[PATCH 0/5] UBI: Coverity-inspired fixes

Brian Norris computersforpeace at gmail.com
Thu Mar 5 18:04:42 PST 2015


On Thu, Mar 05, 2015 at 11:33:14AM +0100, Richard Weinberger wrote:
> Brian,
> 
> Am 28.02.2015 um 11:23 schrieb Brian Norris:
> > Except for the last one, these were inspired by Coverity Scan results.
> > 
> > These fixes have barely been tested, but they are pretty straightforward
> > logically. As they've been sitting in my dust pile too long, I thought I'd at
> > least get them out there.
> > 
> > Brian Norris (5):
> >   UBI: account for bitflips in both the VID header and data
> >   UBI: fix out of bounds write
> >   UBI: initialize LEB number variable
> >   UBI: fix check for "too many bytes"
> >   UBI: align comment for readability
> 
> Nice work!
> I'll test them later today.
> Just a quick question, no patch has a stable tag, is this by design?
> From a first look most of them look like stable material.

Two reasons:

 1. I hadn't tested them heavily, and I definitely didn't try to target
 their codepaths much.

 2. Given #1 and the fact that these were just found by static analysis,
 I don't think they pass this test from
 Documentation/stable_kernel_rules.txt:

 " - It must fix a real bug that bothers people (not a, "This could be a
    problem..." type thing)."

So, I expected they would only be sent to stable if somebody (perhaps
me) is able to trigger something real, or at least gets some significant
testing on them.

Maybe this is a case where you send the fixes, and then send the commit
IDs to Greg after they have been proven stable and/or can be exploited
in some way through testing. (Option 2 in the updated
stable_kernel_rules.txt.)

But really, it's your/Artem's call.

Brian



More information about the linux-mtd mailing list