From: Kees Cook <keescook@chromium.org>
To: Norbert Manthey <nmanthey@amazon.de>
Cc: Kroah-Hartman <greg@kroah.com>,
LKML <linux-kernel@vger.kernel.org>,
"Woodhouse, David" <dwmw@amazon.co.uk>,
"foersleo@amazon.de" <foersleo@amazon.de>,
Gustavo Pimentel <gustavo.pimentel@synopsys.com>,
"Gustavo A. R. Silva" <garsilva@embeddedor.com>,
Thomas Gleixner <tglx@linutronix.de>,
Colin Ian King <colin.king@canonical.com>,
Dave Jones <davej@codemonkey.org.uk>,
linux-hardening@vger.kernel.org
Subject: Re: Coverity Scan model file, license, public access
Date: Thu, 15 Jul 2021 11:25:53 -0700 [thread overview]
Message-ID: <202107151111.23BA48F99@keescook> (raw)
In-Reply-To: <a41221c8-86e5-494d-68fd-0a0b87c99e83@amazon.de>
On Thu, Jul 15, 2021 at 03:12:04PM +0200, Norbert Manthey wrote:
> On 7/6/21 6:54 PM, Kroah-Hartman wrote:
> >
> >
> > On Tue, Jul 06, 2021 at 09:45:47AM +0200, Norbert Manthey wrote:
> >> Dear all,
> >>
> >> I would like to work with code analysis on the Linux kernel. The
> >> currently used Coverity setup already uses a model file [1] to improve
> >> the precision of the analysis. To the best of my knowledge, this model
> >> file is currently not publicly accessible. I did not find a license
> >> attached to [1], nor any information about licensing.
> >
> > I have no idea who wrote that thing, sorry.
>
> Is there anybody else who knows more about the history of the used
> Coverity model? Thanks.
As far as I know, the model was written originally by Dave Jones, with
further changes from myself and, I think, Colin Ian King.
I thought it was visible through the Coverity dashboard, once you're
logged in:
https://scan.coverity.com/projects/linux-next-weekly-scan?tab=analysis_settings
(See 'Modeling file loaded [View]')
Regardless, I keep a copy in git since I'd been tweaking it (mostly to
no meaningful benefit: the model file doesn't work with macros, which is
where the bulk of the false positives in Coverity come from):
https://github.com/kees/coverity-linux
--
Kees Cook
next prev parent reply other threads:[~2021-07-15 18:25 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-06 7:45 Coverity Scan model file, license, public access Norbert Manthey
2021-07-06 16:54 ` Kroah-Hartman
[not found] ` <6f1cb856-fc72-cfd1-9bdd-b4dbf58c558c@amazon.de>
2021-07-06 18:41 ` Kroah-Hartman
[not found] ` <b5f5c38c-5691-816d-f14c-8a82be7d9456@amazon.de>
2021-07-07 5:16 ` Kroah-Hartman
2021-07-15 13:12 ` Norbert Manthey
2021-07-15 18:25 ` Kees Cook [this message]
2021-07-16 10:26 ` Norbert Manthey
2021-12-17 19:32 ` Muhammad Usama Anjum
2021-12-17 20:03 ` Gustavo A. R. Silva
2021-12-17 23:31 ` Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202107151111.23BA48F99@keescook \
--to=keescook@chromium.org \
--cc=colin.king@canonical.com \
--cc=davej@codemonkey.org.uk \
--cc=dwmw@amazon.co.uk \
--cc=foersleo@amazon.de \
--cc=garsilva@embeddedor.com \
--cc=greg@kroah.com \
--cc=gustavo.pimentel@synopsys.com \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nmanthey@amazon.de \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox