From mboxrd@z Thu Jan 1 00:00:00 1970 From: Richard Weinberger Date: Thu, 26 Mar 2015 09:11:37 +0000 Subject: Re: [PATCH 0/5] UBI: Coverity-inspired fixes Message-Id: <5513CD49.30803@nod.at> List-Id: References: <1425119009-28634-1-git-send-email-computersforpeace@gmail.com> <54F830EA.4080106@nod.at> <20150306020442.GP18140@ld-irv-0074> In-Reply-To: <20150306020442.GP18140@ld-irv-0074> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: Brian Norris Cc: kernel-janitors@vger.kernel.org, linux-mtd@lists.infradead.org, linux-kernel@vger.kernel.org, Artem Bityutskiy Am 06.03.2015 um 03:04 schrieb Brian Norris: > On Thu, Mar 05, 2015 at 11:33:14AM +0100, Richard Weinberger wrote: >> Brian, >> >> Am 28.02.2015 um 11:23 schrieb Brian Norris: >>> Except for the last one, these were inspired by Coverity Scan results. >>> >>> These fixes have barely been tested, but they are pretty straightforward >>> logically. As they've been sitting in my dust pile too long, I thought I'd at >>> least get them out there. >>> >>> Brian Norris (5): >>> UBI: account for bitflips in both the VID header and data >>> UBI: fix out of bounds write >>> UBI: initialize LEB number variable >>> UBI: fix check for "too many bytes" >>> UBI: align comment for readability >> >> Nice work! >> I'll test them later today. >> Just a quick question, no patch has a stable tag, is this by design? >> From a first look most of them look like stable material. > > Two reasons: > > 1. I hadn't tested them heavily, and I definitely didn't try to target > their codepaths much. > > 2. Given #1 and the fact that these were just found by static analysis, > I don't think they pass this test from > Documentation/stable_kernel_rules.txt: > > " - It must fix a real bug that bothers people (not a, "This could be a > problem..." type thing)." > > So, I expected they would only be sent to stable if somebody (perhaps > me) is able to trigger something real, or at least gets some significant > testing on them. > > Maybe this is a case where you send the fixes, and then send the commit > IDs to Greg after they have been proven stable and/or can be exploited > in some way through testing. (Option 2 in the updated > stable_kernel_rules.txt.) > > But really, it's your/Artem's call. Applied, thanks a lot Brian! I've marked patches 1 to 4 as stable material. Thanks, //richard From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from a.ns.miles-group.at ([95.130.255.143] helo=radon.swed.at) by bombadil.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1Yb3pa-0001t5-MF for linux-mtd@lists.infradead.org; Thu, 26 Mar 2015 09:12:04 +0000 Message-ID: <5513CD49.30803@nod.at> Date: Thu, 26 Mar 2015 10:11:37 +0100 From: Richard Weinberger MIME-Version: 1.0 To: Brian Norris Subject: Re: [PATCH 0/5] UBI: Coverity-inspired fixes References: <1425119009-28634-1-git-send-email-computersforpeace@gmail.com> <54F830EA.4080106@nod.at> <20150306020442.GP18140@ld-irv-0074> In-Reply-To: <20150306020442.GP18140@ld-irv-0074> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit Cc: kernel-janitors@vger.kernel.org, linux-mtd@lists.infradead.org, linux-kernel@vger.kernel.org, Artem Bityutskiy List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Am 06.03.2015 um 03:04 schrieb Brian Norris: > On Thu, Mar 05, 2015 at 11:33:14AM +0100, Richard Weinberger wrote: >> Brian, >> >> Am 28.02.2015 um 11:23 schrieb Brian Norris: >>> Except for the last one, these were inspired by Coverity Scan results. >>> >>> These fixes have barely been tested, but they are pretty straightforward >>> logically. As they've been sitting in my dust pile too long, I thought I'd at >>> least get them out there. >>> >>> Brian Norris (5): >>> UBI: account for bitflips in both the VID header and data >>> UBI: fix out of bounds write >>> UBI: initialize LEB number variable >>> UBI: fix check for "too many bytes" >>> UBI: align comment for readability >> >> Nice work! >> I'll test them later today. >> Just a quick question, no patch has a stable tag, is this by design? >> From a first look most of them look like stable material. > > Two reasons: > > 1. I hadn't tested them heavily, and I definitely didn't try to target > their codepaths much. > > 2. Given #1 and the fact that these were just found by static analysis, > I don't think they pass this test from > Documentation/stable_kernel_rules.txt: > > " - It must fix a real bug that bothers people (not a, "This could be a > problem..." type thing)." > > So, I expected they would only be sent to stable if somebody (perhaps > me) is able to trigger something real, or at least gets some significant > testing on them. > > Maybe this is a case where you send the fixes, and then send the commit > IDs to Greg after they have been proven stable and/or can be exploited > in some way through testing. (Option 2 in the updated > stable_kernel_rules.txt.) > > But really, it's your/Artem's call. Applied, thanks a lot Brian! I've marked patches 1 to 4 as stable material. Thanks, //richard From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752239AbbCZJLn (ORCPT ); Thu, 26 Mar 2015 05:11:43 -0400 Received: from a.ns.miles-group.at ([95.130.255.143]:65276 "EHLO radon.swed.at" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750982AbbCZJLj (ORCPT ); Thu, 26 Mar 2015 05:11:39 -0400 Message-ID: <5513CD49.30803@nod.at> Date: Thu, 26 Mar 2015 10:11:37 +0100 From: Richard Weinberger User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 MIME-Version: 1.0 To: Brian Norris CC: Artem Bityutskiy , linux-mtd@lists.infradead.org, linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org Subject: Re: [PATCH 0/5] UBI: Coverity-inspired fixes References: <1425119009-28634-1-git-send-email-computersforpeace@gmail.com> <54F830EA.4080106@nod.at> <20150306020442.GP18140@ld-irv-0074> In-Reply-To: <20150306020442.GP18140@ld-irv-0074> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Am 06.03.2015 um 03:04 schrieb Brian Norris: > On Thu, Mar 05, 2015 at 11:33:14AM +0100, Richard Weinberger wrote: >> Brian, >> >> Am 28.02.2015 um 11:23 schrieb Brian Norris: >>> Except for the last one, these were inspired by Coverity Scan results. >>> >>> These fixes have barely been tested, but they are pretty straightforward >>> logically. As they've been sitting in my dust pile too long, I thought I'd at >>> least get them out there. >>> >>> Brian Norris (5): >>> UBI: account for bitflips in both the VID header and data >>> UBI: fix out of bounds write >>> UBI: initialize LEB number variable >>> UBI: fix check for "too many bytes" >>> UBI: align comment for readability >> >> Nice work! >> I'll test them later today. >> Just a quick question, no patch has a stable tag, is this by design? >> From a first look most of them look like stable material. > > Two reasons: > > 1. I hadn't tested them heavily, and I definitely didn't try to target > their codepaths much. > > 2. Given #1 and the fact that these were just found by static analysis, > I don't think they pass this test from > Documentation/stable_kernel_rules.txt: > > " - It must fix a real bug that bothers people (not a, "This could be a > problem..." type thing)." > > So, I expected they would only be sent to stable if somebody (perhaps > me) is able to trigger something real, or at least gets some significant > testing on them. > > Maybe this is a case where you send the fixes, and then send the commit > IDs to Greg after they have been proven stable and/or can be exploited > in some way through testing. (Option 2 in the updated > stable_kernel_rules.txt.) > > But really, it's your/Artem's call. Applied, thanks a lot Brian! I've marked patches 1 to 4 as stable material. Thanks, //richard