lude a link in the checkpatch
warning to it? (Feel free to just reuse the text removed from
deprecated.rst)
--
Kees Cook
___
Cocci mailing list
Cocci@systeme.lip6.fr
https://systeme.lip6.fr/mailman/listinfo/cocci
+ return 0;
This can be:
if (WARN(pos < buf, "pos < buf\n") ||
WARN(pos - buf >= PAGE_SIZE, "pos >= PAGE_SIZE (%tu > %lu)\n",
pos - buf, PAGE_SIZE))
return 0;
--
Kees Cook
___
Cocci mailing list
Cocci@systeme.lip6.fr
https://systeme.lip6.fr/mailman/listinfo/cocci
args ...);
remaining -= scnprintf(buf, remaining, "fmt", var args ...);
return PAGE_SIZE - remaining;
}
--
Kees Cook
___
Cocci mailing list
Cocci@systeme.lip6.fr
https://systeme.lip6.fr/mailman/listinfo/cocci
mISDN/core.c-}
> > > drivers/isdn/mISDN/core.c-static DEVICE_ATTR_RO(name);
> >
> > That form ends up calculating the string length twice.
> > Better would be:
> > len = strlen(msg);
> > memcpy(buf, msg, len);
> > return len;
>
> or give
uot; part is to effectively
collect it into E (as in, both the left and right of the & must match).
So to do the matching from earlier:
@@
identifier i, fld;
expression e, ARG1, ARG2;
@@
array_size(\(\(i\|e.fld\|e->fld\) \& ARG1\), ARG2);
?
--
Kees Cook
_
On Wed, Jun 17, 2020 at 08:54:03PM +0200, Julia Lawall wrote:
>
>
> On Wed, 17 Jun 2020, Kees Cook wrote:
>
> > On Mon, Jun 15, 2020 at 01:20:45PM +0300, Denis Efremov wrote:
> > > +@as@
> > > +expression E1, E2;
> > > +@@
> > > +
>
ARG1;
expression ARG2;
@@
array_size(ARG1, ARG2);
How do I get something to match A and B but not C and D (i.e. I do not
want to match any operations, function calls, etc, only a variable,
which may be identified through dereference, array index, or struct
member acc
On Mon, Jun 15, 2020 at 01:20:45PM +0300, Denis Efremov wrote:
> Detect an opencoded expression that is used before or after
> array_size()/array3_size()/struct_size() to compute the same size.
>
> Cc: Kees Cook
> Signed-off-by: Denis Efremov
Oh, very cool! How much does this
redundant" boot
params you've noticed in the kernel? I bet there are a lot. :)
--
Kees Cook
___
Cocci mailing list
Cocci@systeme.lip6.fr
https://systeme.lip6.fr/mailman/listinfo/cocci
ng_task panic is set
> as of now and the goal of this patch is give users more flexibility,
> I vote to keep default as 0. I can respin a V3 in case more people
> want to see it enabled by default. Thanks in advance for the review!
Yeah, most things like this we've tried to be conservativ
will report only how much was
/// actually written, keeping any overflows from happening.
///
// Confidence: Moderate
// Copyright: (C) 2018 Kees Cook, Google. GPLv2.
// URL: http://coccinelle.lip6.fr/
// Options: --all-includes --include-headers
virtual patch
@sum_patch depends on patch exists
On Sun, Sep 30, 2018 at 8:40 AM, Julia Lawall wrote:
>
>
> On Sun, 30 Sep 2018, Lars-Peter Clausen wrote:
>
>> On 09/27/2018 08:51 PM, Kees Cook wrote:
>> > Hi,
>> >
>> > This .cocci takes a VERY long time to run against the kernel, and I'd
>&
- PRODUCT = ((ICOUNT)) * ((ISIZE))
+ PRODUCT = array_size(ICOUNT, ISTRIDE, ISIZE)
|
- PRODUCT = ((ICOUNT)) * ((ESIZE))
+ PRODUCT = array_size(ICOUNT, ESIZE)
|
- PRODUCT = ((ECOUNT)) * ((ESIZE))
+ PRODUCT = array_size(ECOUNT, ESIZE)
)
... when != PRODUCT = OTHER
alloc(..., PRODUCT, ...)
Thanks!
-Kees
On Thu, Aug 23, 2018 at 3:21 PM, Joe Perches wrote:
> On Thu, 2018-08-23 at 18:13 -0400, Julia Lawall wrote:
>>
>> On Thu, 23 Aug 2018, Kees Cook wrote:
>>
>> (a + b) * c
>>
>> It will consider a pattern with the parentheses removed, but that pattern
>
On Thu, Aug 23, 2018 at 3:00 PM, Julia Lawall wrote:
>
>
> On Thu, 23 Aug 2018, Kees Cook wrote:
>
>> On Thu, Aug 23, 2018 at 2:48 PM, Joe Perches wrote:
>> > Forwarding a question about coccinelle and isomorphisms from Kees Cook
>> >
>> > --
On Thu, Aug 23, 2018 at 2:48 PM, Joe Perches wrote:
> Forwarding a question about coccinelle and isomorphisms from Kees Cook
>
> -- Forwarded message --
> From: Kees Cook
> To: "Gustavo A. R. Silva"
> Cc: Alessandro Zummo , Alexandre Belloni
> ,
Hi,
I normally use "--dir ." when doing recursive runs in the kernel tree,
but I want to avoid changes in the tools/ subdirectory. I can't find
anything like --exclude, and --dir can't be specified multiple times.
Is there an existing solution I'm missing?
Thanks!
-Kees
--
Kees
On Fri, Sep 1, 2017 at 2:40 AM, Elena Reshetova
wrote:
> atomic_as_refcounter.cocci script allows detecting
> cases when refcount_t type and API should be used
> instead of atomic_t.
>
> Signed-off-by: Elena Reshetova
> Acked-by: Julia Lawall
Reviewed-by: Kees Cook
Oops
On Mon, Jun 11, 2018 at 4:17 PM, Kees Cook wrote:
> Hi,
>
> I've been doing some large treewide changes to the allocators, and I
> notice that Coccinelle does something odd for a specific case. I have
> two scripts, one operating on kmalloc() and one operating on
xing it up...
-Kees
--
Kees Cook
Pixel Security
___
Cocci mailing list
Cocci@systeme.lip6.fr
https://systeme.lip6.fr/mailman/listinfo/cocci
On Thu, May 3, 2018 at 5:36 PM, Kees Cook <keesc...@chromium.org> wrote:
> On Thu, May 3, 2018 at 4:00 PM, Rasmus Villemoes
> <li...@rasmusvillemoes.dk> wrote:
>> On 2018-05-01 19:00, Kees Cook wrote:
>>> On Mon, Apr 30, 2018 at 2:29 PM, Rasmus Villemoes
>
On Thu, May 3, 2018 at 4:00 PM, Rasmus Villemoes
<li...@rasmusvillemoes.dk> wrote:
> On 2018-05-01 19:00, Kees Cook wrote:
>> On Mon, Apr 30, 2018 at 2:29 PM, Rasmus Villemoes
>> <li...@rasmusvillemoes.dk> wrote:
>>>
>>> gcc 5.1+ (I think) have
On Mon, Apr 30, 2018 at 2:29 PM, Rasmus Villemoes
<li...@rasmusvillemoes.dk> wrote:
> On 2018-04-30 22:16, Matthew Wilcox wrote:
>> On Mon, Apr 30, 2018 at 12:02:14PM -0700, Kees Cook wrote:
>>>
>>> Getting the constant ordering right could be part of the
On Mon, Apr 30, 2018 at 1:16 PM, Matthew Wilcox <wi...@infradead.org> wrote:
> On Mon, Apr 30, 2018 at 12:02:14PM -0700, Kees Cook wrote:
>> For any longer multiplications, I've only found[1]:
>>
>> drivers/staging/rtl8188eu/os_dep/osdep_service.c: void **a =
On Sun, Apr 29, 2018 at 1:30 PM, Matthew Wilcox <wi...@infradead.org> wrote:
> On Sun, Apr 29, 2018 at 09:59:27AM -0700, Kees Cook wrote:
>> Did this ever happen?
>
> Not yet. I brought it up at LSFMM, and I'll repost the patches soon.
>
>> I'd also like to see kmal
[0]) +
> __must_be_array(arr))
>
> +/**
> + * for_each_array_element - Iterate all items in an array
> + * @elem: pointer of array type for iteration cursor
> + * @array: array to be iterated
> + */
> +#define for_each_array_element(elem, array) \
> + for (elem = &
), gfp)
> +
> extern void kvfree(const void *addr);
>
> static inline atomic_t *compound_mapcount_ptr(struct page *page)
It might be nice to include another patch that replaces some of the
existing/common uses of a*b+c with the new function...
Otherwise, yes, please. We could build a coccinelle rule for
additional replacements...
-Kees
--
Kees Cook
Pixel Security
___
Cocci mailing list
Cocci@systeme.lip6.fr
https://systeme.lip6.fr/mailman/listinfo/cocci
.@lip6.fr>
Cc: Gilles Muller <gilles.mul...@lip6.fr>
Cc: Nicolas Palix <nicolas.pa...@imag.fr>
Cc: Michal Marek <mma...@suse.com>
Cc: cocci@systeme.lip6.fr
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
scripts/coccinelle/api/setup_timer.cocci | 129 ++
On Sat, Sep 16, 2017 at 10:25 PM, Julia Lawall <julia.law...@lip6.fr> wrote:
>
>
> On Sat, 16 Sep 2017, Kees Cook wrote:
>
>> Hi,
>>
>> If I have several structures inline, "identifier" doesn't match it. For
>> example:
>>
to match
all of these with a single type of metavariable:
setup_timer(>timer, ...);
setup_timer(>struct1.timer, ...);
setup_timer(>struct1.struct2.timer, ...);
etc
Thanks!
-Kees
--
Kees Cook
Pixel Security
___
Cocci mailing list
Cocci@systeme.lip6.fr
https://systeme.lip6.fr/mailman/listinfo/cocci
.@lip6.fr>
Cc: Gilles Muller <gilles.mul...@lip6.fr>
Cc: Nicolas Palix <nicolas.pa...@imag.fr>
Cc: Michal Marek <mma...@suse.com>
Cc: cocci@systeme.lip6.fr
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
scripts/coccinelle/api/setup_timer.cocci | 129 ++
On Mon, Aug 28, 2017 at 4:34 AM, Julia Lawall <julia.law...@lip6.fr> wrote:
>
>
> On Sun, 27 Aug 2017, Kees Cook wrote:
>
>> Hi,
>>
>> So, I noticed that if I replace argument types in a function,
>> coccinelle will normally replace them i
name:
static void authenticate_timeout(u_long);
static void verify_dl_startup(u_long);
Is this a bug, or did I write my rule in some way that excludes these
forward declarations?
Thanks!
-Kees
--
Kees Cook
Pixel Security
___
Cocci mailing list
Cocci
On Wed, Aug 23, 2017 at 2:19 PM, Julia Lawall <julia.law...@lip6.fr> wrote:
>
>
> On Wed, 23 Aug 2017, Kees Cook wrote:
>
>> I think I'm getting closer. Here are some specific examples that don't
>> seem to work:
>>
>> ---match_callback.cocci---
>>
I think I'm getting closer. Here are some specific examples that don't
seem to work:
---match_callback.cocci---
virtual patch
@match_timer_function_usage
depends on patch@
expression _E;
struct timer_list _e;
identifier _timer;
identifier _callback;
type _cast_func, _cast_data;
@@
(
On Wed, Aug 23, 2017 at 6:13 AM, Julia Lawall <julia.law...@lip6.fr> wrote:
>
>
> On Tue, 22 Aug 2017, Kees Cook wrote:
>
>> This improves the patch mode of setup_timer.cocci. Several patterns were
>> missing:
>> - assignments-before-init_timer() cases
&
On Fri, Aug 18, 2017 at 10:08 AM, Julia Lawall <julia.law...@lip6.fr> wrote:
>
>
> On Fri, 18 Aug 2017, Kees Cook wrote:
>
>> I'd like to have a rule that would match both:
>>
>> function(ptr);
>> ptr->field = 7;
>>
>> and
>>
>&g
ees
--
Kees Cook
Pixel Security
___
Cocci mailing list
Cocci@systeme.lip6.fr
https://systeme.lip6.fr/mailman/listinfo/cocci
k, this "?y=a" catches the seccomp case I pointed out?
while (orig && atomic_dec_and_test(>usage)) {
struct seccomp_filter *freeme = orig;
orig = orig->prev;
seccomp_filter_free(freeme);
}
Seems like it should match. Did this find anything else besides seccomp?
-Kees
--
Kees Cook
Pixel Security
___
Cocci mailing list
Cocci@systeme.lip6.fr
https://systeme.lip6.fr/mailman/listinfo/cocci
eld it was a u32. Also, should binop include
"=="?
And we need to add back in get_user() too... hmmm
-Kees
--
Kees Cook
Nexus Security
___
Cocci mailing list
Cocci@systeme.lip6.fr
https://systeme.lip6.fr/mailman/listinfo/cocci
On Tue, Jan 10, 2017 at 11:30 AM, Julia Lawall <julia.law...@lip6.fr> wrote:
>
>
> On Tue, 10 Jan 2017, Kees Cook wrote:
>
>> On Tue, Jan 10, 2017 at 10:28 AM, Julia Lawall <julia.law...@lip6.fr> wrote:
>> >> +./drivers/net/ethernet/chelsio/cxgb3/cxgb3
On Tue, Jan 10, 2017 at 11:23 AM, Kees Cook <keesc...@chromium.org> wrote:
> On Tue, Jan 10, 2017 at 10:28 AM, Julia Lawall <julia.law...@lip6.fr> wrote:
>>> +./drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c:2159
>>> +./drivers/net/ethernet/chelsio/cxgb3/cxg
return -EFAULT;
If there is any logic that examines cmd (u32) and operates on t
(struct ch_qset_params), there could be a flaw. It doesn't look like
it here, but a "correct" version of this would be:
if (copy_from_user(, useraddr, sizeof(t)))
Tuesday 27 December 2016 11:51 PM, Julia Lawall wrote:
>>>>
>>>> I totally dropped the ball on this. Many thanks to Vaishali for
>>>> resurrecting it.
>>>>
>>>> Some changes are suggested below.
>>>>
>>>> On Tue, 26 Ap
this. Many thanks to Vaishali for
> resurrecting it.
>
> Some changes are suggested below.
>
> On Tue, 26 Apr 2016, Kees Cook wrote:
>
> This is usually a sign of a resized request. This adds a check for
> potential races or confusions. The check isn't 100% accurate, so it
> need
On Mon, Jan 9, 2017 at 12:56 PM, Kees Cook <keesc...@chromium.org> wrote:
> On Mon, Jan 9, 2017 at 11:08 AM, Julia Lawall <julia.law...@lip6.fr> wrote:
>>
>> On Mon, 9 Jan 2017, Vaishali Thakkar wrote:
>>
>>> Here, may be we should add few more lines from
;> > resurrecting it.
>> >
>> > Some changes are suggested below.
>> >
>> > On Tue, 26 Apr 2016, Kees Cook wrote:
>> >
>> > > This is usually a sign of a resized request. This adds a check for
>> > > potential races or confusion
By default, "seq" counts from 1, but processes were starting counting
from 0, so when interrupted, coccicheck would leave the 0th process
running.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
scripts/coccicheck | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff
On Tue, Apr 26, 2016 at 3:24 PM, Kees Cook <keesc...@chromium.org> wrote:
> This is usually a sign of a resized request. This adds a check for
> potential races or confusions. The check isn't 100% accurate, so it
> needs some manual review.
>
> Signed-off-by: Kees Cook &
This is usually a sign of a resized request. This adds a check for
potential races or confusions. The check isn't 100% accurate, so it
needs some manual review.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
scripts/coccinelle/tests/reusercopy.cocci | 36
50 matches
Mail list logo
