Re: [PATCH] coccinelle: api: update kzfree script to kfree_sensitive
On Tue, 11 Aug 2020, Denis Efremov wrote:
> Commit 453431a54934 ("mm, treewide: rename kzfree() to kfree_sensitive()")
> renames kzfree to kfree_sensitive and uses memzero_explicit(...) instead of
> memset(..., 0, ...) internally. Update cocci script to reflect these
> changes.
>
> Signed-off-by: Denis Efremov
Applied, thanks.
> ---
> Julia, I think you can squash this commit with original script, or I can
> resend the whole script since it's not merged to the mainline.
>
> .../{kzfree.cocci => kfree_sensitive.cocci} | 29 +--
> 1 file changed, 13 insertions(+), 16 deletions(-)
> rename scripts/coccinelle/api/{kzfree.cocci => kfree_sensitive.cocci} (70%)
>
> diff --git a/scripts/coccinelle/api/kzfree.cocci
> b/scripts/coccinelle/api/kfree_sensitive.cocci
> similarity index 70%
> rename from scripts/coccinelle/api/kzfree.cocci
> rename to scripts/coccinelle/api/kfree_sensitive.cocci
> index 33625bd7cec9..e4a066a0b77d 100644
> --- a/scripts/coccinelle/api/kzfree.cocci
> +++ b/scripts/coccinelle/api/kfree_sensitive.cocci
> @@ -1,13 +1,13 @@
> // SPDX-License-Identifier: GPL-2.0-only
> ///
> -/// Use kzfree, kvfree_sensitive rather than memset or
> -/// memzero_explicit followed by kfree
> +/// Use kfree_sensitive, kvfree_sensitive rather than memset or
> +/// memzero_explicit followed by kfree.
> ///
> // Confidence: High
> // Copyright: (C) 2020 Denis Efremov ISPRAS
> // Options: --no-includes --include-headers
> //
> -// Keywords: kzfree, kvfree_sensitive
> +// Keywords: kfree_sensitive, kvfree_sensitive
> //
>
> virtual context
> @@ -18,7 +18,8 @@ virtual report
> @initialize:python@
> @@
> # kmalloc_oob_in_memset uses memset to explicitly trigger out-of-bounds
> access
> -filter = frozenset(['kmalloc_oob_in_memset', 'kzfree', 'kvfree_sensitive'])
> +filter = frozenset(['kmalloc_oob_in_memset',
> + 'kfree_sensitive', 'kvfree_sensitive'])
>
> def relevant(p):
> return not (filter & {el.current_element for el in p})
> @@ -56,17 +57,13 @@ type T;
> - memzero_explicit@m((T)E, size);
>... when != E
>when strict
> -// TODO: uncomment when kfree_sensitive will be merged.
> -// Only this case is commented out because developers
> -// may not like patches like this since kzfree uses memset
> -// internally (not memzero_explicit).
> -//(
> -//- kfree(E)@p;
> -//+ kfree_sensitive(E);
> -//|
> +(
> +- kfree(E)@p;
> ++ kfree_sensitive(E);
> +|
> - \(vfree\|kvfree\)(E)@p;
> + kvfree_sensitive(E, size);
> -//)
> +)
>
> @rp_memset depends on patch@
> expression E, size;
> @@ -80,7 +77,7 @@ type T;
>when strict
> (
> - kfree(E)@p;
> -+ kzfree(E);
> ++ kfree_sensitive(E);
> |
> - \(vfree\|kvfree\)(E)@p;
> + kvfree_sensitive(E, size);
> @@ -91,11 +88,11 @@ p << r.p;
> @@
>
> coccilib.report.print_report(p[0],
> - "WARNING: opportunity for kzfree/kvfree_sensitive")
> + "WARNING: opportunity for kfree_sensitive/kvfree_sensitive")
>
> @script:python depends on org@
> p << r.p;
> @@
>
> coccilib.org.print_todo(p[0],
> - "WARNING: opportunity for kzfree/kvfree_sensitive")
> + "WARNING: opportunity for kfree_sensitive/kvfree_sensitive")
> --
> 2.26.2
>
>
Re: [PATCH] coccinelle: api: update kzfree script to kfree_sensitive
Ping?
On 8/11/20 10:49 AM, Denis Efremov wrote:
> Commit 453431a54934 ("mm, treewide: rename kzfree() to kfree_sensitive()")
> renames kzfree to kfree_sensitive and uses memzero_explicit(...) instead of
> memset(..., 0, ...) internally. Update cocci script to reflect these
> changes.
>
> Signed-off-by: Denis Efremov
> ---
> Julia, I think you can squash this commit with original script, or I can
> resend the whole script since it's not merged to the mainline.
>
> .../{kzfree.cocci => kfree_sensitive.cocci} | 29 +--
> 1 file changed, 13 insertions(+), 16 deletions(-)
> rename scripts/coccinelle/api/{kzfree.cocci => kfree_sensitive.cocci} (70%)
>
> diff --git a/scripts/coccinelle/api/kzfree.cocci
> b/scripts/coccinelle/api/kfree_sensitive.cocci
> similarity index 70%
> rename from scripts/coccinelle/api/kzfree.cocci
> rename to scripts/coccinelle/api/kfree_sensitive.cocci
> index 33625bd7cec9..e4a066a0b77d 100644
> --- a/scripts/coccinelle/api/kzfree.cocci
> +++ b/scripts/coccinelle/api/kfree_sensitive.cocci
> @@ -1,13 +1,13 @@
> // SPDX-License-Identifier: GPL-2.0-only
> ///
> -/// Use kzfree, kvfree_sensitive rather than memset or
> -/// memzero_explicit followed by kfree
> +/// Use kfree_sensitive, kvfree_sensitive rather than memset or
> +/// memzero_explicit followed by kfree.
> ///
> // Confidence: High
> // Copyright: (C) 2020 Denis Efremov ISPRAS
> // Options: --no-includes --include-headers
> //
> -// Keywords: kzfree, kvfree_sensitive
> +// Keywords: kfree_sensitive, kvfree_sensitive
> //
>
> virtual context
> @@ -18,7 +18,8 @@ virtual report
> @initialize:python@
> @@
> # kmalloc_oob_in_memset uses memset to explicitly trigger out-of-bounds
> access
> -filter = frozenset(['kmalloc_oob_in_memset', 'kzfree', 'kvfree_sensitive'])
> +filter = frozenset(['kmalloc_oob_in_memset',
> + 'kfree_sensitive', 'kvfree_sensitive'])
>
> def relevant(p):
> return not (filter & {el.current_element for el in p})
> @@ -56,17 +57,13 @@ type T;
> - memzero_explicit@m((T)E, size);
>... when != E
>when strict
> -// TODO: uncomment when kfree_sensitive will be merged.
> -// Only this case is commented out because developers
> -// may not like patches like this since kzfree uses memset
> -// internally (not memzero_explicit).
> -//(
> -//- kfree(E)@p;
> -//+ kfree_sensitive(E);
> -//|
> +(
> +- kfree(E)@p;
> ++ kfree_sensitive(E);
> +|
> - \(vfree\|kvfree\)(E)@p;
> + kvfree_sensitive(E, size);
> -//)
> +)
>
> @rp_memset depends on patch@
> expression E, size;
> @@ -80,7 +77,7 @@ type T;
>when strict
> (
> - kfree(E)@p;
> -+ kzfree(E);
> ++ kfree_sensitive(E);
> |
> - \(vfree\|kvfree\)(E)@p;
> + kvfree_sensitive(E, size);
> @@ -91,11 +88,11 @@ p << r.p;
> @@
>
> coccilib.report.print_report(p[0],
> - "WARNING: opportunity for kzfree/kvfree_sensitive")
> + "WARNING: opportunity for kfree_sensitive/kvfree_sensitive")
>
> @script:python depends on org@
> p << r.p;
> @@
>
> coccilib.org.print_todo(p[0],
> - "WARNING: opportunity for kzfree/kvfree_sensitive")
> + "WARNING: opportunity for kfree_sensitive/kvfree_sensitive")
>
[PATCH] coccinelle: api: update kzfree script to kfree_sensitive
Commit 453431a54934 ("mm, treewide: rename kzfree() to kfree_sensitive()")
renames kzfree to kfree_sensitive and uses memzero_explicit(...) instead of
memset(..., 0, ...) internally. Update cocci script to reflect these
changes.
Signed-off-by: Denis Efremov
---
Julia, I think you can squash this commit with original script, or I can
resend the whole script since it's not merged to the mainline.
.../{kzfree.cocci => kfree_sensitive.cocci} | 29 +--
1 file changed, 13 insertions(+), 16 deletions(-)
rename scripts/coccinelle/api/{kzfree.cocci => kfree_sensitive.cocci} (70%)
diff --git a/scripts/coccinelle/api/kzfree.cocci
b/scripts/coccinelle/api/kfree_sensitive.cocci
similarity index 70%
rename from scripts/coccinelle/api/kzfree.cocci
rename to scripts/coccinelle/api/kfree_sensitive.cocci
index 33625bd7cec9..e4a066a0b77d 100644
--- a/scripts/coccinelle/api/kzfree.cocci
+++ b/scripts/coccinelle/api/kfree_sensitive.cocci
@@ -1,13 +1,13 @@
// SPDX-License-Identifier: GPL-2.0-only
///
-/// Use kzfree, kvfree_sensitive rather than memset or
-/// memzero_explicit followed by kfree
+/// Use kfree_sensitive, kvfree_sensitive rather than memset or
+/// memzero_explicit followed by kfree.
///
// Confidence: High
// Copyright: (C) 2020 Denis Efremov ISPRAS
// Options: --no-includes --include-headers
//
-// Keywords: kzfree, kvfree_sensitive
+// Keywords: kfree_sensitive, kvfree_sensitive
//
virtual context
@@ -18,7 +18,8 @@ virtual report
@initialize:python@
@@
# kmalloc_oob_in_memset uses memset to explicitly trigger out-of-bounds access
-filter = frozenset(['kmalloc_oob_in_memset', 'kzfree', 'kvfree_sensitive'])
+filter = frozenset(['kmalloc_oob_in_memset',
+ 'kfree_sensitive', 'kvfree_sensitive'])
def relevant(p):
return not (filter & {el.current_element for el in p})
@@ -56,17 +57,13 @@ type T;
- memzero_explicit@m((T)E, size);
... when != E
when strict
-// TODO: uncomment when kfree_sensitive will be merged.
-// Only this case is commented out because developers
-// may not like patches like this since kzfree uses memset
-// internally (not memzero_explicit).
-//(
-//- kfree(E)@p;
-//+ kfree_sensitive(E);
-//|
+(
+- kfree(E)@p;
++ kfree_sensitive(E);
+|
- \(vfree\|kvfree\)(E)@p;
+ kvfree_sensitive(E, size);
-//)
+)
@rp_memset depends on patch@
expression E, size;
@@ -80,7 +77,7 @@ type T;
when strict
(
- kfree(E)@p;
-+ kzfree(E);
++ kfree_sensitive(E);
|
- \(vfree\|kvfree\)(E)@p;
+ kvfree_sensitive(E, size);
@@ -91,11 +88,11 @@ p << r.p;
@@
coccilib.report.print_report(p[0],
- "WARNING: opportunity for kzfree/kvfree_sensitive")
+ "WARNING: opportunity for kfree_sensitive/kvfree_sensitive")
@script:python depends on org@
p << r.p;
@@
coccilib.org.print_todo(p[0],
- "WARNING: opportunity for kzfree/kvfree_sensitive")
+ "WARNING: opportunity for kfree_sensitive/kvfree_sensitive")
--
2.26.2
