Xen project Mailing List

Re: [PATCH 0/2] x86/shadow: address two Coverity issues

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Fri, 15 Oct 2021 10:55:27 +0200

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=fnMkFGoim2tKIuA4770PFfPAj5poJOwKX5JlA/NuywE=; b=OWAKleaoha9hjHBmeNDEAtPxneBusV6JK7hP0pPjxYcH+OV+ZBFaies5CZFQfKYSsyGOwlu4U7JAc//m7UYBvTL/k7AXR1EUFuYKY4Go5KwEOG55yVZ+BzpJEdgGlxS25Q0v8nQjlX1PzLuRn0Mw/lUqGpv2idU3pOUhzbcITjYvXRDaNpJe9+7F7PawgdyP3Cskh2m1QIlfnEh2Xy5BoUri9nQZJ8+RwoQI1tRnVMbjg1ztIyitQdMdOd7gViUQafphHlFt0X5hm34DFAb6dVAXif0FXuprT3dcsLnKgsADGPLzNh1qkVVnghkB0unb0lxLH54cDbrtSMsWicX7JA==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VCgY2W7nYPRMBEun16tLPOCPnW23VgsJ7FraADqDcV/KANQZKr6Nl7VX71r2tvWCn5A2wQEF8YOnxNce8KwETmUc+ByJvRxy1zCWqB/DsmjM6YZte1LM/+2threen/nnhsEvicsBkucHCp1715VbB4VTYiXGBiCN8G6ppCNjBhV1rAryw338JW/a1Azco2ih0+JbIw4QvRUNvB5jOOP0fivfDF0lR8WXvnW/s88XGNjQMFfzg7VY7O+eyiUFtPPmG91pQD6slHXFb6zxQW5slCDL6iEaoRRa6nJYbaLWAkJqZSs8dMjHk4S9yV34bV0g9xygUPQKAWiUsj7bZeBmCQ==

Authentication-results: lists.xenproject.org; dkim=none (message not signed) header.d=none;lists.xenproject.org; dmarc=none action=none header.from=suse.com;

Cc: Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Fri, 15 Oct 2021 08:55:36 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 13.10.2021 18:10, Andrew Cooper wrote: > On 13/10/2021 16:36, Jan Beulich wrote: >> It's not clear to me why the tool spotted them now and not before, > > Several reasons. > > The Coverity backend is a software product just like everything else. > IIRC, it releases quarterly. > > "If something's free, then you are the product". The value of offering > free scanning of open source codebases comes from us (the free users) > integrating a massive corpus of code into Coverity's system, upon which > they can evaluate the effectiveness of new heuristics. > > > Second, and far more likely in this case, "x86/mm: avoid building > multiple .o from a single .c file". Coverity has always choked on that > in Xen, because it's intermediate database is keyed on source file with > latest takes precedent, so we were only seeing the 4-level case previously. > > > And to also answer your question from patch 1 here, there are upper time > and complexity bounds on all analysis, because scanning is an > exponential problem with the size of the source file. I don't know > exactly where the cutoffs are, and I fear that some of our larger files > never have later functions looked at. Thanks for the explanations. I have to admit that I would find it helpful if the tool distinguished new issues it found just because code previously wasn't scanned from ones that were truly introduced anew. For patch 1 here this might mean that the report was previously put off when reported against the 4-level case; I think it shouldn't have been ignored, but opinions might diverge and hence there might be a reason why patch 1 isn't wanted then. Patch 2, otoh, doesn't have a 4-level equivalent so is likely to be wanted. Unfortunately your reply didn't include an ack, nak, or at least a vague indication towards either, so I don't really know what (if anything) it means towards the actual patches. Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.