|Opened since 2013-11-29||2||7||11||5||(25)|
|Closed since 2013-11-29||4||16||3||4||(27)|
|Changed since 2013-11-29||7||33||27||7||(74)|
bugs bugs bugs.
- softirq lockdep trace during interface bringup. This only affected 32-bit. I hadn’t tested x86-32 for a month or so, so this was a worthwhile use of time.
- Another sysfs lockdep trace.
- perf code using smp_processor_id() in preemptible  code.
Made a bunch of small improvements to trinity (mostly fixing up warnings). Coming closer to another point release before merging some interesting stuff.
Found a bunch of bugs with trinity today after tweaking some code that caused it to hang when closing bluetooth sockets. (Still not sure I want to commit the workaround I came up with). Now that it’s back in action, the roadkill is piling up.
- an rcu locking bug in sys_getcwd(). Al already had a fix for this queued, and it’s now fixed in Linus’ tree.
- a lockdep trace from sysfs
- another recursive locking lockdep trace in the coredump code.
- an oops in tcp_get_metrics, that Eric Dumazet fixed up pretty quickly (not yet merged).
After Linus pulled in a bunch of trees including drivers/staging yesterday, I was expecting the worst this morning after seeing the overnight results.
So I was taken aback somewhat when I saw that after last nights run, we got 49 new issues, but eliminated 57. A definite move in the right direction, especially after a big merge of 1832 patches.
3.12′s staging merge was a lot uglier due to the addition of lustre, which was a huge body of code, which has quite a few potential defects that need reviewing. For 3.13, there’s nothing really of comparable size (at least so far).
Of the 49 new results, most of them are in staging, but there’s a handful in IIO, MIC and USB.
Now that 3.12 has been released, I’ve been looking back over the coverity statistics for the last few months.
A combination of slogging through the backlog of old reports, fixing up occasional bugs, increased interest after speaking about it at kernel summit, and some work on modelling various functions. Barely scratching the surface really, but 3.12 has made a bigger dent in the backlog than previous attempts. (I’ve no pre 3.11 statistics, but given how long many of the reports have been in their database, it seems apparent that there’s been no regular work other than occasional poking).
With Linus being off for a week before the 3.13 merge window opens, hopefully things aren’t going to be too crazy when he gets back.
I’ve been slacking at updating this on a daily basis lately. Lots of work continuing on trinity.
Google have an intern working on trinity, which has been awesome, as it has led to a bunch of long overdue FIXMEs getting fixed. It feels like I’ve spent almost as much time reviewing patches this month as I have writing them, which is a good sign.
Some improvements from the last month:
- 32-bit syscalls on 64-bit kernels should be working again.
- A lot of the output/logging code got completely rewritten.
- Log files now get truncated to 0 bytes when a child is re-forked. (I’m still unsure about whether I’ll keep this change, or make it optional)
- The BPF fuzzer was hitting a BUG() which locked up child processes. Just an off by one, that Dan fixed last week.
- I’ve been looking at prctl (which is disabled currently) in trinity. I think I’m going to re-enable it soon for certain options (lots of them don’t make much sense, and will almost guarantee an instant crash).
- On startup, it now constructs a table of syscalls, not including any that might be disabled. This is a big win if you’re only fuzzing a single syscall (or just a few). We used to have a loop that would keep going around until it found one that was enabled. Now that completes in O(1) time.
- A new parameter to control what /proc/sys/kernel/tainted flags trinity cares about
- A bunch of code cleanups (macros becoming functions etc), and a lot of splitting out common functions to their own files.
- The usual backwards compat additions. Hopefully it’ll compile everywhere now. (I’m hoping to do a tarball release soon, so if it’s broken on something ancient, now is the time to let me know).
- During startup, when we create the socket fd’s, we now run setsockopt on them with random options.
- The random setsockopt is now also done at regeneration time (every 100000 syscalls).
- A bunch of fixes for some embedded environments. (I’m always intrigued to see people running trinity on things other than regular distros).
- Finally a huge one: Support for the DEC Alpha got fixed up. I bet there were a lot of people bothered by that not working.
The setsockopt work is the beginning of a reworking of the networking code. Right now it’s pretty dumb, and will do things like a setsockopt with TCP options on a UDP socket (as an example). While that’s occasionally a useful thing to test, there are situations where I want to match the protocol, so the next series of changes there will start tracking that info at creation time, and setsockopt etc will lookup and match protocols as necessary.
In terms of roadkill from trinity, there’s still a bunch of perf & ftrace bugs lingering, but asides from those it’s been fairly quiet during 3.12rc. I attribute this at least in part to Fenguang Wu running trinity daily on linux-next, so we’re catching these bugs a lot sooner.
The only bugs that sneak into Linus’ tree these days are caused by either the patches coming in that were never in Linux-next, or the bugs that take a long runtime for us to hit.