* Coverity Scan model file, license, public access @ 2021-07-06 7:45 Norbert Manthey 2021-07-06 16:54 ` Kroah-Hartman 0 siblings, 1 reply; 10+ messages in thread From: Norbert Manthey @ 2021-07-06 7:45 UTC (permalink / raw) To: LKML Cc: Woodhouse, David, foersleo, Gustavo Pimentel, Gustavo A. R. Silva, Kees Cook, Kroah-Hartman, Thomas Gleixner Dear all, I would like to work with code analysis on the Linux kernel. The currently used Coverity setup already uses a model file [1] to improve the precision of the analysis. To the best of my knowledge, this model file is currently not publicly accessible. I did not find a license attached to [1], nor any information about licensing. To improve the way Coverity is used, I would like to move this model file into a public repository, and add a license. I wonder whom else I should involve into this process. Is there a recommended place for the location of the license? I assume the targeted license should be GPL, and would like to understand whether that works with the way this file is currently maintained. Best, Norbert [1] https://scan.coverity.com/projects/linux-next-weekly-scan/model_file Amazon Development Center Germany GmbH Krausenstr. 38 10117 Berlin Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B Sitz: Berlin Ust-ID: DE 289 237 879 ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Coverity Scan model file, license, public access 2021-07-06 7:45 Coverity Scan model file, license, public access Norbert Manthey @ 2021-07-06 16:54 ` Kroah-Hartman [not found] ` <6f1cb856-fc72-cfd1-9bdd-b4dbf58c558c@amazon.de> 2021-07-15 13:12 ` Norbert Manthey 0 siblings, 2 replies; 10+ messages in thread From: Kroah-Hartman @ 2021-07-06 16:54 UTC (permalink / raw) To: Norbert Manthey Cc: LKML, Woodhouse, David, foersleo, Gustavo Pimentel, Gustavo A. R. Silva, Kees Cook, Thomas Gleixner On Tue, Jul 06, 2021 at 09:45:47AM +0200, Norbert Manthey wrote: > Dear all, > > I would like to work with code analysis on the Linux kernel. The > currently used Coverity setup already uses a model file [1] to improve > the precision of the analysis. To the best of my knowledge, this model > file is currently not publicly accessible. I did not find a license > attached to [1], nor any information about licensing. I have no idea who wrote that thing, sorry. > To improve the way Coverity is used, I would like to move this model > file into a public repository, and add a license. I wonder whom else I > should involve into this process. Is there a recommended place for the > location of the license? I assume the targeted license should be GPL, > and would like to understand whether that works with the way this file > is currently maintained. How is adding this file anywhere going to help? Coverity is a closed source tool that a few of us are "lucky" to be able to use, and even then, it's tightly restricted what we can do with it. The only real users that this could benefit is anyone who is paying for the tool, and if they are doing that, they are not allowed to share the results of the output with anyone else (as per the license of the tool). So unless you are going to be doing this work on your own, with a paid copy of the tool, who will use it? thanks, greg k-h ^ permalink raw reply [flat|nested] 10+ messages in thread
[parent not found: <6f1cb856-fc72-cfd1-9bdd-b4dbf58c558c@amazon.de>]
* Re: Coverity Scan model file, license, public access [not found] ` <6f1cb856-fc72-cfd1-9bdd-b4dbf58c558c@amazon.de> @ 2021-07-06 18:41 ` Kroah-Hartman [not found] ` <b5f5c38c-5691-816d-f14c-8a82be7d9456@amazon.de> 0 siblings, 1 reply; 10+ messages in thread From: Kroah-Hartman @ 2021-07-06 18:41 UTC (permalink / raw) To: Norbert Manthey Cc: LKML, Woodhouse, David, foersleo, Gustavo Pimentel, Gustavo A. R. Silva, Kees Cook, Thomas Gleixner On Tue, Jul 06, 2021 at 08:34:16PM +0200, Norbert Manthey wrote: > With respect to sharing the results: we are allowed to upstream fixes > that we find with the tool. We contributed in that way already, e.g. [2]. Yes, that is how many companies do this and have for a long time (Canonical does this a lot). But that puts all the work on you, and you can not share the results of the tool with anyone, so you are forced to do the work to fix problems the tool reports, which feels really wrong when you are dealing with a scan of a public source tree... thanks, greg k-h ^ permalink raw reply [flat|nested] 10+ messages in thread
[parent not found: <b5f5c38c-5691-816d-f14c-8a82be7d9456@amazon.de>]
* Re: Coverity Scan model file, license, public access [not found] ` <b5f5c38c-5691-816d-f14c-8a82be7d9456@amazon.de> @ 2021-07-07 5:16 ` Kroah-Hartman 0 siblings, 0 replies; 10+ messages in thread From: Kroah-Hartman @ 2021-07-07 5:16 UTC (permalink / raw) To: Norbert Manthey Cc: LKML, Woodhouse, David, foersleo, Gustavo Pimentel, Gustavo A. R. Silva, Kees Cook, Thomas Gleixner On Tue, Jul 06, 2021 at 09:06:33PM +0200, Norbert Manthey wrote: > Backtracking to the original problem: is there a way to figure out the > contributors of the current model, to get an agreement on the license to > be used? By sending html email, you are preventing the lists from seeing this question, so you might want to start by fixing that on your end :) greg k-h ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Coverity Scan model file, license, public access 2021-07-06 16:54 ` Kroah-Hartman [not found] ` <6f1cb856-fc72-cfd1-9bdd-b4dbf58c558c@amazon.de> @ 2021-07-15 13:12 ` Norbert Manthey 2021-07-15 18:25 ` Kees Cook 1 sibling, 1 reply; 10+ messages in thread From: Norbert Manthey @ 2021-07-15 13:12 UTC (permalink / raw) To: Kroah-Hartman Cc: LKML, Woodhouse, David, foersleo, Gustavo Pimentel, Gustavo A. R. Silva, Kees Cook, Thomas Gleixner On 7/6/21 6:54 PM, Kroah-Hartman wrote: > > > On Tue, Jul 06, 2021 at 09:45:47AM +0200, Norbert Manthey wrote: >> Dear all, >> >> I would like to work with code analysis on the Linux kernel. The >> currently used Coverity setup already uses a model file [1] to improve >> the precision of the analysis. To the best of my knowledge, this model >> file is currently not publicly accessible. I did not find a license >> attached to [1], nor any information about licensing. > > I have no idea who wrote that thing, sorry. Is there anybody else who knows more about the history of the used Coverity model? Thanks. Best, Norbert Amazon Development Center Germany GmbH Krausenstr. 38 10117 Berlin Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B Sitz: Berlin Ust-ID: DE 289 237 879 ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Coverity Scan model file, license, public access 2021-07-15 13:12 ` Norbert Manthey @ 2021-07-15 18:25 ` Kees Cook 2021-07-16 10:26 ` Norbert Manthey 2021-12-17 19:32 ` Muhammad Usama Anjum 0 siblings, 2 replies; 10+ messages in thread From: Kees Cook @ 2021-07-15 18:25 UTC (permalink / raw) To: Norbert Manthey Cc: Kroah-Hartman, LKML, Woodhouse, David, foersleo, Gustavo Pimentel, Gustavo A. R. Silva, Thomas Gleixner, Colin Ian King, Dave Jones, linux-hardening On Thu, Jul 15, 2021 at 03:12:04PM +0200, Norbert Manthey wrote: > On 7/6/21 6:54 PM, Kroah-Hartman wrote: > > > > > > On Tue, Jul 06, 2021 at 09:45:47AM +0200, Norbert Manthey wrote: > >> Dear all, > >> > >> I would like to work with code analysis on the Linux kernel. The > >> currently used Coverity setup already uses a model file [1] to improve > >> the precision of the analysis. To the best of my knowledge, this model > >> file is currently not publicly accessible. I did not find a license > >> attached to [1], nor any information about licensing. > > > > I have no idea who wrote that thing, sorry. > > Is there anybody else who knows more about the history of the used > Coverity model? Thanks. As far as I know, the model was written originally by Dave Jones, with further changes from myself and, I think, Colin Ian King. I thought it was visible through the Coverity dashboard, once you're logged in: https://scan.coverity.com/projects/linux-next-weekly-scan?tab=analysis_settings (See 'Modeling file loaded [View]') Regardless, I keep a copy in git since I'd been tweaking it (mostly to no meaningful benefit: the model file doesn't work with macros, which is where the bulk of the false positives in Coverity come from): https://github.com/kees/coverity-linux -- Kees Cook ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Coverity Scan model file, license, public access 2021-07-15 18:25 ` Kees Cook @ 2021-07-16 10:26 ` Norbert Manthey 2021-12-17 19:32 ` Muhammad Usama Anjum 1 sibling, 0 replies; 10+ messages in thread From: Norbert Manthey @ 2021-07-16 10:26 UTC (permalink / raw) To: Kees Cook Cc: Kroah-Hartman, LKML, Woodhouse, David, foersleo, Gustavo Pimentel, Gustavo A. R. Silva, Thomas Gleixner, Colin Ian King, Dave Jones, linux-hardening On 7/15/21 8:25 PM, Kees Cook wrote: > CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe. > > > > On Thu, Jul 15, 2021 at 03:12:04PM +0200, Norbert Manthey wrote: >> On 7/6/21 6:54 PM, Kroah-Hartman wrote: >>> >>> >>> On Tue, Jul 06, 2021 at 09:45:47AM +0200, Norbert Manthey wrote: >>>> Dear all, >>>> >>>> I would like to work with code analysis on the Linux kernel. The >>>> currently used Coverity setup already uses a model file [1] to improve >>>> the precision of the analysis. To the best of my knowledge, this model >>>> file is currently not publicly accessible. I did not find a license >>>> attached to [1], nor any information about licensing. >>> >>> I have no idea who wrote that thing, sorry. >> >> Is there anybody else who knows more about the history of the used >> Coverity model? Thanks. > > As far as I know, the model was written originally by Dave Jones, with > further changes from myself and, I think, Colin Ian King. > > I thought it was visible through the Coverity dashboard, once you're > logged in: > https://scan.coverity.com/projects/linux-next-weekly-scan?tab=analysis_settings > (See 'Modeling file loaded [View]') > > Regardless, I keep a copy in git since I'd been tweaking it (mostly to > no meaningful benefit: the model file doesn't work with macros, which is > where the bulk of the false positives in Coverity come from): > https://github.com/kees/coverity-linux Thanks! This repo comes with a license, so I can start from there. Best, Norbert Amazon Development Center Germany GmbH Krausenstr. 38 10117 Berlin Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B Sitz: Berlin Ust-ID: DE 289 237 879 ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Coverity Scan model file, license, public access 2021-07-15 18:25 ` Kees Cook 2021-07-16 10:26 ` Norbert Manthey @ 2021-12-17 19:32 ` Muhammad Usama Anjum 2021-12-17 20:03 ` Gustavo A. R. Silva 2021-12-17 23:31 ` Kroah-Hartman 1 sibling, 2 replies; 10+ messages in thread From: Muhammad Usama Anjum @ 2021-12-17 19:32 UTC (permalink / raw) To: Kees Cook, Colin Ian King, Dave Jones Cc: usama.anjum, Kroah-Hartman, LKML, Woodhouse, David, foersleo, Gustavo Pimentel, Gustavo A. R. Silva, Thomas Gleixner, linux-hardening, Norbert Manthey > As far as I know, the model was written originally by Dave Jones, with > further changes from myself and, I think, Colin Ian King. > > I thought it was visible through the Coverity dashboard, once you're > logged in: > https://scan.coverity.com/projects/linux-next-weekly-scan?tab=analysis_settings > (See 'Modeling file loaded [View]') > I've sent the request to join the dashboard. Who is the maintainer of this free Coverity dashboard? Can anyone use these results to fix the bugs without the permission of anyone? ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Coverity Scan model file, license, public access 2021-12-17 19:32 ` Muhammad Usama Anjum @ 2021-12-17 20:03 ` Gustavo A. R. Silva 2021-12-17 23:31 ` Kroah-Hartman 1 sibling, 0 replies; 10+ messages in thread From: Gustavo A. R. Silva @ 2021-12-17 20:03 UTC (permalink / raw) To: Muhammad Usama Anjum, Kees Cook, Colin Ian King, Dave Jones Cc: Kroah-Hartman, LKML, Woodhouse, David, foersleo, Gustavo Pimentel, Thomas Gleixner, linux-hardening, Norbert Manthey Hi Muhammad, On 12/17/21 13:32, Muhammad Usama Anjum wrote: >> As far as I know, the model was written originally by Dave Jones, with >> further changes from myself and, I think, Colin Ian King. >> >> I thought it was visible through the Coverity dashboard, once you're >> logged in: >> https://scan.coverity.com/projects/linux-next-weekly-scan?tab=analysis_settings >> (See 'Modeling file loaded [View]') >> > I've sent the request to join the dashboard. Who is the maintainer of > this free Coverity dashboard? Can anyone use these results to fix the > bugs without the permission of anyone? > Your request has been approved now. Thanks -- Gustavo ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Coverity Scan model file, license, public access 2021-12-17 19:32 ` Muhammad Usama Anjum 2021-12-17 20:03 ` Gustavo A. R. Silva @ 2021-12-17 23:31 ` Kroah-Hartman 1 sibling, 0 replies; 10+ messages in thread From: Kroah-Hartman @ 2021-12-17 23:31 UTC (permalink / raw) To: Muhammad Usama Anjum Cc: Kees Cook, Colin Ian King, Dave Jones, LKML, Woodhouse, David, foersleo, Gustavo Pimentel, Gustavo A. R. Silva, Thomas Gleixner, linux-hardening, Norbert Manthey On Sat, Dec 18, 2021 at 12:32:59AM +0500, Muhammad Usama Anjum wrote: > > As far as I know, the model was written originally by Dave Jones, with > > further changes from myself and, I think, Colin Ian King. > > > > I thought it was visible through the Coverity dashboard, once you're > > logged in: > > https://scan.coverity.com/projects/linux-next-weekly-scan?tab=analysis_settings > > (See 'Modeling file loaded [View]') > > > I've sent the request to join the dashboard. Who is the maintainer of > this free Coverity dashboard? Can anyone use these results to fix the > bugs without the permission of anyone? Yes, no permission needed, fix away! ^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2021-12-17 23:32 UTC | newest] Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2021-07-06 7:45 Coverity Scan model file, license, public access Norbert Manthey 2021-07-06 16:54 ` Kroah-Hartman [not found] ` <6f1cb856-fc72-cfd1-9bdd-b4dbf58c558c@amazon.de> 2021-07-06 18:41 ` Kroah-Hartman [not found] ` <b5f5c38c-5691-816d-f14c-8a82be7d9456@amazon.de> 2021-07-07 5:16 ` Kroah-Hartman 2021-07-15 13:12 ` Norbert Manthey 2021-07-15 18:25 ` Kees Cook 2021-07-16 10:26 ` Norbert Manthey 2021-12-17 19:32 ` Muhammad Usama Anjum 2021-12-17 20:03 ` Gustavo A. R. Silva 2021-12-17 23:31 ` Kroah-Hartman
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.