kfree_sensitive.cocci - cachepc-linux - Fork of AMDESE/linux with modifications for CachePC side-channel attack

	cachepc-linux Fork of AMDESE/linux with modifications for CachePC side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-linux
	Log \| Files \| Refs \| README \| LICENSE \| sfeed.txt

kfree_sensitive.cocci (1951B)

      1// SPDX-License-Identifier: GPL-2.0-only
      2///
      3/// Use kfree_sensitive, kvfree_sensitive rather than memset or
      4/// memzero_explicit followed by kfree.
      5///
      6// Confidence: High
      7// Copyright: (C) 2020 Denis Efremov ISPRAS
      8// Options: --no-includes --include-headers
      9//
     10// Keywords: kfree_sensitive, kvfree_sensitive
     11//
     12
     13virtual context
     14virtual patch
     15virtual org
     16virtual report
     17
     18@initialize:python@
     19@@
     20# kmalloc_oob_in_memset uses memset to explicitly trigger out-of-bounds access
     21filter = frozenset(['kmalloc_oob_in_memset',
     22		    'kfree_sensitive', 'kvfree_sensitive'])
     23
     24def relevant(p):
     25    return not (filter & {el.current_element for el in p})
     26
     27@cond@
     28position ok;
     29@@
     30
     31if (...)
     32  \(memset@ok\|memzero_explicit@ok\)(...);
     33
     34@r depends on !patch forall@
     35expression E;
     36position p : script:python() { relevant(p) };
     37position m != cond.ok;
     38type T;
     39@@
     40
     41(
     42* memset@m((T)E, 0, ...);
     43|
     44* memzero_explicit@m((T)E, ...);
     45)
     46  ... when != E
     47      when strict
     48* \(kfree\|vfree\|kvfree\)(E)@p;
     49
     50@rp_memzero depends on patch@
     51expression E, size;
     52position p : script:python() { relevant(p) };
     53position m != cond.ok;
     54type T;
     55@@
     56
     57- memzero_explicit@m((T)E, size);
     58  ... when != E
     59      when strict
     60(
     61- kfree(E)@p;
     62+ kfree_sensitive(E);
     63|
     64- \(vfree\|kvfree\)(E)@p;
     65+ kvfree_sensitive(E, size);
     66)
     67
     68@rp_memset depends on patch@
     69expression E, size;
     70position p : script:python() { relevant(p) };
     71position m != cond.ok;
     72type T;
     73@@
     74
     75- memset@m((T)E, 0, size);
     76  ... when != E
     77      when strict
     78(
     79- kfree(E)@p;
     80+ kfree_sensitive(E);
     81|
     82- \(vfree\|kvfree\)(E)@p;
     83+ kvfree_sensitive(E, size);
     84)
     85
     86@script:python depends on report@
     87p << r.p;
     88m << r.m;
     89@@
     90
     91msg = "WARNING opportunity for kfree_sensitive/kvfree_sensitive (memset at line %s)"
     92coccilib.report.print_report(p[0], msg % (m[0].line))
     93
     94@script:python depends on org@
     95p << r.p;
     96m << r.m;
     97@@
     98
     99msg = "WARNING opportunity for kfree_sensitive/kvfree_sensitive (memset at line %s)"
    100coccilib.org.print_todo(p[0], msg % (m[0].line))