File: memdup_user.cocci

package info (click to toggle)
linux 6.16.3-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 1,724,576 kB
  • sloc: ansic: 26,558,545; asm: 271,315; sh: 143,998; python: 72,469; makefile: 57,126; perl: 36,821; xml: 19,553; cpp: 5,820; yacc: 4,915; lex: 2,955; awk: 1,667; sed: 28; ruby: 25
file content (119 lines) | stat: -rw-r--r-- 2,666 bytes parent folder | download | duplicates (17) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
 
// SPDX-License-Identifier: GPL-2.0-only
/// Use memdup_user rather than duplicating its implementation
/// This is a little bit restricted to reduce false positives
///
// Confidence: High
// Copyright: (C) 2010-2012 Nicolas Palix.
// Copyright: (C) 2010-2012 Julia Lawall, INRIA/LIP6.
// Copyright: (C) 2010-2012 Gilles Muller, INRIA/LiP6.
// URL: https://coccinelle.gitlabpages.inria.fr/website
// Comments:
// Options: --no-includes --include-headers

virtual patch
virtual context
virtual org
virtual report

@initialize:python@
@@
filter = frozenset(['memdup_user', 'vmemdup_user'])

def relevant(p):
    return not (filter & {el.current_element for el in p})

@depends on patch@
expression from,to,size;
identifier l1,l2;
position p : script:python() { relevant(p) };
@@

-  to = \(kmalloc@p\|kzalloc@p\)
-		(size,\(GFP_KERNEL\|GFP_USER\|
-		      \(GFP_KERNEL\|GFP_USER\)|__GFP_NOWARN\));
+  to = memdup_user(from,size);
   if (
-      to==NULL
+      IS_ERR(to)
                 || ...) {
   <+... when != goto l1;
-  -ENOMEM
+  PTR_ERR(to)
   ...+>
   }
-  if (copy_from_user(to, from, size) != 0) {
-    <+... when != goto l2;
-    -EFAULT
-    ...+>
-  }

@depends on patch@
expression from,to,size;
identifier l1,l2;
position p : script:python() { relevant(p) };
@@

-  to = \(kvmalloc@p\|kvzalloc@p\)(size,\(GFP_KERNEL\|GFP_USER\));
+  to = vmemdup_user(from,size);
   if (
-      to==NULL
+      IS_ERR(to)
                 || ...) {
   <+... when != goto l1;
-  -ENOMEM
+  PTR_ERR(to)
   ...+>
   }
-  if (copy_from_user(to, from, size) != 0) {
-    <+... when != goto l2;
-    -EFAULT
-    ...+>
-  }

@r depends on !patch@
expression from,to,size;
position p : script:python() { relevant(p) };
statement S1,S2;
@@

*  to = \(kmalloc@p\|kzalloc@p\)
		(size,\(GFP_KERNEL\|GFP_USER\|
		      \(GFP_KERNEL\|GFP_USER\)|__GFP_NOWARN\));
   if (to==NULL || ...) S1
   if (copy_from_user(to, from, size) != 0)
   S2

@rv depends on !patch@
expression from,to,size;
position p : script:python() { relevant(p) };
statement S1,S2;
@@

*  to = \(kvmalloc@p\|kvzalloc@p\)(size,\(GFP_KERNEL\|GFP_USER\));
   if (to==NULL || ...) S1
   if (copy_from_user(to, from, size) != 0)
   S2

@script:python depends on org@
p << r.p;
@@

coccilib.org.print_todo(p[0], "WARNING opportunity for memdup_user")

@script:python depends on report@
p << r.p;
@@

coccilib.report.print_report(p[0], "WARNING opportunity for memdup_user")

@script:python depends on org@
p << rv.p;
@@

coccilib.org.print_todo(p[0], "WARNING opportunity for vmemdup_user")

@script:python depends on report@
p << rv.p;
@@

coccilib.report.print_report(p[0], "WARNING opportunity for vmemdup_user")