Re: [Cocci] [PATCH 2/2] Coccinelle: extend memdup_user rule with vmemdup_user()
On Sat, 30 May 2020, Denis Efremov wrote: > Add vmemdup_user() transformations to the memdup_user.cocci rule. > Commit 50fd2f298bef ("new primitive: vmemdup_user()") introduced > vmemdup_user(). The function uses kvmalloc with GPF_USER flag. > > Signed-off-by: Denis Efremov > --- > scripts/coccinelle/api/memdup_user.cocci | 49 +++- > 1 file changed, 47 insertions(+), 2 deletions(-) > > diff --git a/scripts/coccinelle/api/memdup_user.cocci > b/scripts/coccinelle/api/memdup_user.cocci > index 49f487e6a5c8..a50def35136e 100644 > --- a/scripts/coccinelle/api/memdup_user.cocci > +++ b/scripts/coccinelle/api/memdup_user.cocci > @@ -37,6 +37,28 @@ identifier l1,l2; > -...+> > - } > > +@depends on patch@ > +expression from,to,size; > +identifier l1,l2; > +@@ > + > +- to = \(kvmalloc\|kvzalloc\)(size,\(GFP_KERNEL\|GFP_USER\)); > ++ to = vmemdup_user(from,size); > + if ( > +- to==NULL > ++ IS_ERR(to) > + || ...) { > + <+... when != goto l1; > +- -ENOMEM > ++ PTR_ERR(to) > + ...+> > + } > +- if (copy_from_user(to, from, size) != 0) { > +-<+... when != goto l2; > +--EFAULT > +-...+> > +- } > + This could protect against modifying vmemdup_user. Probably the original rule should protect against modifying memdup_user as well. julia > @r depends on !patch@ > expression from,to,size; > position p; > @@ -48,14 +70,37 @@ statement S1,S2; > if (copy_from_user(to, from, size) != 0) > S2 > > -@script:python depends on org@ > +@rv depends on !patch@ > +expression from,to,size; > +position p; > +statement S1,S2; > +@@ > + > +* to = \(kvmalloc@p\|kvzalloc@p\)(size,\(GFP_KERNEL\|GFP_USER\)); > + if (to==NULL || ...) S1 > + if (copy_from_user(to, from, size) != 0) > + S2 > + > +@script:python depends on org && r@ > p << r.p; > @@ > > coccilib.org.print_todo(p[0], "WARNING opportunity for memdup_user") > > -@script:python depends on report@ > +@script:python depends on report && r@ > p << r.p; > @@ > > coccilib.report.print_report(p[0], "WARNING opportunity for memdup_user") > + > +@script:python depends on org && rv@ > +p << rv.p; > +@@ > + > +coccilib.org.print_todo(p[0], "WARNING opportunity for vmemdup_user") > + > +@script:python depends on report && rv@ > +p << rv.p; > +@@ > + > +coccilib.report.print_report(p[0], "WARNING opportunity for vmemdup_user") > -- > 2.26.2 > > ___ > Cocci mailing list > Cocci@systeme.lip6.fr > https://systeme.lip6.fr/mailman/listinfo/cocci > ___ Cocci mailing list Cocci@systeme.lip6.fr https://systeme.lip6.fr/mailman/listinfo/cocci
Re: [Cocci] [PATCH 2/2] Coccinelle: extend memdup_user rule with vmemdup_user()
> +@rv depends on !patch@ > +expression from,to,size; > +position p; > +statement S1,S2; > +@@ > + > +* to = \(kvmalloc@p\|kvzalloc@p\)(size,\(GFP_KERNEL\|GFP_USER\)); > + if (to==NULL || ...) S1 > + if (copy_from_user(to, from, size) != 0) > + S2 How does the SmPL asterisk functionality fit to the operation modes “org” and “report”? > +@script:python depends on org && r@ I find the modification of SmPL rule dependencies also interesting. Are these specifications really required? Regards, Markus ___ Cocci mailing list Cocci@systeme.lip6.fr https://systeme.lip6.fr/mailman/listinfo/cocci
Re: [Cocci] [PATCH 2/2] Coccinelle: extend memdup_user rule with vmemdup_user()
> Add vmemdup_user() transformations to the memdup_user.cocci rule. > Commit 50fd2f298bef ("new primitive: vmemdup_user()") introduced > vmemdup_user(). The function uses kvmalloc with GPF_USER flag. Such a software evolution is also interesting. > +@depends on patch@ > +- to = \(kvmalloc\|kvzalloc\)(size,\(GFP_KERNEL\|GFP_USER\)); > ++ to = vmemdup_user(from,size); How do you think about to achieve the desired data processing by the application of a SmPL disjunction like the following? to = ( - \( kmalloc \| kzalloc \) (size, \( GFP_KERNEL \| GFP_USER \)) + memdup_user(from, size) | - \( kvmalloc \| kvzalloc \) (size, \( GFP_KERNEL \| GFP_USER \)) + vmemdup_user(from, size) ) ; Unfortunately, the Coccinelle software does not like the following SmPL code variant so far. to = ( - \( kmalloc \| kzalloc \) + memdup_user | - \( kvmalloc \| kvzalloc \) + vmemdup_user ) ( - size, \( GFP_KERNEL \| GFP_USER \) + from, size ); Message: 25: no available token to attach to Regards, Markus ___ Cocci mailing list Cocci@systeme.lip6.fr https://systeme.lip6.fr/mailman/listinfo/cocci
[Cocci] [PATCH 2/2] Coccinelle: extend memdup_user rule with vmemdup_user()
Add vmemdup_user() transformations to the memdup_user.cocci rule. Commit 50fd2f298bef ("new primitive: vmemdup_user()") introduced vmemdup_user(). The function uses kvmalloc with GPF_USER flag. Signed-off-by: Denis Efremov --- scripts/coccinelle/api/memdup_user.cocci | 49 +++- 1 file changed, 47 insertions(+), 2 deletions(-) diff --git a/scripts/coccinelle/api/memdup_user.cocci b/scripts/coccinelle/api/memdup_user.cocci index 49f487e6a5c8..a50def35136e 100644 --- a/scripts/coccinelle/api/memdup_user.cocci +++ b/scripts/coccinelle/api/memdup_user.cocci @@ -37,6 +37,28 @@ identifier l1,l2; -...+> - } +@depends on patch@ +expression from,to,size; +identifier l1,l2; +@@ + +- to = \(kvmalloc\|kvzalloc\)(size,\(GFP_KERNEL\|GFP_USER\)); ++ to = vmemdup_user(from,size); + if ( +- to==NULL ++ IS_ERR(to) + || ...) { + <+... when != goto l1; +- -ENOMEM ++ PTR_ERR(to) + ...+> + } +- if (copy_from_user(to, from, size) != 0) { +-<+... when != goto l2; +--EFAULT +-...+> +- } + @r depends on !patch@ expression from,to,size; position p; @@ -48,14 +70,37 @@ statement S1,S2; if (copy_from_user(to, from, size) != 0) S2 -@script:python depends on org@ +@rv depends on !patch@ +expression from,to,size; +position p; +statement S1,S2; +@@ + +* to = \(kvmalloc@p\|kvzalloc@p\)(size,\(GFP_KERNEL\|GFP_USER\)); + if (to==NULL || ...) S1 + if (copy_from_user(to, from, size) != 0) + S2 + +@script:python depends on org && r@ p << r.p; @@ coccilib.org.print_todo(p[0], "WARNING opportunity for memdup_user") -@script:python depends on report@ +@script:python depends on report && r@ p << r.p; @@ coccilib.report.print_report(p[0], "WARNING opportunity for memdup_user") + +@script:python depends on org && rv@ +p << rv.p; +@@ + +coccilib.org.print_todo(p[0], "WARNING opportunity for vmemdup_user") + +@script:python depends on report && rv@ +p << rv.p; +@@ + +coccilib.report.print_report(p[0], "WARNING opportunity for vmemdup_user") -- 2.26.2 ___ Cocci mailing list Cocci@systeme.lip6.fr https://systeme.lip6.fr/mailman/listinfo/cocci