lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <81e6af8eea5b0399d1685797d0ea6a6ebc273270.camel@gmail.com>
Date: Sat, 25 Oct 2025 11:53:56 +0530
From: ally heev <allyheev@...il.com>
To: Dan Carpenter <dan.carpenter@...aro.org>
Cc: Dwaipayan Ray <dwaipayanray1@...il.com>, Lukas Bulwahn	
 <lukas.bulwahn@...il.com>, Joe Perches <joe@...ches.com>, Jonathan Corbet	
 <corbet@....net>, Andy Whitcroft <apw@...onical.com>,
 workflows@...r.kernel.org, 	linux-doc@...r.kernel.org,
 linux-kernel@...r.kernel.org, David Hunter	 <david.hunter.linux@...il.com>,
 Shuah Khan <skhan@...uxfoundation.org>,  Viresh Kumar <vireshk@...nel.org>,
 Nishanth Menon <nm@...com>, Stephen Boyd <sboyd@...nel.org>, linux-pm	
 <linux-pm@...r.kernel.org>, dan.j.williams@...el.com
Subject: Re: [PATCH v2 2/2] add check for pointers with __free attribute
 initialized to NULL

On Fri, 2025-10-24 at 21:08 +0300, Dan Carpenter wrote:
> On Fri, Oct 24, 2025 at 10:59:16PM +0530, Ally Heev wrote:
> > pointers with __free attribute initialized to NULL
> > pose potential cleanup issues [1] when a function uses
> > interdependent variables with cleanup attributes
> > 
> > Link: https://docs.kernel.org/core-api/cleanup.html [1]
> > Link: https://lore.kernel.org/all/68f7b830ec21a_10e910070@dwillia2-mobl4.notmuch/
> > Suggested-by: Dan Williams <dan.j.williams@...el.com>
> > Signed-off-by: Ally Heev <allyheev@...il.com>
> > ---
> 
> I don't think this patch is a good idea...  There are two issues to
> consider 1) The absolute number over warnings.  500+ is too high.
> 2) The ratio of bugs to false positives and we don't have any data on
> that but I bet it's low.  It needs to be at least 5%.  For anything
> lower than that, you're better off just reviewing code at random
> instead of looking through warnings.
> 
> regards,
> dan carpenter

makes sense

General question about the process for my understanding:
Is checkpatch run on full tree by CI or someone and results reported
regularly ? My understanding was that we would run it only on patches
before submitting them Or we just run it on full tree before adding
new checks to understand if they are catching real issues

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ