Twitter | Pretraživanje | |
Dmitry Vyukov
What I'm thinking reading this sad story of crit remote vuln introduced into all LTS kernels and still unfixed (now in your kernel)- this "forgot to release lock" is mostly solved problem today with static analysis. Kernel absolutely needs it as part of the dev process 1/n
Reply Retweet Označi sa "sviđa mi se" More
Dmitry Vyukov 27. sij
Odgovor korisniku/ci @dvyukov
Coverity detects these, Clang ThreadSafetyAnalysis too. But tools are smaller part of solution. Integration into process is more important. But again kernel doesn't have real notion of changes, no infra to run analysis, no way to make anybody use it, no way to block submit, etc..
Reply Retweet Označi sa "sviđa mi se"
Dmitry Vyukov 27. sij
Odgovor korisniku/ci @dvyukov
That is no way to make it part of process and scale it. That would not just immediately prevent the bug, but prevent the whole class of bugs in all 20 MLOC with guarantees, cheaply and scalably. But that can't be bolted onto the project on the side, by few volunteers...
Reply Retweet Označi sa "sviđa mi se"
Dmitry Vyukov 27. sij
Odgovor korisniku/ci @dvyukov
Absence of context (no expand btn) in changes only exacerbates the problem. If you look at actual proposed change No mention of rcu, so why would reviewer even start thinking about the potential problem? There are known solutions to this problem as well...
Reply Retweet Označi sa "sviđa mi se"