1 // SPDX-License-Identifier: GPL-2.0-only 1 // SPDX-License-Identifier: GPL-2.0-only 2 /// Use memdup_user rather than duplicating it 2 /// Use memdup_user rather than duplicating its implementation 3 /// This is a little bit restricted to reduce 3 /// This is a little bit restricted to reduce false positives 4 /// 4 /// 5 // Confidence: High 5 // Confidence: High 6 // Copyright: (C) 2010-2012 Nicolas Palix. 6 // Copyright: (C) 2010-2012 Nicolas Palix. 7 // Copyright: (C) 2010-2012 Julia Lawall, INRI 7 // Copyright: (C) 2010-2012 Julia Lawall, INRIA/LIP6. 8 // Copyright: (C) 2010-2012 Gilles Muller, INR 8 // Copyright: (C) 2010-2012 Gilles Muller, INRIA/LiP6. 9 // URL: https://coccinelle.gitlabpages.inria.f 9 // URL: https://coccinelle.gitlabpages.inria.fr/website 10 // Comments: 10 // Comments: 11 // Options: --no-includes --include-headers 11 // Options: --no-includes --include-headers 12 12 13 virtual patch 13 virtual patch 14 virtual context 14 virtual context 15 virtual org 15 virtual org 16 virtual report 16 virtual report 17 17 18 @initialize:python@ 18 @initialize:python@ 19 @@ 19 @@ 20 filter = frozenset(['memdup_user', 'vmemdup_us 20 filter = frozenset(['memdup_user', 'vmemdup_user']) 21 21 22 def relevant(p): 22 def relevant(p): 23 return not (filter & {el.current_element f 23 return not (filter & {el.current_element for el in p}) 24 24 25 @depends on patch@ 25 @depends on patch@ 26 expression from,to,size; 26 expression from,to,size; 27 identifier l1,l2; 27 identifier l1,l2; 28 position p : script:python() { relevant(p) }; 28 position p : script:python() { relevant(p) }; 29 @@ 29 @@ 30 30 31 - to = \(kmalloc@p\|kzalloc@p\) 31 - to = \(kmalloc@p\|kzalloc@p\) 32 - (size,\(GFP_KERNEL\|GFP_USER\| 32 - (size,\(GFP_KERNEL\|GFP_USER\| 33 - \(GFP_KERNEL\|GFP_USER\) 33 - \(GFP_KERNEL\|GFP_USER\)|__GFP_NOWARN\)); 34 + to = memdup_user(from,size); 34 + to = memdup_user(from,size); 35 if ( 35 if ( 36 - to==NULL 36 - to==NULL 37 + IS_ERR(to) 37 + IS_ERR(to) 38 || ...) { 38 || ...) { 39 <+... when != goto l1; 39 <+... when != goto l1; 40 - -ENOMEM 40 - -ENOMEM 41 + PTR_ERR(to) 41 + PTR_ERR(to) 42 ...+> 42 ...+> 43 } 43 } 44 - if (copy_from_user(to, from, size) != 0) { 44 - if (copy_from_user(to, from, size) != 0) { 45 - <+... when != goto l2; 45 - <+... when != goto l2; 46 - -EFAULT 46 - -EFAULT 47 - ...+> 47 - ...+> 48 - } 48 - } 49 49 50 @depends on patch@ 50 @depends on patch@ 51 expression from,to,size; 51 expression from,to,size; 52 identifier l1,l2; 52 identifier l1,l2; 53 position p : script:python() { relevant(p) }; 53 position p : script:python() { relevant(p) }; 54 @@ 54 @@ 55 55 56 - to = \(kvmalloc@p\|kvzalloc@p\)(size,\(GFP_ 56 - to = \(kvmalloc@p\|kvzalloc@p\)(size,\(GFP_KERNEL\|GFP_USER\)); 57 + to = vmemdup_user(from,size); 57 + to = vmemdup_user(from,size); 58 if ( 58 if ( 59 - to==NULL 59 - to==NULL 60 + IS_ERR(to) 60 + IS_ERR(to) 61 || ...) { 61 || ...) { 62 <+... when != goto l1; 62 <+... when != goto l1; 63 - -ENOMEM 63 - -ENOMEM 64 + PTR_ERR(to) 64 + PTR_ERR(to) 65 ...+> 65 ...+> 66 } 66 } 67 - if (copy_from_user(to, from, size) != 0) { 67 - if (copy_from_user(to, from, size) != 0) { 68 - <+... when != goto l2; 68 - <+... when != goto l2; 69 - -EFAULT 69 - -EFAULT 70 - ...+> 70 - ...+> 71 - } 71 - } 72 72 73 @r depends on !patch@ 73 @r depends on !patch@ 74 expression from,to,size; 74 expression from,to,size; 75 position p : script:python() { relevant(p) }; 75 position p : script:python() { relevant(p) }; 76 statement S1,S2; 76 statement S1,S2; 77 @@ 77 @@ 78 78 79 * to = \(kmalloc@p\|kzalloc@p\) 79 * to = \(kmalloc@p\|kzalloc@p\) 80 (size,\(GFP_KERNEL\|GFP_USER\| 80 (size,\(GFP_KERNEL\|GFP_USER\| 81 \(GFP_KERNEL\|GFP_USER\) 81 \(GFP_KERNEL\|GFP_USER\)|__GFP_NOWARN\)); 82 if (to==NULL || ...) S1 82 if (to==NULL || ...) S1 83 if (copy_from_user(to, from, size) != 0) 83 if (copy_from_user(to, from, size) != 0) 84 S2 84 S2 85 85 86 @rv depends on !patch@ 86 @rv depends on !patch@ 87 expression from,to,size; 87 expression from,to,size; 88 position p : script:python() { relevant(p) }; 88 position p : script:python() { relevant(p) }; 89 statement S1,S2; 89 statement S1,S2; 90 @@ 90 @@ 91 91 92 * to = \(kvmalloc@p\|kvzalloc@p\)(size,\(GFP_ 92 * to = \(kvmalloc@p\|kvzalloc@p\)(size,\(GFP_KERNEL\|GFP_USER\)); 93 if (to==NULL || ...) S1 93 if (to==NULL || ...) S1 94 if (copy_from_user(to, from, size) != 0) 94 if (copy_from_user(to, from, size) != 0) 95 S2 95 S2 96 96 97 @script:python depends on org@ 97 @script:python depends on org@ 98 p << r.p; 98 p << r.p; 99 @@ 99 @@ 100 100 101 coccilib.org.print_todo(p[0], "WARNING opportu 101 coccilib.org.print_todo(p[0], "WARNING opportunity for memdup_user") 102 102 103 @script:python depends on report@ 103 @script:python depends on report@ 104 p << r.p; 104 p << r.p; 105 @@ 105 @@ 106 106 107 coccilib.report.print_report(p[0], "WARNING op 107 coccilib.report.print_report(p[0], "WARNING opportunity for memdup_user") 108 108 109 @script:python depends on org@ 109 @script:python depends on org@ 110 p << rv.p; 110 p << rv.p; 111 @@ 111 @@ 112 112 113 coccilib.org.print_todo(p[0], "WARNING opportu 113 coccilib.org.print_todo(p[0], "WARNING opportunity for vmemdup_user") 114 114 115 @script:python depends on report@ 115 @script:python depends on report@ 116 p << rv.p; 116 p << rv.p; 117 @@ 117 @@ 118 118 119 coccilib.report.print_report(p[0], "WARNING op 119 coccilib.report.print_report(p[0], "WARNING opportunity for vmemdup_user")
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.