Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp1916600ybh; Fri, 17 Jul 2020 04:58:22 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzehBtouMeojn9JYN5/I68tmhLEveuWgvIWXU/Ro42OGjRyUufeuk3kwO/Uk+FgGVFxTAKj X-Received: by 2002:a05:6402:2065:: with SMTP id bd5mr8598003edb.67.1594987102190; Fri, 17 Jul 2020 04:58:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1594987102; cv=none; d=google.com; s=arc-20160816; b=BdZvxDR/LTec7NJdRzGKEQSWvqAJjOEbcysxDplyi0249gWudOanzaM5vD1zf0L/WL twUDOMo1ThnVTXZ8hZpmMY/KjDGbRbGoPCVBnbYS/XKF6ZXWR90HMpNStOnoaFjYRDbM hSLE7N0vkIdED6t8PV52bdT9G2qKUZftFTllZEWB28Bjs/T8M6oY2Na4dddKUNIgO/SJ eCvN9zN59Eq3UrYjvYF2Q/aRCn2eEBqI6H+pjk2v+dWHhohM5TO0GFXLUynIkpwSOqoF bXFeAPHmg3awnhbWX6Bu1KgRlssYHD5gJknqEGO0rQ6iycbAaKOw4XhZlmjt8opw5XtX 4y0Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=5ubfBDdW2++j5eaV9mb0eIDuZD4NKThyxipf8VY2yx0=; b=s1iWhPYaIFaF4SIYj+A3LEJ3iugc8Y4t7YPZ3p2q9HOm1EttHg9/YbmB/jjSw1Oy9Z NCCYcObcXr71AWpu3j84XPxAqdx4J63D8GsRXxRpFpHELqrijBBAIGQlVCwP7IA7Jzm+ qZO08TpY+jD78AIetHaZ57eBAA8Ukp7lx9QDQoO0icXRqkWYZRyLH9ddQAL0LkjEc0bq 3PoKwaOAF7ZcyeZZbR5Kk8H2CDTEBxWuPxJlF5DMDCs+6DkrZr5DsAOI/rmZjFimtE5Z keOtoislikotgew5tEpo+0d0wc0qiKaINqEo915xQdX8RykpJe+3+XcLsZbrQqw455Qt kg+A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id di16si5021675edb.397.2020.07.17.04.57.59; Fri, 17 Jul 2020 04:58:22 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726442AbgGQL5u (ORCPT + 99 others); Fri, 17 Jul 2020 07:57:50 -0400 Received: from mail-lj1-f174.google.com ([209.85.208.174]:39142 "EHLO mail-lj1-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726040AbgGQL5u (ORCPT ); Fri, 17 Jul 2020 07:57:50 -0400 Received: by mail-lj1-f174.google.com with SMTP id b25so12253739ljp.6 for ; Fri, 17 Jul 2020 04:57:48 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=5ubfBDdW2++j5eaV9mb0eIDuZD4NKThyxipf8VY2yx0=; b=bcmjjTJtk0bG0o2iBrbQLkc0frX/c5bPvAovtp5Y3ixImnPjnIOusDN6snhOtXLXHR ycTzSSRt4LdsgY55idAVa6+/45fAoX/D6NoR4l4U5M2OHU1xb30L/1CHyGwD/lX2Ljqt u7knQpGdkx0MwCBTVMJW5iV2TUVNeG2EO/3qnubudbBd5YClNhoTEAtx+d/kdnuOYGsq dobTDFtFD39MrK1Xil85pQmnVjbFNGZEG6vz/oyXp4W2yD/uO0/p10amxJ4dD7jSrbUW f/B3fL/KvlHZ649Nq0CZzSJ23Cm370BdjiNuD4UxdgYQ06Ck/mID3NCJ35jdn/+PZ+iR jcbw== X-Gm-Message-State: AOAM531rY0cBc7cwMaXWE+BU/Dqtw+N47WkFpwEh7jwfhypI1pVz4QEP FZGPH5zie1YFmmQ60nGkEi8= X-Received: by 2002:a05:651c:1106:: with SMTP id d6mr4220363ljo.214.1594987067436; Fri, 17 Jul 2020 04:57:47 -0700 (PDT) Received: from localhost.localdomain (broadband-37-110-38-130.ip.moscow.rt.ru. [37.110.38.130]) by smtp.googlemail.com with ESMTPSA id f13sm1843100lfs.29.2020.07.17.04.57.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 17 Jul 2020 04:57:46 -0700 (PDT) From: Denis Efremov To: Julia Lawall Cc: Denis Efremov , cocci@systeme.lip6.fr, linux-kernel@vger.kernel.org Subject: [PATCH v4] coccinelle: api: add kzfree script Date: Fri, 17 Jul 2020 14:57:09 +0300 Message-Id: <20200717115709.543882-1-efremov@linux.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200604140805.111613-1-efremov@linux.com> References: <20200604140805.111613-1-efremov@linux.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Check for memset()/memzero_explicit() followed by kfree()/vfree()/kvfree(). Signed-off-by: Denis Efremov --- Changes in v2: - memset_explicit() added - kvfree_sensitive() added - forall added to r1 - ... between memset and kfree added Changes in v3: - Explicit filter for definitions instead of !(file in "...") conditions - type T added to match casts - memzero_explicit() patterns fixed - additional rule "cond" added to filter false-positives Changes in v4: - memset call fixed in rp_memset - @m added to rp_memset,rp_memzero rules scripts/coccinelle/api/kzfree.cocci | 101 ++++++++++++++++++++++++++++ 1 file changed, 101 insertions(+) create mode 100644 scripts/coccinelle/api/kzfree.cocci diff --git a/scripts/coccinelle/api/kzfree.cocci b/scripts/coccinelle/api/kzfree.cocci new file mode 100644 index 000000000000..33625bd7cec9 --- /dev/null +++ b/scripts/coccinelle/api/kzfree.cocci @@ -0,0 +1,101 @@ +// SPDX-License-Identifier: GPL-2.0-only +/// +/// Use kzfree, kvfree_sensitive rather than memset or +/// memzero_explicit followed by kfree +/// +// Confidence: High +// Copyright: (C) 2020 Denis Efremov ISPRAS +// Options: --no-includes --include-headers +// +// Keywords: kzfree, kvfree_sensitive +// + +virtual context +virtual patch +virtual org +virtual report + +@initialize:python@ +@@ +# kmalloc_oob_in_memset uses memset to explicitly trigger out-of-bounds access +filter = frozenset(['kmalloc_oob_in_memset', 'kzfree', 'kvfree_sensitive']) + +def relevant(p): + return not (filter & {el.current_element for el in p}) + +@cond@ +position ok; +@@ + +if (...) + \(memset@ok\|memzero_explicit@ok\)(...); + +@r depends on !patch forall@ +expression E; +position p : script:python() { relevant(p) }; +position m != cond.ok; +type T; +@@ + +( +* memset@m((T)E, 0, ...); +| +* memzero_explicit@m((T)E, ...); +) + ... when != E + when strict +* \(kfree\|vfree\|kvfree\)(E)@p; + +@rp_memzero depends on patch@ +expression E, size; +position p : script:python() { relevant(p) }; +position m != cond.ok; +type T; +@@ + +- memzero_explicit@m((T)E, size); + ... when != E + when strict +// TODO: uncomment when kfree_sensitive will be merged. +// Only this case is commented out because developers +// may not like patches like this since kzfree uses memset +// internally (not memzero_explicit). +//( +//- kfree(E)@p; +//+ kfree_sensitive(E); +//| +- \(vfree\|kvfree\)(E)@p; ++ kvfree_sensitive(E, size); +//) + +@rp_memset depends on patch@ +expression E, size; +position p : script:python() { relevant(p) }; +position m != cond.ok; +type T; +@@ + +- memset@m((T)E, 0, size); + ... when != E + when strict +( +- kfree(E)@p; ++ kzfree(E); +| +- \(vfree\|kvfree\)(E)@p; ++ kvfree_sensitive(E, size); +) + +@script:python depends on report@ +p << r.p; +@@ + +coccilib.report.print_report(p[0], + "WARNING: opportunity for kzfree/kvfree_sensitive") + +@script:python depends on org@ +p << r.p; +@@ + +coccilib.org.print_todo(p[0], + "WARNING: opportunity for kzfree/kvfree_sensitive") -- 2.26.2