diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2020-08-06 11:34:35 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2020-08-06 11:34:35 -0700 |
commit | e3243e2a273d79c69d821e27cd246089638c472a (patch) | |
tree | 67b5c326ab6b2398a3015b3ab3418c9b04eb1a05 /scripts/coccinelle/api/kzfree.cocci | |
parent | 1e21b5c73912a516bb13aec0ff69205b0b33568f (diff) | |
parent | d05f94ad28c76cbd98aecee8e617f18454050f57 (diff) | |
download | linux-stable-e3243e2a273d79c69d821e27cd246089638c472a.tar.gz linux-stable-e3243e2a273d79c69d821e27cd246089638c472a.tar.bz2 linux-stable-e3243e2a273d79c69d821e27cd246089638c472a.zip |
Merge branch 'for-5.9' of git://git.kernel.org/pub/scm/linux/kernel/git/jlawall/linux
Pull coccinelle updates from Julia Lawall:
"New semantic patches and semantic patch improvements from Denis
Efremov"
* 'for-5.9' of git://git.kernel.org/pub/scm/linux/kernel/git/jlawall/linux:
coccinelle: api: filter out memdup_user definitions
coccinelle: api: extend memdup_user rule with vmemdup_user()
coccinelle: api: extend memdup_user transformation with GFP_USER
coccinelle: api: add kzfree script
coccinelle: misc: add array_size_dup script to detect missed overflow checks
coccinelle: api/kstrdup: fix coccinelle position
coccinelle: api: add device_attr_show script
Diffstat (limited to 'scripts/coccinelle/api/kzfree.cocci')
-rw-r--r-- | scripts/coccinelle/api/kzfree.cocci | 101 |
1 files changed, 101 insertions, 0 deletions
diff --git a/scripts/coccinelle/api/kzfree.cocci b/scripts/coccinelle/api/kzfree.cocci new file mode 100644 index 000000000000..33625bd7cec9 --- /dev/null +++ b/scripts/coccinelle/api/kzfree.cocci @@ -0,0 +1,101 @@ +// SPDX-License-Identifier: GPL-2.0-only +/// +/// Use kzfree, kvfree_sensitive rather than memset or +/// memzero_explicit followed by kfree +/// +// Confidence: High +// Copyright: (C) 2020 Denis Efremov ISPRAS +// Options: --no-includes --include-headers +// +// Keywords: kzfree, kvfree_sensitive +// + +virtual context +virtual patch +virtual org +virtual report + +@initialize:python@ +@@ +# kmalloc_oob_in_memset uses memset to explicitly trigger out-of-bounds access +filter = frozenset(['kmalloc_oob_in_memset', 'kzfree', 'kvfree_sensitive']) + +def relevant(p): + return not (filter & {el.current_element for el in p}) + +@cond@ +position ok; +@@ + +if (...) + \(memset@ok\|memzero_explicit@ok\)(...); + +@r depends on !patch forall@ +expression E; +position p : script:python() { relevant(p) }; +position m != cond.ok; +type T; +@@ + +( +* memset@m((T)E, 0, ...); +| +* memzero_explicit@m((T)E, ...); +) + ... when != E + when strict +* \(kfree\|vfree\|kvfree\)(E)@p; + +@rp_memzero depends on patch@ +expression E, size; +position p : script:python() { relevant(p) }; +position m != cond.ok; +type T; +@@ + +- memzero_explicit@m((T)E, size); + ... when != E + when strict +// TODO: uncomment when kfree_sensitive will be merged. +// Only this case is commented out because developers +// may not like patches like this since kzfree uses memset +// internally (not memzero_explicit). +//( +//- kfree(E)@p; +//+ kfree_sensitive(E); +//| +- \(vfree\|kvfree\)(E)@p; ++ kvfree_sensitive(E, size); +//) + +@rp_memset depends on patch@ +expression E, size; +position p : script:python() { relevant(p) }; +position m != cond.ok; +type T; +@@ + +- memset@m((T)E, 0, size); + ... when != E + when strict +( +- kfree(E)@p; ++ kzfree(E); +| +- \(vfree\|kvfree\)(E)@p; ++ kvfree_sensitive(E, size); +) + +@script:python depends on report@ +p << r.p; +@@ + +coccilib.report.print_report(p[0], + "WARNING: opportunity for kzfree/kvfree_sensitive") + +@script:python depends on org@ +p << r.p; +@@ + +coccilib.org.print_todo(p[0], + "WARNING: opportunity for kzfree/kvfree_sensitive") |