Re: [PATCH v4] coccinelle: api: add kzfree script
On 8/11/20 2:45 AM, Eric Biggers wrote: > On Fri, Jul 17, 2020 at 10:39:20PM +0200, Julia Lawall wrote: >> >> >> On Fri, 17 Jul 2020, Denis Efremov wrote: >> >>> Check for memset()/memzero_explicit() followed by kfree()/vfree()/kvfree(). >>> >>> Signed-off-by: Denis Efremov >> >> Applied. > > FYI, this new script is already outdated, since kzfree() has been renamed to > kfree_sensitive(). > Ok, I will send an update. Thanks,Denis
Re: [PATCH v4] coccinelle: api: add kzfree script
On Fri, Jul 17, 2020 at 10:39:20PM +0200, Julia Lawall wrote: > > > On Fri, 17 Jul 2020, Denis Efremov wrote: > > > Check for memset()/memzero_explicit() followed by kfree()/vfree()/kvfree(). > > > > Signed-off-by: Denis Efremov > > Applied. FYI, this new script is already outdated, since kzfree() has been renamed to kfree_sensitive(). - Eric
Re: [PATCH v4] coccinelle: api: add kzfree script
On Fri, 17 Jul 2020, Denis Efremov wrote: > Check for memset()/memzero_explicit() followed by kfree()/vfree()/kvfree(). > > Signed-off-by: Denis Efremov Applied. > --- > Changes in v2: > - memset_explicit() added > - kvfree_sensitive() added > - forall added to r1 > - ... between memset and kfree added > Changes in v3: > - Explicit filter for definitions instead of !(file in "...") conditions > - type T added to match casts > - memzero_explicit() patterns fixed > - additional rule "cond" added to filter false-positives > Changes in v4: > - memset call fixed in rp_memset > - @m added to rp_memset,rp_memzero rules > > scripts/coccinelle/api/kzfree.cocci | 101 > 1 file changed, 101 insertions(+) > create mode 100644 scripts/coccinelle/api/kzfree.cocci > > diff --git a/scripts/coccinelle/api/kzfree.cocci > b/scripts/coccinelle/api/kzfree.cocci > new file mode 100644 > index ..33625bd7cec9 > --- /dev/null > +++ b/scripts/coccinelle/api/kzfree.cocci > @@ -0,0 +1,101 @@ > +// SPDX-License-Identifier: GPL-2.0-only > +/// > +/// Use kzfree, kvfree_sensitive rather than memset or > +/// memzero_explicit followed by kfree > +/// > +// Confidence: High > +// Copyright: (C) 2020 Denis Efremov ISPRAS > +// Options: --no-includes --include-headers > +// > +// Keywords: kzfree, kvfree_sensitive > +// > + > +virtual context > +virtual patch > +virtual org > +virtual report > + > +@initialize:python@ > +@@ > +# kmalloc_oob_in_memset uses memset to explicitly trigger out-of-bounds > access > +filter = frozenset(['kmalloc_oob_in_memset', 'kzfree', 'kvfree_sensitive']) > + > +def relevant(p): > +return not (filter & {el.current_element for el in p}) > + > +@cond@ > +position ok; > +@@ > + > +if (...) > + \(memset@ok\|memzero_explicit@ok\)(...); > + > +@r depends on !patch forall@ > +expression E; > +position p : script:python() { relevant(p) }; > +position m != cond.ok; > +type T; > +@@ > + > +( > +* memset@m((T)E, 0, ...); > +| > +* memzero_explicit@m((T)E, ...); > +) > + ... when != E > + when strict > +* \(kfree\|vfree\|kvfree\)(E)@p; > + > +@rp_memzero depends on patch@ > +expression E, size; > +position p : script:python() { relevant(p) }; > +position m != cond.ok; > +type T; > +@@ > + > +- memzero_explicit@m((T)E, size); > + ... when != E > + when strict > +// TODO: uncomment when kfree_sensitive will be merged. > +// Only this case is commented out because developers > +// may not like patches like this since kzfree uses memset > +// internally (not memzero_explicit). > +//( > +//- kfree(E)@p; > +//+ kfree_sensitive(E); > +//| > +- \(vfree\|kvfree\)(E)@p; > ++ kvfree_sensitive(E, size); > +//) > + > +@rp_memset depends on patch@ > +expression E, size; > +position p : script:python() { relevant(p) }; > +position m != cond.ok; > +type T; > +@@ > + > +- memset@m((T)E, 0, size); > + ... when != E > + when strict > +( > +- kfree(E)@p; > ++ kzfree(E); > +| > +- \(vfree\|kvfree\)(E)@p; > ++ kvfree_sensitive(E, size); > +) > + > +@script:python depends on report@ > +p << r.p; > +@@ > + > +coccilib.report.print_report(p[0], > + "WARNING: opportunity for kzfree/kvfree_sensitive") > + > +@script:python depends on org@ > +p << r.p; > +@@ > + > +coccilib.org.print_todo(p[0], > + "WARNING: opportunity for kzfree/kvfree_sensitive") > -- > 2.26.2 > >
Re: [PATCH v4] coccinelle: api: add kzfree script
I dare to repeat previous patch review aspects once more. https://lore.kernel.org/cocci/a316f076-1686-25d8-18fe-1bbc0cf9a...@web.de/ … > +virtual context > +virtual patch > +virtual org > +virtual report +virtual context, patch, org, report Is such a SmPL code variant more succinct? … > +if (...) > + \(memset@ok\|memzero_explicit@ok\)(...); Would you like to tolerate any extra source code around such a function call in an if branch? … > +( > +* memset@m((T)E, 0, ...); > +| > +* memzero_explicit@m((T)E, ...); > +) … I suggest to move a semicolon. +( +*memset@m((T)E, 0, ...) +| +*memzero_explicit@m((T)E, ...) +); … > +- \(kfree\|vfree\|kvfree\)(E); > ++ kvfree_sensitive(E, size); … Would you like to increase the precision a bit for the change specification? +-\(kfree\|vfree\|kvfree\) ++kvfree_sensitive + (E ++ , size + ); … > +( > +- kfree(E); > ++ kzfree(E); > +| > +- \(vfree\|kvfree\)(E); > ++ kvfree_sensitive(E, size); > +) … +( +-kfree ++kzfree + (E) +| +-\(vfree\|kvfree\) ++kvfree_sensitive + (E ++ , size + ) +); … > +// TODO: uncomment when kfree_sensitive will be merged. > +// Only this case is commented out because developers > +// may not like patches like this since kzfree uses memset > +// internally (not memzero_explicit). Will this information trigger any further clarification? … > +coccilib.org.print_todo(p[0], > + "WARNING: opportunity for kzfree/kvfree_sensitive") I propose to align the second function parameter. +coccilib.org.print_todo(p[0], +"WARNING: opportunity for kzfree/kvfree_sensitive") Regards, Markus
[PATCH v4] coccinelle: api: add kzfree script
Check for memset()/memzero_explicit() followed by kfree()/vfree()/kvfree(). Signed-off-by: Denis Efremov --- Changes in v2: - memset_explicit() added - kvfree_sensitive() added - forall added to r1 - ... between memset and kfree added Changes in v3: - Explicit filter for definitions instead of !(file in "...") conditions - type T added to match casts - memzero_explicit() patterns fixed - additional rule "cond" added to filter false-positives Changes in v4: - memset call fixed in rp_memset - @m added to rp_memset,rp_memzero rules scripts/coccinelle/api/kzfree.cocci | 101 1 file changed, 101 insertions(+) create mode 100644 scripts/coccinelle/api/kzfree.cocci diff --git a/scripts/coccinelle/api/kzfree.cocci b/scripts/coccinelle/api/kzfree.cocci new file mode 100644 index ..33625bd7cec9 --- /dev/null +++ b/scripts/coccinelle/api/kzfree.cocci @@ -0,0 +1,101 @@ +// SPDX-License-Identifier: GPL-2.0-only +/// +/// Use kzfree, kvfree_sensitive rather than memset or +/// memzero_explicit followed by kfree +/// +// Confidence: High +// Copyright: (C) 2020 Denis Efremov ISPRAS +// Options: --no-includes --include-headers +// +// Keywords: kzfree, kvfree_sensitive +// + +virtual context +virtual patch +virtual org +virtual report + +@initialize:python@ +@@ +# kmalloc_oob_in_memset uses memset to explicitly trigger out-of-bounds access +filter = frozenset(['kmalloc_oob_in_memset', 'kzfree', 'kvfree_sensitive']) + +def relevant(p): +return not (filter & {el.current_element for el in p}) + +@cond@ +position ok; +@@ + +if (...) + \(memset@ok\|memzero_explicit@ok\)(...); + +@r depends on !patch forall@ +expression E; +position p : script:python() { relevant(p) }; +position m != cond.ok; +type T; +@@ + +( +* memset@m((T)E, 0, ...); +| +* memzero_explicit@m((T)E, ...); +) + ... when != E + when strict +* \(kfree\|vfree\|kvfree\)(E)@p; + +@rp_memzero depends on patch@ +expression E, size; +position p : script:python() { relevant(p) }; +position m != cond.ok; +type T; +@@ + +- memzero_explicit@m((T)E, size); + ... when != E + when strict +// TODO: uncomment when kfree_sensitive will be merged. +// Only this case is commented out because developers +// may not like patches like this since kzfree uses memset +// internally (not memzero_explicit). +//( +//- kfree(E)@p; +//+ kfree_sensitive(E); +//| +- \(vfree\|kvfree\)(E)@p; ++ kvfree_sensitive(E, size); +//) + +@rp_memset depends on patch@ +expression E, size; +position p : script:python() { relevant(p) }; +position m != cond.ok; +type T; +@@ + +- memset@m((T)E, 0, size); + ... when != E + when strict +( +- kfree(E)@p; ++ kzfree(E); +| +- \(vfree\|kvfree\)(E)@p; ++ kvfree_sensitive(E, size); +) + +@script:python depends on report@ +p << r.p; +@@ + +coccilib.report.print_report(p[0], + "WARNING: opportunity for kzfree/kvfree_sensitive") + +@script:python depends on org@ +p << r.p; +@@ + +coccilib.org.print_todo(p[0], + "WARNING: opportunity for kzfree/kvfree_sensitive") -- 2.26.2