| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 29 Apr 2024 14:31:19 -0400
From: "Martin K. Petersen" <martin.petersen@...cle.com>
To: Kees Cook <keescook@...omium.org>
Cc: Erick Archer <erick.archer@...look.com>,
"James E.J. Bottomley"
<jejb@...ux.ibm.com>,
"Martin K. Petersen" <martin.petersen@...cle.com>,
Bjorn Helgaas <bhelgaas@...gle.com>,
Justin Stitt
<justinstitt@...gle.com>,
"Gustavo A. R. Silva" <gustavoars@...nel.org>,
linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-hardening@...r.kernel.org
Subject: Re: [PATCH v3] scsi: csiostor: Use kcalloc() instead of kzalloc()
Kees,
>> This patch seems to be lost. Gustavo reviewed it on January 15, 2024
>> but the patch has not been applied since.
>
> This looks correct to me. I can pick this up if no one else snags it?
I guess my original reply didn't make it out, I don't see it in the
archives.
My objections were:
1. The original code is more readable to me than the proposed
replacement.
2. The original code has worked since introduced in 2012. Nobody has
touched it since, presumably it's fine.
3. I don't have the hardware and thus no way of validating the proposed
changes.
So what is the benefit of me accepting this patch? We have had several
regressions in these conversions. Had one just last week, almost
identical in nature to the one at hand.
I am all for fixing code which is undergoing active use and development.
But I really don't see the benefit of updating a legacy driver which
hasn't seen updates in ages. Why risk introducing a regression?
--
Martin K. Petersen Oracle Linux Engineering
Powered by blists - more mailing lists