Re: [Cocci] [PATCH 2/2] Coccinelle: extend memdup_user rule with vmemdup_user()
On Sat, 30 May 2020, Denis Efremov wrote:
> Add vmemdup_user() transformations to the memdup_user.cocci rule.
> Commit 50fd2f298bef ("new primitive: vmemdup_user()") introduced
> vmemdup_user(). The function uses kvmalloc with GPF_USER flag.
>
> Signed-off-by: Denis Efremov
> ---
> scripts/coccinelle/api/memdup_user.cocci | 49 +++-
> 1 file changed, 47 insertions(+), 2 deletions(-)
>
> diff --git a/scripts/coccinelle/api/memdup_user.cocci
> b/scripts/coccinelle/api/memdup_user.cocci
> index 49f487e6a5c8..a50def35136e 100644
> --- a/scripts/coccinelle/api/memdup_user.cocci
> +++ b/scripts/coccinelle/api/memdup_user.cocci
> @@ -37,6 +37,28 @@ identifier l1,l2;
> -...+>
> - }
>
> +@depends on patch@
> +expression from,to,size;
> +identifier l1,l2;
> +@@
> +
> +- to = \(kvmalloc\|kvzalloc\)(size,\(GFP_KERNEL\|GFP_USER\));
> ++ to = vmemdup_user(from,size);
> + if (
> +- to==NULL
> ++ IS_ERR(to)
> + || ...) {
> + <+... when != goto l1;
> +- -ENOMEM
> ++ PTR_ERR(to)
> + ...+>
> + }
> +- if (copy_from_user(to, from, size) != 0) {
> +-<+... when != goto l2;
> +--EFAULT
> +-...+>
> +- }
> +
This could protect against modifying vmemdup_user. Probably the original
rule should protect against modifying memdup_user as well.
julia
> @r depends on !patch@
> expression from,to,size;
> position p;
> @@ -48,14 +70,37 @@ statement S1,S2;
> if (copy_from_user(to, from, size) != 0)
> S2
>
> -@script:python depends on org@
> +@rv depends on !patch@
> +expression from,to,size;
> +position p;
> +statement S1,S2;
> +@@
> +
> +* to = \(kvmalloc@p\|kvzalloc@p\)(size,\(GFP_KERNEL\|GFP_USER\));
> + if (to==NULL || ...) S1
> + if (copy_from_user(to, from, size) != 0)
> + S2
> +
> +@script:python depends on org && r@
> p << r.p;
> @@
>
> coccilib.org.print_todo(p[0], "WARNING opportunity for memdup_user")
>
> -@script:python depends on report@
> +@script:python depends on report && r@
> p << r.p;
> @@
>
> coccilib.report.print_report(p[0], "WARNING opportunity for memdup_user")
> +
> +@script:python depends on org && rv@
> +p << rv.p;
> +@@
> +
> +coccilib.org.print_todo(p[0], "WARNING opportunity for vmemdup_user")
> +
> +@script:python depends on report && rv@
> +p << rv.p;
> +@@
> +
> +coccilib.report.print_report(p[0], "WARNING opportunity for vmemdup_user")
> --
> 2.26.2
>
> ___
> Cocci mailing list
> Cocci@systeme.lip6.fr
> https://systeme.lip6.fr/mailman/listinfo/cocci
>
___
Cocci mailing list
Cocci@systeme.lip6.fr
https://systeme.lip6.fr/mailman/listinfo/cocci
Re: [Cocci] [PATCH 2/2] Coccinelle: extend memdup_user rule with vmemdup_user()
> +@rv depends on !patch@ > +expression from,to,size; > +position p; > +statement S1,S2; > +@@ > + > +* to = \(kvmalloc@p\|kvzalloc@p\)(size,\(GFP_KERNEL\|GFP_USER\)); > + if (to==NULL || ...) S1 > + if (copy_from_user(to, from, size) != 0) > + S2 How does the SmPL asterisk functionality fit to the operation modes “org” and “report”? > +@script:python depends on org && r@ I find the modification of SmPL rule dependencies also interesting. Are these specifications really required? Regards, Markus ___ Cocci mailing list Cocci@systeme.lip6.fr https://systeme.lip6.fr/mailman/listinfo/cocci
Re: [Cocci] [PATCH 2/2] Coccinelle: extend memdup_user rule with vmemdup_user()
> Add vmemdup_user() transformations to the memdup_user.cocci rule.
> Commit 50fd2f298bef ("new primitive: vmemdup_user()") introduced
> vmemdup_user(). The function uses kvmalloc with GPF_USER flag.
Such a software evolution is also interesting.
> +@depends on patch@
> +- to = \(kvmalloc\|kvzalloc\)(size,\(GFP_KERNEL\|GFP_USER\));
> ++ to = vmemdup_user(from,size);
How do you think about to achieve the desired data processing by the application
of a SmPL disjunction like the following?
to =
(
- \( kmalloc \| kzalloc \) (size, \( GFP_KERNEL \| GFP_USER \))
+ memdup_user(from, size)
|
- \( kvmalloc \| kvzalloc \) (size, \( GFP_KERNEL \| GFP_USER \))
+ vmemdup_user(from, size)
)
;
Unfortunately, the Coccinelle software does not like the following
SmPL code variant so far.
to =
(
- \( kmalloc \| kzalloc \)
+ memdup_user
|
- \( kvmalloc \| kvzalloc \)
+ vmemdup_user
)
(
- size, \( GFP_KERNEL \| GFP_USER \)
+ from, size
);
Message:
25: no available token to attach to
Regards,
Markus
___
Cocci mailing list
Cocci@systeme.lip6.fr
https://systeme.lip6.fr/mailman/listinfo/cocci
[Cocci] [PATCH 2/2] Coccinelle: extend memdup_user rule with vmemdup_user()
Add vmemdup_user() transformations to the memdup_user.cocci rule.
Commit 50fd2f298bef ("new primitive: vmemdup_user()") introduced
vmemdup_user(). The function uses kvmalloc with GPF_USER flag.
Signed-off-by: Denis Efremov
---
scripts/coccinelle/api/memdup_user.cocci | 49 +++-
1 file changed, 47 insertions(+), 2 deletions(-)
diff --git a/scripts/coccinelle/api/memdup_user.cocci
b/scripts/coccinelle/api/memdup_user.cocci
index 49f487e6a5c8..a50def35136e 100644
--- a/scripts/coccinelle/api/memdup_user.cocci
+++ b/scripts/coccinelle/api/memdup_user.cocci
@@ -37,6 +37,28 @@ identifier l1,l2;
-...+>
- }
+@depends on patch@
+expression from,to,size;
+identifier l1,l2;
+@@
+
+- to = \(kvmalloc\|kvzalloc\)(size,\(GFP_KERNEL\|GFP_USER\));
++ to = vmemdup_user(from,size);
+ if (
+- to==NULL
++ IS_ERR(to)
+ || ...) {
+ <+... when != goto l1;
+- -ENOMEM
++ PTR_ERR(to)
+ ...+>
+ }
+- if (copy_from_user(to, from, size) != 0) {
+-<+... when != goto l2;
+--EFAULT
+-...+>
+- }
+
@r depends on !patch@
expression from,to,size;
position p;
@@ -48,14 +70,37 @@ statement S1,S2;
if (copy_from_user(to, from, size) != 0)
S2
-@script:python depends on org@
+@rv depends on !patch@
+expression from,to,size;
+position p;
+statement S1,S2;
+@@
+
+* to = \(kvmalloc@p\|kvzalloc@p\)(size,\(GFP_KERNEL\|GFP_USER\));
+ if (to==NULL || ...) S1
+ if (copy_from_user(to, from, size) != 0)
+ S2
+
+@script:python depends on org && r@
p << r.p;
@@
coccilib.org.print_todo(p[0], "WARNING opportunity for memdup_user")
-@script:python depends on report@
+@script:python depends on report && r@
p << r.p;
@@
coccilib.report.print_report(p[0], "WARNING opportunity for memdup_user")
+
+@script:python depends on org && rv@
+p << rv.p;
+@@
+
+coccilib.org.print_todo(p[0], "WARNING opportunity for vmemdup_user")
+
+@script:python depends on report && rv@
+p << rv.p;
+@@
+
+coccilib.report.print_report(p[0], "WARNING opportunity for vmemdup_user")
--
2.26.2
___
Cocci mailing list
Cocci@systeme.lip6.fr
https://systeme.lip6.fr/mailman/listinfo/cocci
