lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <77f6e6fc46232db82a3c63e93877c9534334e407.camel@amazon.de>
Date: Thu, 16 May 2024 15:28:16 +0000
From: "Manthey, Norbert" <nmanthey@...zon.de>
To: "keescook@...omium.org" <keescook@...omium.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
CC: "Woodhouse, David" <dwmw@...zon.co.uk>, "Stieger, Andreas"
	<astieger@...zon.de>, "linux-hardening@...r.kernel.org"
	<linux-hardening@...r.kernel.org>, "Hemdan, Hagar Gamal Halim"
	<hagarhem@...zon.de>
Subject: Extending Linux' Coverity model and also cover aarch64

Dear Kees, all,

we published an extension for the Coverity model that is used by the
CoverityScan setup for the Linux kernel [1]. We have been using this
extension to analyze the 6.1 kernel branch, and reported some fixes to
the upstream code base that are based on this model [2]. Feel free to
merge the pull request, and update the model in the CoverityScan setup.
We do not have access to that project to perform these updates
ourselves.

To increase the analysis coverage to aarch64, we analyzed a x86 and a
aarch64 configuration. The increased coverage is achieved by using re-
configuration and cross-compilation during the analysis build. If you
are interested in this setup we can share the Dockerfile and script we
used for this process.

To prevent regressions in backports to LTS kernels, we wondered whether
the community is interested in setting up CoverityScan projects for
older kernel releases. Would such an extension be useful to show new
defects in addition to the current release testing?

Best,
Norbert

[1] github Coverity model pull request link:
https://github.com/kees/coverity-linux/pull/1
[2] Emails for most fixes by Hagar:
https://lore.kernel.org/all/?q=f%3Ahagarhem




Amazon Web Services Development Center Germany GmbH
Krausenstr. 38
10117 Berlin
Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss
Eingetragen am Amtsgericht Charlottenburg unter HRB 257764 B
Sitz: Berlin
Ust-ID: DE 365 538 597

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ