Linux Audio

Check our new training course

Open Menu / scripts / coccinelle / api / memdup_user.cocci
Loading...
v6.8
  1// SPDX-License-Identifier: GPL-2.0-only
  2/// Use memdup_user rather than duplicating its implementation
  3/// This is a little bit restricted to reduce false positives
  4///
  5// Confidence: High
  6// Copyright: (C) 2010-2012 Nicolas Palix.
  7// Copyright: (C) 2010-2012 Julia Lawall, INRIA/LIP6.
  8// Copyright: (C) 2010-2012 Gilles Muller, INRIA/LiP6.
  9// URL: https://coccinelle.gitlabpages.inria.fr/website
 10// Comments:
 11// Options: --no-includes --include-headers
 12
 13virtual patch
 14virtual context
 15virtual org
 16virtual report
 17
 18@initialize:python@
 19@@
 20filter = frozenset(['memdup_user', 'vmemdup_user'])
 21
 22def relevant(p):
 23    return not (filter & {el.current_element for el in p})
 24
 25@depends on patch@
 26expression from,to,size;
 27identifier l1,l2;
 28position p : script:python() { relevant(p) };
 29@@
 30
 31-  to = \(kmalloc@p\|kzalloc@p\)
 32-		(size,\(GFP_KERNEL\|GFP_USER\|
 33-		      \(GFP_KERNEL\|GFP_USER\)|__GFP_NOWARN\));
 34+  to = memdup_user(from,size);
 35   if (
 36-      to==NULL
 37+      IS_ERR(to)
 38                 || ...) {
 39   <+... when != goto l1;
 40-  -ENOMEM
 41+  PTR_ERR(to)
 42   ...+>
 43   }
 44-  if (copy_from_user(to, from, size) != 0) {
 45-    <+... when != goto l2;
 46-    -EFAULT
 47-    ...+>
 48-  }
 49
 50@depends on patch@
 51expression from,to,size;
 52identifier l1,l2;
 53position p : script:python() { relevant(p) };
 54@@
 55
 56-  to = \(kvmalloc@p\|kvzalloc@p\)(size,\(GFP_KERNEL\|GFP_USER\));
 57+  to = vmemdup_user(from,size);
 58   if (
 59-      to==NULL
 60+      IS_ERR(to)
 61                 || ...) {
 62   <+... when != goto l1;
 63-  -ENOMEM
 64+  PTR_ERR(to)
 65   ...+>
 66   }
 67-  if (copy_from_user(to, from, size) != 0) {
 68-    <+... when != goto l2;
 69-    -EFAULT
 70-    ...+>
 71-  }
 72
 73@r depends on !patch@
 74expression from,to,size;
 75position p : script:python() { relevant(p) };
 76statement S1,S2;
 77@@
 78
 79*  to = \(kmalloc@p\|kzalloc@p\)
 80		(size,\(GFP_KERNEL\|GFP_USER\|
 81		      \(GFP_KERNEL\|GFP_USER\)|__GFP_NOWARN\));
 82   if (to==NULL || ...) S1
 83   if (copy_from_user(to, from, size) != 0)
 84   S2
 85
 86@rv depends on !patch@
 87expression from,to,size;
 88position p : script:python() { relevant(p) };
 89statement S1,S2;
 90@@
 91
 92*  to = \(kvmalloc@p\|kvzalloc@p\)(size,\(GFP_KERNEL\|GFP_USER\));
 93   if (to==NULL || ...) S1
 94   if (copy_from_user(to, from, size) != 0)
 95   S2
 96
 97@script:python depends on org@
 98p << r.p;
 99@@
100
101coccilib.org.print_todo(p[0], "WARNING opportunity for memdup_user")
102
103@script:python depends on report@
104p << r.p;
105@@
106
107coccilib.report.print_report(p[0], "WARNING opportunity for memdup_user")
108
109@script:python depends on org@
110p << rv.p;
111@@
112
113coccilib.org.print_todo(p[0], "WARNING opportunity for vmemdup_user")
114
115@script:python depends on report@
116p << rv.p;
117@@
118
119coccilib.report.print_report(p[0], "WARNING opportunity for vmemdup_user")
v3.15
 
 1/// Use memdup_user rather than duplicating its implementation
 2/// This is a little bit restricted to reduce false positives
 3///
 4// Confidence: High
 5// Copyright: (C) 2010-2012 Nicolas Palix.  GPLv2.
 6// Copyright: (C) 2010-2012 Julia Lawall, INRIA/LIP6.  GPLv2.
 7// Copyright: (C) 2010-2012 Gilles Muller, INRIA/LiP6.  GPLv2.
 8// URL: http://coccinelle.lip6.fr/
 9// Comments:
10// Options: --no-includes --include-headers
11
12virtual patch
13virtual context
14virtual org
15virtual report
16
 
 
 
 
 
 
 
17@depends on patch@
18expression from,to,size,flag;
19identifier l1,l2;
 
20@@
21
22-  to = \(kmalloc\|kzalloc\)(size,flag);
 
 
23+  to = memdup_user(from,size);
24   if (
25-      to==NULL
26+      IS_ERR(to)
27                 || ...) {
28   <+... when != goto l1;
29-  -ENOMEM
30+  PTR_ERR(to)
31   ...+>
32   }
33-  if (copy_from_user(to, from, size) != 0) {
34-    <+... when != goto l2;
35-    -EFAULT
36-    ...+>
37-  }
38
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
39@r depends on !patch@
40expression from,to,size,flag;
41position p;
 
 
 
 
 
 
 
 
 
 
 
 
 
42statement S1,S2;
43@@
44
45*  to = \(kmalloc@p\|kzalloc@p\)(size,flag);
46   if (to==NULL || ...) S1
47   if (copy_from_user(to, from, size) != 0)
48   S2
49
50@script:python depends on org@
51p << r.p;
52@@
53
54coccilib.org.print_todo(p[0], "WARNING opportunity for memdup_user")
55
56@script:python depends on report@
57p << r.p;
58@@
59
60coccilib.report.print_report(p[0], "WARNING opportunity for memdup_user")