[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 0/2] x86/shadow: address two Coverity issues

  • To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Fri, 15 Oct 2021 10:55:27 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=fnMkFGoim2tKIuA4770PFfPAj5poJOwKX5JlA/NuywE=; b=OWAKleaoha9hjHBmeNDEAtPxneBusV6JK7hP0pPjxYcH+OV+ZBFaies5CZFQfKYSsyGOwlu4U7JAc//m7UYBvTL/k7AXR1EUFuYKY4Go5KwEOG55yVZ+BzpJEdgGlxS25Q0v8nQjlX1PzLuRn0Mw/lUqGpv2idU3pOUhzbcITjYvXRDaNpJe9+7F7PawgdyP3Cskh2m1QIlfnEh2Xy5BoUri9nQZJ8+RwoQI1tRnVMbjg1ztIyitQdMdOd7gViUQafphHlFt0X5hm34DFAb6dVAXif0FXuprT3dcsLnKgsADGPLzNh1qkVVnghkB0unb0lxLH54cDbrtSMsWicX7JA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VCgY2W7nYPRMBEun16tLPOCPnW23VgsJ7FraADqDcV/KANQZKr6Nl7VX71r2tvWCn5A2wQEF8YOnxNce8KwETmUc+ByJvRxy1zCWqB/DsmjM6YZte1LM/+2threen/nnhsEvicsBkucHCp1715VbB4VTYiXGBiCN8G6ppCNjBhV1rAryw338JW/a1Azco2ih0+JbIw4QvRUNvB5jOOP0fivfDF0lR8WXvnW/s88XGNjQMFfzg7VY7O+eyiUFtPPmG91pQD6slHXFb6zxQW5slCDL6iEaoRRa6nJYbaLWAkJqZSs8dMjHk4S9yV34bV0g9xygUPQKAWiUsj7bZeBmCQ==
  • Authentication-results: lists.xenproject.org; dkim=none (message not signed) header.d=none;lists.xenproject.org; dmarc=none action=none header.from=suse.com;
  • Cc: Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Fri, 15 Oct 2021 08:55:36 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 13.10.2021 18:10, Andrew Cooper wrote:
> On 13/10/2021 16:36, Jan Beulich wrote:
>> It's not clear to me why the tool spotted them now and not before,
> Several reasons.
> The Coverity backend is a software product just like everything else. 
> IIRC, it releases quarterly.
> "If something's free, then you are the product".  The value of offering
> free scanning of open source codebases comes from us (the free users)
> integrating a massive corpus of code into Coverity's system, upon which
> they can evaluate the effectiveness of new heuristics.
> Second, and far more likely in this case, "x86/mm: avoid building
> multiple .o from a single .c file".  Coverity has always choked on that
> in Xen, because it's intermediate database is keyed on source file with
> latest takes precedent, so we were only seeing the 4-level case previously.
> And to also answer your question from patch 1 here, there are upper time
> and complexity bounds on all analysis, because scanning is an
> exponential problem with the size of the source file.  I don't know
> exactly where the cutoffs are, and I fear that some of our larger files
> never have later functions looked at.

Thanks for the explanations. I have to admit that I would find it helpful
if the tool distinguished new issues it found just because code previously
wasn't scanned from ones that were truly introduced anew. For patch 1 here
this might mean that the report was previously put off when reported
against the 4-level case; I think it shouldn't have been ignored, but
opinions might diverge and hence there might be a reason why patch 1
isn't wanted then. Patch 2, otoh, doesn't have a 4-level equivalent so is
likely to be wanted. Unfortunately your reply didn't include an ack, nak,
or at least a vague indication towards either, so I don't really know what
(if anything) it means towards the actual patches.




Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.