Re: [Cocci] Incorrect match with when != condition
On 3/17/21 11:32 PM, Julia Lawall wrote: On Wed, 17 Mar 2021, Denis Efremov wrote: Hi, I'm trying to write the check to detect the absence of commit https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=51b2ee7d006a736a9126e8111d1f24e4fd0afaa6 in kernel. The pattern can be: @err exists@ identifier namlen, dchild, dparent, exp; position p; statement S; @@ compose_entry_fh(..., int namlen, ...) { ... if (namlen == 2) { * dchild =@p dget_parent(dparent); ... when != dparent == exp->ex_path.dentry add when forall here. There does exist a path that does not contain the dparent == exp->ex_path.dentry test. That is the path that takesthe first goto out. This solved the problem, thanks! ___ Cocci mailing list Cocci@systeme.lip6.fr https://systeme.lip6.fr/mailman/listinfo/cocci
Re: [Cocci] Incorrect match with when != condition
On Wed, 17 Mar 2021, Denis Efremov wrote: > Hi, > > I'm trying to write the check to detect the absence of commit > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=51b2ee7d006a736a9126e8111d1f24e4fd0afaa6 > in kernel. The pattern can be: > > @err exists@ > identifier namlen, dchild, dparent, exp; > position p; > statement S; > @@ > > compose_entry_fh(..., int namlen, ...) > { > ... > if (namlen == 2) { > * dchild =@p dget_parent(dparent); > ... when != dparent == exp->ex_path.dentry add when forall here. There does exist a path that does not contain the dparent == exp->ex_path.dentry test. That is the path that takesthe first goto out. julia > } else S > ... > } > > But unfortunately, it matches even the fixed source. I think > that condition "... when != dparent == exp->ex_path.dentry" doesn't > work as expected. Steps to reproduce: > > $ cd linux # latest master branch > $ wget > https://raw.githubusercontent.com/evdenis/cvehound/b2d109c959c299dce10274c1806406fc5653e5d0/cvehound/cve/CVE-2021-3178.cocci > $ spatch -D detect --cocci-file CVE-2021-3178.cocci fs/nfsd/nfs3xdr.c > fs/nfsd/nfs3xdr.c:935:10-11: ERROR: CVE-2021-3178 > diff = > --- fs/nfsd/nfs3xdr.c > +++ /tmp/cocci-output-526900-b87df1-nfs3xdr.c > @@ -932,7 +932,6 @@ compose_entry_fh(struct nfsd3_readdirres > if (isdotent(name, namlen)) { > if (namlen == 2) { > // !!! shouldn't match because of if (dparent == > exp->ex_path.dentry) goto out; check after > - dchild = dget_parent(dparent); > /* > * Don't return filehandle for ".." if we're at > * the filesystem or export root: > $ spatch --version > spatch version 1.1.0 compiled with OCaml version 4.11.1 > > Thanks, > Denis > ___ Cocci mailing list Cocci@systeme.lip6.fr https://systeme.lip6.fr/mailman/listinfo/cocci
[Cocci] Incorrect match with when != condition
Hi, I'm trying to write the check to detect the absence of commit https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=51b2ee7d006a736a9126e8111d1f24e4fd0afaa6 in kernel. The pattern can be: @err exists@ identifier namlen, dchild, dparent, exp; position p; statement S; @@ compose_entry_fh(..., int namlen, ...) { ... if (namlen == 2) { * dchild =@p dget_parent(dparent); ... when != dparent == exp->ex_path.dentry } else S ... } But unfortunately, it matches even the fixed source. I think that condition "... when != dparent == exp->ex_path.dentry" doesn't work as expected. Steps to reproduce: $ cd linux # latest master branch $ wget https://raw.githubusercontent.com/evdenis/cvehound/b2d109c959c299dce10274c1806406fc5653e5d0/cvehound/cve/CVE-2021-3178.cocci $ spatch -D detect --cocci-file CVE-2021-3178.cocci fs/nfsd/nfs3xdr.c fs/nfsd/nfs3xdr.c:935:10-11: ERROR: CVE-2021-3178 diff = --- fs/nfsd/nfs3xdr.c +++ /tmp/cocci-output-526900-b87df1-nfs3xdr.c @@ -932,7 +932,6 @@ compose_entry_fh(struct nfsd3_readdirres if (isdotent(name, namlen)) { if (namlen == 2) { // !!! shouldn't match because of if (dparent == exp->ex_path.dentry) goto out; check after - dchild = dget_parent(dparent); /* * Don't return filehandle for ".." if we're at * the filesystem or export root: $ spatch --version spatch version 1.1.0 compiled with OCaml version 4.11.1 Thanks, Denis ___ Cocci mailing list Cocci@systeme.lip6.fr https://systeme.lip6.fr/mailman/listinfo/cocci