Re: [Cocci] Coccinelle rule for CVE-2019-18683

From: Markus Elfring
Date: Fri Apr 10 2020 - 09:17:27 EST

Next message: Jerome Pouiller: "[PATCH 01/19] staging: wfx: fix race between configure_filter and remove_interface"
Previous message: Tetsuo Handa: "Re: [PATCH 0/2] mm: Two small fixes for recent syzbot reports"
In reply to: Alexander Popov: "Re: [Cocci] Coccinelle rule for CVE-2019-18683"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>> * The source code search pattern can be too generic.
>> How do you think about to consider additional constraints
>> for safer data control flow analysis?
>
> Could you please elaborate on that?

Julia Lawall chose to mention the design possibility âput when
!= mutex_lock(E) after the ...â.
https://systeme.lip6.fr/pipermail/cocci/2020-April/007107.html
alpine.DEB.2.21.2004091248190.2403@hadrien/">https://lore.kernel.org/cocci/alpine.DEB.2.21.2004091248190.2403@hadrien/

> I used 'exists' keyword to find at least one branch that has
> mutex_unlock+kthread_stop+mutex_lock chain.

Are you informed about development challenges for data flow analysis
(or even escape analysis according to computer science)?

How many experiences can be reused from other known approaches?

Regards,
Markus

Next message: Jerome Pouiller: "[PATCH 01/19] staging: wfx: fix race between configure_filter and remove_interface"
Previous message: Tetsuo Handa: "Re: [PATCH 0/2] mm: Two small fixes for recent syzbot reports"
In reply to: Alexander Popov: "Re: [Cocci] Coccinelle rule for CVE-2019-18683"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]