lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 1 Dec 2023 19:16:56 +0300
From:   Sergei Shtylyov <sergei.shtylyov@...il.com>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Karina Yankevich <k.yankevich@....ru>
Cc:     Alan Stern <stern@...land.harvard.edu>, linux-usb@...r.kernel.org,
        usb-storage@...ts.one-eyed-alien.net, linux-kernel@...r.kernel.org,
        lvc-project@...uxtesting.org
Subject: Re: [PATCH v2] usb: storage: sddr55: clean up variable type

Hello!

   Sorry for the really long delay! Your reply scared off Karina
(it was her 1st kernel patch), so I'm trying to pick this patch up
where it was left back in February...

On 2/27/23 2:54 PM, Greg Kroah-Hartman wrote:
[...]
>> SVACE static analyzer complains that we're possibly
>> losing information by shifting an 'unsigned int pba'
>> variables in sddr55_{read,write}_data().
>> It is a false positive, because of the card's total capacity
>> is no larger than 128 MB. But 'unsigned int' is more
>> suitable in this case.
> 
> Please wrap at 72 columns.
> 
>> Found by OMP on behalf of Linux Verification Center
>> (linuxtesting.org) with SVACE.
> 
> What is "OMP"?

   Open Mobile Platform, LLC. The website is in Russian only:

https://www.omp.ru

> What is "SVACE"?

  The patch description said thst it's a static analyzer.
Here's the link to the Institute for System Programming web page about it:

https://www.ispras.ru/en/technologies/svace/

> And why change anything if there is not a real issue?

   We needlessly use 64-bit type on 64-bit arches.

>> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> 
> That's obviously not the correct commit id for such a "fix" as this is
> not a real issue.

   That's correct. We'll remove this tag.

> thanks,
> 
> greg k-h

MBR, Srrgey

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ