^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) // SPDX-License-Identifier: GPL-2.0-only
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) /// Use memdup_user rather than duplicating its implementation
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) /// This is a little bit restricted to reduce false positives
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) ///
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) // Confidence: High
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) // Copyright: (C) 2010-2012 Nicolas Palix.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7) // Copyright: (C) 2010-2012 Julia Lawall, INRIA/LIP6.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) // Copyright: (C) 2010-2012 Gilles Muller, INRIA/LiP6.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) // URL: http://coccinelle.lip6.fr/
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) // Comments:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) // Options: --no-includes --include-headers
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) virtual patch
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) virtual context
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) virtual org
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) virtual report
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) @initialize:python@
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) @@
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) filter = frozenset(['memdup_user', 'vmemdup_user'])
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) def relevant(p):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) return not (filter & {el.current_element for el in p})
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) @depends on patch@
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) expression from,to,size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) identifier l1,l2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) position p : script:python() { relevant(p) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) @@
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) - to = \(kmalloc@p\|kzalloc@p\)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) - (size,\(GFP_KERNEL\|GFP_USER\|
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) - \(GFP_KERNEL\|GFP_USER\)|__GFP_NOWARN\));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) + to = memdup_user(from,size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) if (
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) - to==NULL
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) + IS_ERR(to)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) || ...) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) <+... when != goto l1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) - -ENOMEM
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) + PTR_ERR(to)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) ...+>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) - if (copy_from_user(to, from, size) != 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) - <+... when != goto l2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) - -EFAULT
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) - ...+>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) - }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) @depends on patch@
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) expression from,to,size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) identifier l1,l2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) position p : script:python() { relevant(p) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) @@
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) - to = \(kvmalloc@p\|kvzalloc@p\)(size,\(GFP_KERNEL\|GFP_USER\));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) + to = vmemdup_user(from,size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) if (
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) - to==NULL
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) + IS_ERR(to)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) || ...) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) <+... when != goto l1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) - -ENOMEM
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) + PTR_ERR(to)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) ...+>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) - if (copy_from_user(to, from, size) != 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68) - <+... when != goto l2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) - -EFAULT
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70) - ...+>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) - }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) @r depends on !patch@
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) expression from,to,size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) position p : script:python() { relevant(p) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) statement S1,S2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) @@
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) * to = \(kmalloc@p\|kzalloc@p\)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) (size,\(GFP_KERNEL\|GFP_USER\|
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) \(GFP_KERNEL\|GFP_USER\)|__GFP_NOWARN\));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) if (to==NULL || ...) S1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) if (copy_from_user(to, from, size) != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84) S2
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) @rv depends on !patch@
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87) expression from,to,size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88) position p : script:python() { relevant(p) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89) statement S1,S2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90) @@
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92) * to = \(kvmalloc@p\|kvzalloc@p\)(size,\(GFP_KERNEL\|GFP_USER\));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93) if (to==NULL || ...) S1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94) if (copy_from_user(to, from, size) != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95) S2
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97) @script:python depends on org@
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98) p << r.p;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99) @@
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) coccilib.org.print_todo(p[0], "WARNING opportunity for memdup_user")
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) @script:python depends on report@
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) p << r.p;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) @@
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) coccilib.report.print_report(p[0], "WARNING opportunity for memdup_user")
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) @script:python depends on org@
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) p << rv.p;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) @@
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) coccilib.org.print_todo(p[0], "WARNING opportunity for vmemdup_user")
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) @script:python depends on report@
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) p << rv.p;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) @@
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) coccilib.report.print_report(p[0], "WARNING opportunity for vmemdup_user")
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags