: Bjorn Helgaas <helgaas@...nel.org>
To: Andy Shevchenko <andriy.shevchenko@...ux.intel.com>
Cc: Krzysztof Wilczyński <kw@...ux.com>,
Rich Felker <dalias@...c.org>, linux-sh@...r.kernel.org,
linux-pci@...r.kernel.org,
Dominik Brodowski <linux@...inikbrodowski.net>,
linux-kernel@...r.kernel.org,
Mickaël Salaün <mic@...ikod.net>,
Andrew Lunn <andrew@...n.ch>, sparclinux@...r.kernel.org,
Stefano Stabellini <sstabellini@...nel.org>,
Yoshinori Sato <ysato@...rs.sourceforge.jp>,
Gregory Clement <gregory.clement@...tlin.com>,
"Rafael J. Wysocki" <rafael.j.wysocki@...el.com>,
Russell King <linux@...linux.org.uk>,
linux-acpi@...r.kernel.org, Miguel Ojeda <ojeda@...nel.org>,
xen-devel@...ts.xenproject.org, Matt Turner <mattst88@...il.com>,
Anatolij Gustschin <agust@...x.de>,
Sebastian Hesselbarth <sebastian.hesselbarth@...il.com>,
Arnd Bergmann <arnd@...db.de>,
Niklas Schnelle <schnelle@...ux.ibm.com>,
Richard Henderson <richard.henderson@...aro.org>,
Nicholas Piggin <npiggin@...il.com>,
Ivan Kokshaysky <ink@...assic.park.msu.ru>,
John Paul Adrian Glaubitz <glaubitz@...sik.fu-berlin.de>,
Bjorn Helgaas <bhelgaas@...gle.com>,
Mika Westerberg <mika.westerberg@...ux.intel.com>,
linux-arm-kernel@...ts.infradead.org,
Juergen Gross <jgross@...e.com>,
Thomas Bogendoerfer <tsbogend@...ha.franken.de>,
Philippe Mathieu-Daudé <philmd@...aro.org>,
linuxppc-dev@...ts.ozlabs.org,
Randy Dunlap <rdunlap@...radead.org>,
linux-mips@...r.kernel.org,
Oleksandr Tyshchenko <oleksandr_tyshchenko@...m.com>,
linux-alpha@...r.kernel.org,
Pali Rohár <pali@...nel.org>,
"David S. Miller" <davem@...emloft.net>,
"Maciej W. Rozycki" <macro@...am.me.uk>
Subject: Re: [PATCH v8 0/7] Add pci_dev_for_each_resource() helper and update
users
On Fri, May 12, 2023 at 02:48:51PM -0500, Bjorn Helgaas wrote:
> On Fri, May 12, 2023 at 01:56:29PM +0300, Andy Shevchenko wrote:
> > On Tue, May 09, 2023 at 01:21:22PM -0500, Bjorn Helgaas wrote:
> > > On Tue, Apr 04, 2023 at 11:11:01AM -0500, Bjorn Helgaas wrote:
> > > > On Thu, Mar 30, 2023 at 07:24:27PM +0300, Andy Shevchenko wrote:
> > > > > Provide two new helper macros to iterate over PCI device resources and
> > > > > convert users.
> > >
> > > > Applied 2-7 to pci/resource for v6.4, thanks, I really like this!
> > >
> > > This is 09cc90063240 ("PCI: Introduce pci_dev_for_each_resource()")
> > > upstream now.
> > >
> > > Coverity complains about each use,
> >
> > It needs more clarification here. Use of reduced variant of the
> > macro or all of them? If the former one, then I can speculate that
> > Coverity (famous for false positives) simply doesn't understand `for
> > (type var; var ...)` code.
>
> True, Coverity finds false positives. It flagged every use in
> drivers/pci and drivers/pnp. It didn't mention the arch/alpha, arm,
> mips, powerpc, sh, or sparc uses, but I think it just didn't look at
> those.
>
> It flagged both:
>
> pbus_size_io pci_dev_for_each_resource(dev, r)
> pbus_size_mem pci_dev_for_each_resource(dev, r, i)
>
> Here's a spreadsheet with a few more details (unfortunately I don't
> know how to make it dump the actual line numbers or analysis like I
> pasted below, so "pci_dev_for_each_resource" doesn't appear). These
> are mostly in the "Drivers-PCI" component.
>
> https://docs.google.com/spreadsheets/d/1ohOJwxqXXoDUA0gwopgk-z-6ArLvhN7AZn4mIlDkHhQ/edit?usp=sharing
>
> These particular reports are in the "High Impact Outstanding" tab.
Where are we at? Are we going to ignore this because some Coverity
reports are false positives?
Bjorn
Powered by blists - more mailing lists