lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <e685f670-d994-48c2-8913-57358f0f9ad7@samba.org>
Date: Thu, 7 Aug 2025 17:17:05 +0200
From: Stefan Metzmacher <metze@...ba.org>
To: Dan Carpenter <dan.carpenter@...aro.org>
Cc: Steve French <sfrench@...ba.org>, Paulo Alcantara <pc@...guebit.org>,
 Ronnie Sahlberg <ronniesahlberg@...il.com>,
 Shyam Prasad N <sprasad@...rosoft.com>, Tom Talpey <tom@...pey.com>,
 Bharath SM <bharathsm@...rosoft.com>, linux-cifs@...r.kernel.org,
 samba-technical@...ts.samba.org, linux-kernel@...r.kernel.org,
 kernel-janitors@...r.kernel.org, Namjae Jeon <linkinjeon@...nel.org>
Subject: Re: Using smatch and sparse together (Re: [PATCH next] smb: client:
 Fix use after free in send_done())

Am 07.08.25 um 17:06 schrieb Dan Carpenter:
> On Thu, Aug 07, 2025 at 04:27:41PM +0200, Stefan Metzmacher wrote:
>>> The DB is too big and too dependent on your .config but I should
>>> share the smatch_data/ more regularly.  I started to push that into
>>> a separate git repo but I didn't finish that work.  I should do
>>> that.
>>
>> Ok, what's the gain of updating it?
>> Does it help when doing fixes on old kernels?
> 
> If you run smatch_scripts/build_kernel_data.sh then it runs
> smatch_scripts/gen_* which generates a bunch of the files in
> smatch_data/.  Which in theory should enable more warnings for new
> code.
> 
> I've been moving away from generating files and more towards
> putting everything in the DB.  I just took a look at the files now
> to respond to your email and what I saw wasn't good...  I need to
> look at this some more.
> 
> I don't know how often the zero day bot rebuilds the smatch_data.
> I bet they never do and so I think it doesn't really matter.
> 
>>
>> I'm typically doing a full kernel build a week after each rc.
>> My idea was to rebuild the whole db after doing that.
> 
> Yeah.  That's a good strategy.  The data from the existing DB feeds
> into the new one when you rebuild the DB so don't delete the old
> DB at the start or anything.

I mean I'm typically do a git clean -xdf . in order
to wipe everything in order to do a clean:
make -j33 bindeb-pkg

So it would build a new DB, as I'm working based on
the new kernel I guess that's all I need or
are there other reasons to update the existing DB?

Thanks!
metze

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ