Received: by 2002:a25:683:0:0:0:0:0 with SMTP id 125csp2819984ybg; Sat, 6 Jun 2020 02:32:30 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxCDTgFlxH1EyPZxjuAsZySb95yOa6SbPg8jTafUd99MwbDQ36rhoUUyIMKSjWn/gvWBTcU X-Received: by 2002:a50:cc85:: with SMTP id q5mr12551191edi.62.1591435950688; Sat, 06 Jun 2020 02:32:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1591435950; cv=none; d=google.com; s=arc-20160816; b=zjVVsOTL2UoAjmx1oP8kVxHcJJEPIcTBgK0nQgstD4td4TVKZ3u6a2yeTTjRPgrjeM HEGM+KTLnSpxEk5GPE+2rI+64kAznEtU1npXyKF8qhvM2lb6KqZgDjqYcxHQvYnmJ3TZ k5h2Qq3pABhWoOqxZ9sTa8VIKYK28p8/4udSrGUgy17yFFVqDULGxcbBGge6sK7F3d5j xrSgSFgYMok+gPH/Uihr3bOYzv9Jm9w4FgO2y48tQ2skrqwg8+YY/AZtII4q5tIahyZ0 xvH+wjLMa7+8aCukBliTNvQ5xR3C46gu8ejOLE7dQ0E2Ef62EOAjCst97ix65r54NKHX WDeA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date; bh=/xZnkGFCm0Gk5/fcKiWFjZ90mLj73/IV15Gt7TPd7SE=; b=tAu+3nPFD4jt441gubKu1KVjHtBpi455OnQ8qzQpAbrcM6blyCLAUK8Z1yULuhN4kN G74ilQUMdgheSasZKblvZBGdAcsJkuwcCDz0ANRSVfb7O9/2t10lXZFVXbChkL52lH/5 bl5JLBjIm8ksUph5kAmWwVg69k28qHky3m32ng7VRYAwUu02Gngz8RmUQVsmbEcUMlsa WHfbOdRy9J36PMvt+kYmT/4pTOO7FNsrIR6+Qbl8JD6KfI4PvGTGRAgKRnWvLSsCi5zy lG3a2TlJ6cEPj5TlxD6J0yhtQ/3H4waOPrK4SeJ/D5POgiCQ6eceurCkjQQKCdVJ5GL/ o0Jg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id vr3si5012287ejb.520.2020.06.06.02.32.06; Sat, 06 Jun 2020 02:32:30 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728668AbgFFJ2C (ORCPT + 99 others); Sat, 6 Jun 2020 05:28:02 -0400 Received: from mail3-relais-sop.national.inria.fr ([192.134.164.104]:24974 "EHLO mail3-relais-sop.national.inria.fr" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725283AbgFFJ2C (ORCPT ); Sat, 6 Jun 2020 05:28:02 -0400 X-IronPort-AV: E=Sophos;i="5.73,479,1583190000"; d="scan'208";a="350763717" Received: from abo-173-121-68.mrs.modulonet.fr (HELO hadrien) ([85.68.121.173]) by mail3-relais-sop.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 06 Jun 2020 11:27:59 +0200 Date: Sat, 6 Jun 2020 11:27:59 +0200 (CEST) From: Julia Lawall X-X-Sender: jll@hadrien To: Denis Efremov cc: Joe Perches , cocci@systeme.lip6.fr, linux-kernel@vger.kernel.org Subject: Re: [Cocci] [PATCH 2/2] Coccinelle: extend memdup_user rule with vmemdup_user() In-Reply-To: <20200530205348.5812-3-efremov@linux.com> Message-ID: References: <20200530205348.5812-1-efremov@linux.com> <20200530205348.5812-3-efremov@linux.com> User-Agent: Alpine 2.21 (DEB 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, 30 May 2020, Denis Efremov wrote: > Add vmemdup_user() transformations to the memdup_user.cocci rule. > Commit 50fd2f298bef ("new primitive: vmemdup_user()") introduced > vmemdup_user(). The function uses kvmalloc with GPF_USER flag. > > Signed-off-by: Denis Efremov > --- > scripts/coccinelle/api/memdup_user.cocci | 49 +++++++++++++++++++++++- > 1 file changed, 47 insertions(+), 2 deletions(-) > > diff --git a/scripts/coccinelle/api/memdup_user.cocci b/scripts/coccinelle/api/memdup_user.cocci > index 49f487e6a5c8..a50def35136e 100644 > --- a/scripts/coccinelle/api/memdup_user.cocci > +++ b/scripts/coccinelle/api/memdup_user.cocci > @@ -37,6 +37,28 @@ identifier l1,l2; > - ...+> > - } > > +@depends on patch@ > +expression from,to,size; > +identifier l1,l2; > +@@ > + > +- to = \(kvmalloc\|kvzalloc\)(size,\(GFP_KERNEL\|GFP_USER\)); > ++ to = vmemdup_user(from,size); > + if ( > +- to==NULL > ++ IS_ERR(to) > + || ...) { > + <+... when != goto l1; > +- -ENOMEM > ++ PTR_ERR(to) > + ...+> > + } > +- if (copy_from_user(to, from, size) != 0) { > +- <+... when != goto l2; > +- -EFAULT > +- ...+> > +- } > + This could protect against modifying vmemdup_user. Probably the original rule should protect against modifying memdup_user as well. julia > @r depends on !patch@ > expression from,to,size; > position p; > @@ -48,14 +70,37 @@ statement S1,S2; > if (copy_from_user(to, from, size) != 0) > S2 > > -@script:python depends on org@ > +@rv depends on !patch@ > +expression from,to,size; > +position p; > +statement S1,S2; > +@@ > + > +* to = \(kvmalloc@p\|kvzalloc@p\)(size,\(GFP_KERNEL\|GFP_USER\)); > + if (to==NULL || ...) S1 > + if (copy_from_user(to, from, size) != 0) > + S2 > + > +@script:python depends on org && r@ > p << r.p; > @@ > > coccilib.org.print_todo(p[0], "WARNING opportunity for memdup_user") > > -@script:python depends on report@ > +@script:python depends on report && r@ > p << r.p; > @@ > > coccilib.report.print_report(p[0], "WARNING opportunity for memdup_user") > + > +@script:python depends on org && rv@ > +p << rv.p; > +@@ > + > +coccilib.org.print_todo(p[0], "WARNING opportunity for vmemdup_user") > + > +@script:python depends on report && rv@ > +p << rv.p; > +@@ > + > +coccilib.report.print_report(p[0], "WARNING opportunity for vmemdup_user") > -- > 2.26.2 > > _______________________________________________ > Cocci mailing list > Cocci@systeme.lip6.fr > https://systeme.lip6.fr/mailman/listinfo/cocci >