On Thu, May 16, 2024 at 03:28:16PM +0000, Manthey, Norbert wrote: > we published an extension for the Coverity model that is used by the > CoverityScan setup for the Linux kernel [1]. We have been using this > extension to analyze the 6.1 kernel branch, and reported some fixes to > the upstream code base that are based on this model [2]. Feel free to > merge the pull request, and update the model in the CoverityScan setup. > We do not have access to that project to perform these updates > ourselves.
Thanks for this! I'll get it loaded into the Linux-Next scanner. > To increase the analysis coverage to aarch64, we analyzed a x86 and a > aarch64 configuration. The increased coverage is achieved by using re- > configuration and cross-compilation during the analysis build. If you > are interested in this setup we can share the Dockerfile and script we > used for this process. We've only got access to the free Coverity scanner, but it would be nice to see if there was anything specific to arm64. > To prevent regressions in backports to LTS kernels, we wondered whether > the community is interested in setting up CoverityScan projects for > older kernel releases. Would such an extension be useful to show new > defects in addition to the current release testing? The only one we (lightly) manage right now is the linux-next scanner. If other folks want to host scanners for -stable kernels, that would be interesting, yes. -Kees -- Kees Cook
