coccinelle/api/memdup_user.cocci

0001 // SPDX-License-Identifier: GPL-2.0-only
0002 /// Use memdup_user rather than duplicating its implementation
0003 /// This is a little bit restricted to reduce false positives
0004 ///
0005 // Confidence: High
0006 // Copyright: (C) 2010-2012 Nicolas Palix.
0007 // Copyright: (C) 2010-2012 Julia Lawall, INRIA/LIP6.
0008 // Copyright: (C) 2010-2012 Gilles Muller, INRIA/LiP6.
0009 // URL: https://coccinelle.gitlabpages.inria.fr/website
0010 // Comments:
0011 // Options: --no-includes --include-headers
0012
0013 virtual patch
0014 virtual context
0015 virtual org
0016 virtual report
0017
0018 @initialize:python@
0019 @@
0020 filter = frozenset(['memdup_user', 'vmemdup_user'])
0021
0022 def relevant(p):
0023     return not (filter & {el.current_element for el in p})
0024
0025 @depends on patch@
0026 expression from,to,size;
0027 identifier l1,l2;
0028 position p : script:python() { relevant(p) };
0029 @@
0030
0031 -  to = \(kmalloc@p\|kzalloc@p\)
0032 -               (size,\(GFP_KERNEL\|GFP_USER\|
0033 -                     \(GFP_KERNEL\|GFP_USER\)|__GFP_NOWARN\));
0034 +  to = memdup_user(from,size);
0035    if (
0036 -      to==NULL
0037 +      IS_ERR(to)
0038                  || ...) {
0039    <+... when != goto l1;
0040 -  -ENOMEM
0041 +  PTR_ERR(to)
0042    ...+>
0043    }
0044 -  if (copy_from_user(to, from, size) != 0) {
0045 -    <+... when != goto l2;
0046 -    -EFAULT
0047 -    ...+>
0048 -  }
0049
0050 @depends on patch@
0051 expression from,to,size;
0052 identifier l1,l2;
0053 position p : script:python() { relevant(p) };
0054 @@
0055
0056 -  to = \(kvmalloc@p\|kvzalloc@p\)(size,\(GFP_KERNEL\|GFP_USER\));
0057 +  to = vmemdup_user(from,size);
0058    if (
0059 -      to==NULL
0060 +      IS_ERR(to)
0061                  || ...) {
0062    <+... when != goto l1;
0063 -  -ENOMEM
0064 +  PTR_ERR(to)
0065    ...+>
0066    }
0067 -  if (copy_from_user(to, from, size) != 0) {
0068 -    <+... when != goto l2;
0069 -    -EFAULT
0070 -    ...+>
0071 -  }
0072
0073 @r depends on !patch@
0074 expression from,to,size;
0075 position p : script:python() { relevant(p) };
0076 statement S1,S2;
0077 @@
0078
0079 *  to = \(kmalloc@p\|kzalloc@p\)
0080                 (size,\(GFP_KERNEL\|GFP_USER\|
0081                       \(GFP_KERNEL\|GFP_USER\)|__GFP_NOWARN\));
0082    if (to==NULL || ...) S1
0083    if (copy_from_user(to, from, size) != 0)
0084    S2
0085
0086 @rv depends on !patch@
0087 expression from,to,size;
0088 position p : script:python() { relevant(p) };
0089 statement S1,S2;
0090 @@
0091
0092 *  to = \(kvmalloc@p\|kvzalloc@p\)(size,\(GFP_KERNEL\|GFP_USER\));
0093    if (to==NULL || ...) S1
0094    if (copy_from_user(to, from, size) != 0)
0095    S2
0096
0097 @script:python depends on org@
0098 p << r.p;
0099 @@
0100
0101 coccilib.org.print_todo(p[0], "WARNING opportunity for memdup_user")
0102
0103 @script:python depends on report@
0104 p << r.p;
0105 @@
0106
0107 coccilib.report.print_report(p[0], "WARNING opportunity for memdup_user")
0108
0109 @script:python depends on org@
0110 p << rv.p;
0111 @@
0112
0113 coccilib.org.print_todo(p[0], "WARNING opportunity for vmemdup_user")
0114
0115 @script:python depends on report@
0116 p << rv.p;
0117 @@
0118
0119 coccilib.report.print_report(p[0], "WARNING opportunity for vmemdup_user")