On Wed, 16 Nov 2016, Reshetova, Elena wrote:
> >You may want to run coccinelle/scripts/idutils_index.sh in your code base.
> >Then if you use the argument --use-idutils it will select the relevant files
> >up front from the index and be even more >efficient. Skipping means that it
> >essentialy did a grep and didn't find anything. If the argument after
> >--use-idutils does >not begin with -, it will think that it is the name of
> >the index. The easiest is to just put --use-idutils last.
>
> Thank you for the suggestion! I will try this out. However, I seem to have a
> different problem that the rule doesn't behave as I would think it should and
> enabling debug doesn't tell terribly much.
>
> My rule is now this:
>
> @r1 exists@
> identifier a, x;
> position p1, p2;
> identifier fname1 =~ ".*$free.*$";
> identifier fname2 =~ ".*$kfree_.*$";
I'm not very good at regular expressions, but I thought that $ meant end
of string. So can it work to have $ before free/kfree? Also, without the
first $, I'm not sure to understand the difference between fname1 and
fname2. It looks like anything matched by fname2 would also be matched by
fname1.
julia
> @@
>
> (
> atomic_dec_and_test@p1(&a->x)
> |
> atomic_long_dec_and_test@p1(&a->x)
> |
> atomic64_dec_and_test@p1(&a->x)
> |
> local_dec_and_test@p1(&a->x)
> )
> ...
> (
> kfree@p2(a);
> |
> fname1@p2(a | (a, ...));
> |
> fname2@p2(a | (a, ...));
> )
>
> @script:python@
> p1 << r1.p1;
> p2 << r1.p2;
> @@
>
> print "* file: %s atomic_dec_and_test variation %s before kfree variation %s"
> % (p1[0].file,p1[0].line,p2[0].line)
>
> However, it doesn't catch even some simple cases like for example
> /linux-stable/kernel/audit_tree.c:
> starting from line 109:
> static void free_chunk(struct audit_chunk *chunk)
> {
> int i;
>
> for (i = 0; i < chunk->count; i++) {
> if (chunk->owners[i].owner)
> put_tree(chunk->owners[i].owner);
> }
> kfree(chunk);
> }
>
> void audit_put_chunk(struct audit_chunk *chunk)
> {
> if (atomic_long_dec_and_test(&chunk->refs))
> free_chunk(chunk);
> }
>
> The above case is a clear kfree() call after atomic_long_dec_and_test() just
> via intermediate function free_chunk(). Why is it not detected?
>
> Another case:
>
> line 97:
> static inline void put_tree(struct audit_tree *tree)
> {
> if (atomic_dec_and_test(&tree->count))
> kfree_rcu(tree, head);
> }
>
> This should have been caught by fname2@p2(a | (a, ...)) rule, but it isn't
> also.
>
> I have a feeling of doing smth basic wrongly...
>
> Best Regards,
> Elena.
>
_______________________________________________
Cocci mailing list
[email protected]
https://systeme.lip6.fr/mailman/listinfo/cocci
