lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <ZpHRWRWXGewydZfe@mini-arch>
Date: Fri, 12 Jul 2024 17:59:05 -0700
From: Stanislav Fomichev <sdf@...ichev.me>
To: Markus Elfring <Markus.Elfring@....de>
Cc: make24@...as.ac.cn, bpf@...r.kernel.org,
	linux-kselftest@...r.kernel.org, kernel-janitors@...r.kernel.org,
	LKML <linux-kernel@...r.kernel.org>,
	Alexei Starovoitov <ast@...nel.org>,
	Andrii Nakryiko <andrii@...nel.org>,
	Daniel Borkmann <daniel@...earbox.net>,
	Eduard Zingerman <eddyz87@...il.com>, Hao Luo <haoluo@...gle.com>,
	Jiri Olsa <jolsa@...nel.org>,
	John Fastabend <john.fastabend@...il.com>,
	KP Singh <kpsingh@...nel.org>,
	Martin KaFai Lau <martin.lau@...ux.dev>,
	Mykola Lysenko <mykolal@...com>, Shuah Khan <shuah@...nel.org>,
	Song Liu <song@...nel.org>,
	Sowmini Varadhan <sowmini.varadhan@...cle.com>,
	Yonghong Song <yonghong.song@...ux.dev>
Subject: Re: [PATCH] selftests/bpf:fix a resource leak in main()

On 07/12, Markus Elfring wrote:
> > The requested resources should be closed before return in main(), otherwise
> > resource leak will occur. Add a check of cg_fd before close().
> >
> > Fixes: 435f90a338ae ("selftests/bpf: add a test case for sock_ops perf-event notification")
> > Signed-off-by: Ma Ke <make24@...as.ac.cn>
> 
> Please reconsider such information once more.
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/submitting-patches.rst?h=v6.10-rc7#n398
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/researcher-guidelines.rst?h=v6.10-rc7#n5
> 
> 
> How many source code analysis tools should be able to point out that the return value
> from the call of a function like pthread_create() should get more development attention
> (also for discussed test functions)?
> https://elixir.bootlin.com/linux/v6.10-rc7/source/tools/testing/selftests/bpf/test_tcpnotify_user.c#L122
> 
> See also:
> * https://cwe.mitre.org/data/definitions/252.html
> 
> * https://wiki.sei.cmu.edu/confluence/display/c/POS54-C.+Detect+and+handle+POSIX+library+errors

We are talking about testing binaries here. We don't have infinite
amount of time to polish them. If you really want to help, look at
the flakes on the bpf dashboard and help us weed them out.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ