What I'm thinking reading this sad story of crit remote vuln introduced into all #linux LTS kernels and still unfixed (now in your kernel)- this "forgot to release lock" is mostly solved problem today with static analysis. Kernel absolutely needs it as part of the dev process 1/nhttps://twitter.com/grsecurity/status/1220351582405042176 …
-
Prikaži ovu nit
-
Coverity detects these, Clang ThreadSafetyAnalysis too. But tools are smaller part of solution. Integration into process is more important. But again kernel doesn't have real notion of changes, no infra to run analysis, no way to make anybody use it, no way to block submit, etc..
1 reply 0 proslijeđenih tweetova 6 korisnika označava da im se sviđaPrikaži ovu nit -
That is no way to make it part of process and scale it. That would not just immediately prevent the bug, but prevent the whole class of bugs in all 20 MLOC with guarantees, cheaply and scalably. But that can't be bolted onto the project on the side, by few volunteers...
1 reply 0 proslijeđenih tweetova 5 korisnika označava da im se sviđaPrikaži ovu nit
Absence of context (no expand btn) in changes only exacerbates the problem. If you look at actual proposed change https://patchwork.kernel.org/patch/11256477/ No mention of rcu, so why would reviewer even start thinking about the potential problem? There are known solutions to this problem as well...
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.