public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
From: Dave Jones <davej@redhat.com>
To: Dave Chinner <david@fromorbit.com>
Cc: "Eric Sandeen" <sandeen@sandeen.net>,
	"Geyslan Gregório Bem" <geyslan@gmail.com>,
	"Ben Myers" <bpm@sgi.com>, "Alex Elder" <elder@kernel.org>,
	"open list" <linux-kernel@vger.kernel.org>,
	"XFS FILESYSTEM" <xfs@oss.sgi.com>
Subject: Re: [PATCH] xfs: fix possible NULL dereference
Date: Fri, 25 Oct 2013 05:15:52 -0400	[thread overview]
Message-ID: <20131025091552.GB26384@redhat.com> (raw)
In-Reply-To: <20131022220254.GD2797@dastard>

On Wed, Oct 23, 2013 at 09:02:54AM +1100, Dave Chinner wrote:

 > > it looks suspicious to pretty much anyone.  I don't think Geyslan
 > > sent it to shut Coverity up, he sent it because it looked like
 > > a bug worth fixing (after Coverity spotted it).
 > > 
 > > Let's not be too hard on him for trying; I appreciate it more
 > > than spelling fixes and whitespace cleanups.  ;)
 > 
 > True, point taken. 

So another reason you're seeing an uptick in coverity reports lately
is that back in June they gave me admin rights for the project at scan.coverity.com
so I've been doing daily builds since then. (Previously they only did one per point release).

The Coverity guys did a write-up on this thread at http://security.coverity.com/blog/2013/Oct/deliberate-null-pointer-dereferences-in-the-linux-kernel.html 
The point about modelling is the pertinent part.  I'm still trying to get my
head around a lot of how that stuff works, but that's the sort of thing
that I have rights to do on their site too.

If you or anyone else wants access to their bugs, I can approve that
easily enough.  I've been going through and trying to filter out as many of
the intentional[*] issues as possible, and do things like sorting into components
so that you're able to look at just XFS bugs for eg.

I know Eric has been looking at their bugs when he has had time, but if there's
something I can do to make things easier for you guys, let me know.
(I could email you new issue reports as they come in for eg)

To end on a high note, XFS is actually one of the better subsystems from the
POV of number of issues they've found. Only 38 'New' issues right now, which
given the complexity in XFS, is pretty darn good, and I bet a bunch of those
are actually non-issues too.  The painful part is going through and sorting
through the non-issues to get to the real meaty bugs, which is what I've slowly
been doing over the last couple months. (Down from 5900 or so, to 5305,
thanks to help from others)

	Dave

[*] From what I've seen so far, a lot of issues it finds are the checker
getting tricked by idioms we use in the kernel rather than actual "false positives"
(in terms of "this is a bug in the checker"). As the url above points out,
sometimes we can help the checker out through modelling, but some of the code
I've seen it get tripped up is hard enough for a human to parse, so I don't 
really blame the checker for getting confused ;)


  parent reply	other threads:[~2013-10-25  9:16 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-10-21 18:32 [PATCH] xfs: fix possible NULL dereference Geyslan G. Bem
     [not found] ` <5265956F.4010700@sandeen.net>
2013-10-21 22:44   ` Dave Chinner
2013-10-21 23:12     ` Eric Sandeen
2013-10-21 23:18       ` Ben Myers
2013-10-21 23:56         ` Dave Chinner
2013-10-22  0:00           ` Eric Sandeen
2013-10-22  0:17             ` Dave Chinner
2013-10-22 10:12               ` Geyslan Gregório Bem
2013-10-22 20:39                 ` Dave Chinner
2013-10-22 20:49                   ` Eric Sandeen
2013-10-22 21:03                     ` Dave Chinner
2013-10-22 21:19                       ` Eric Sandeen
2013-10-22 22:02                         ` Dave Chinner
2013-10-22 22:33                           ` Ben Myers
2013-10-25  9:15                           ` Dave Jones [this message]
2013-10-23 10:58                         ` Geyslan Gregório Bem
2013-10-23 20:34                           ` Ben Myers
2013-10-23 20:53                             ` Geyslan Gregório Bem
2013-10-30 20:08                             ` Eric Sandeen
2013-10-31 15:55                               ` Ben Myers
2013-10-31 16:15                                 ` Geyslan Gregório Bem

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20131025091552.GB26384@redhat.com \
    --to=davej@redhat.com \
    --cc=bpm@sgi.com \
    --cc=david@fromorbit.com \
    --cc=elder@kernel.org \
    --cc=geyslan@gmail.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=sandeen@sandeen.net \
    --cc=xfs@oss.sgi.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox