From: Dan Carpenter <dan.carpenter@linaro.org>
To: linux-kernel <linux-kernel@vger.kernel.org>,
ksummit@lists.linux.dev, Bill Fletcher <bill.fletcher@linaro.org>,
Randy Linnell <randy.linnell@linaro.org>,
Brad Spengler <brad.spengler@opensrcsec.com>
Cc: vincent.guittot@linaro.org, lina.iyer@linaro.org
Subject: Re: Support needed to continue Smatch work
Date: Fri, 6 Feb 2026 16:38:09 +0300 [thread overview]
Message-ID: <caa37f28-a2e8-4e0a-a9ce-a365ce805e4b@stanley.mountain> (raw)
In-Reply-To: <aTaiGSbWZ9DJaGo7@stanley.mountain>
I need to post an update on the current situation with Smatch.
First of all, I want to start by thanking Brad Spengler from grsecurity
who reached out to me on this, offered some funding, and has been
trying to push the Smatch work forward. It really means a lot to me.
Unfortunately, we haven't been able to raise enough support to continue
my Smatch work. I have still been filtering zero day bot warnings and
I am a bit worried that people have the impression that I'm reviewing
static checker warnings when I am not.
The situation isn't great. The zero day bot can't do cross function
analsysis and it only looks at checks with a low false positive rate.
We're missing out on a bunch of bugs. I'm going to add some of the
those missed warnings to this thread so people have a better picture of
what we're missing. There are some buffer overflows in there. A bunch
of off by one bugs. A missing error code in fork(). And random other
minor things as well.
https://lore.kernel.org/all/caa37f28-a2e8-4e0a-a9ce-a365ce805e4b@stanley.mountain/
I am still trying to figure out a way to restart Smatch checking. The
funding model would be that several companies would support this project
by paying a proportion of my salary. Part of that goes to reporting
bugs like the ones above and part of that goes to developing Smatch and
writing new checks. Please, contact
Bill Fletcher <bill.fletcher@linaro.org> if you would like to support
this work.
regards,
dan carpenter
prev parent reply other threads:[~2026-02-06 13:38 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-08 10:02 Dan Carpenter
2026-02-06 13:38 ` Dan Carpenter [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=caa37f28-a2e8-4e0a-a9ce-a365ce805e4b@stanley.mountain \
--to=dan.carpenter@linaro.org \
--cc=bill.fletcher@linaro.org \
--cc=brad.spengler@opensrcsec.com \
--cc=ksummit@lists.linux.dev \
--cc=lina.iyer@linaro.org \
--cc=linux-kernel@vger.kernel.org \
--cc=randy.linnell@linaro.org \
--cc=vincent.guittot@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox