memdup_user.cocci - cachepc-linux - Fork of AMDESE/linux with modifications for CachePC side-channel attack

	cachepc-linux Fork of AMDESE/linux with modifications for CachePC side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-linux
	Log \| Files \| Refs \| README \| LICENSE \| sfeed.txt
memdup_user.cocci (2645B)
      1// SPDX-License-Identifier: GPL-2.0-only
      2/// Use memdup_user rather than duplicating its implementation
      3/// This is a little bit restricted to reduce false positives
      4///
      5// Confidence: High
      6// Copyright: (C) 2010-2012 Nicolas Palix.
      7// Copyright: (C) 2010-2012 Julia Lawall, INRIA/LIP6.
      8// Copyright: (C) 2010-2012 Gilles Muller, INRIA/LiP6.
      9// URL: http://coccinelle.lip6.fr/
     10// Comments:
     11// Options: --no-includes --include-headers
     12
     13virtual patch
     14virtual context
     15virtual org
     16virtual report
     17
     18@initialize:python@
     19@@
     20filter = frozenset(['memdup_user', 'vmemdup_user'])
     21
     22def relevant(p):
     23    return not (filter & {el.current_element for el in p})
     24
     25@depends on patch@
     26expression from,to,size;
     27identifier l1,l2;
     28position p : script:python() { relevant(p) };
     29@@
     30
     31-  to = \(kmalloc@p\|kzalloc@p\)
     32-		(size,\(GFP_KERNEL\|GFP_USER\|
     33-		      \(GFP_KERNEL\|GFP_USER\)|__GFP_NOWARN\));
     34+  to = memdup_user(from,size);
     35   if (
     36-      to==NULL
     37+      IS_ERR(to)
     38                 || ...) {
     39   <+... when != goto l1;
     40-  -ENOMEM
     41+  PTR_ERR(to)
     42   ...+>
     43   }
     44-  if (copy_from_user(to, from, size) != 0) {
     45-    <+... when != goto l2;
     46-    -EFAULT
     47-    ...+>
     48-  }
     49
     50@depends on patch@
     51expression from,to,size;
     52identifier l1,l2;
     53position p : script:python() { relevant(p) };
     54@@
     55
     56-  to = \(kvmalloc@p\|kvzalloc@p\)(size,\(GFP_KERNEL\|GFP_USER\));
     57+  to = vmemdup_user(from,size);
     58   if (
     59-      to==NULL
     60+      IS_ERR(to)
     61                 || ...) {
     62   <+... when != goto l1;
     63-  -ENOMEM
     64+  PTR_ERR(to)
     65   ...+>
     66   }
     67-  if (copy_from_user(to, from, size) != 0) {
     68-    <+... when != goto l2;
     69-    -EFAULT
     70-    ...+>
     71-  }
     72
     73@r depends on !patch@
     74expression from,to,size;
     75position p : script:python() { relevant(p) };
     76statement S1,S2;
     77@@
     78
     79*  to = \(kmalloc@p\|kzalloc@p\)
     80		(size,\(GFP_KERNEL\|GFP_USER\|
     81		      \(GFP_KERNEL\|GFP_USER\)|__GFP_NOWARN\));
     82   if (to==NULL || ...) S1
     83   if (copy_from_user(to, from, size) != 0)
     84   S2
     85
     86@rv depends on !patch@
     87expression from,to,size;
     88position p : script:python() { relevant(p) };
     89statement S1,S2;
     90@@
     91
     92*  to = \(kvmalloc@p\|kvzalloc@p\)(size,\(GFP_KERNEL\|GFP_USER\));
     93   if (to==NULL || ...) S1
     94   if (copy_from_user(to, from, size) != 0)
     95   S2
     96
     97@script:python depends on org@
     98p << r.p;
     99@@
    100
    101coccilib.org.print_todo(p[0], "WARNING opportunity for memdup_user")
    102
    103@script:python depends on report@
    104p << r.p;
    105@@
    106
    107coccilib.report.print_report(p[0], "WARNING opportunity for memdup_user")
    108
    109@script:python depends on org@
    110p << rv.p;
    111@@
    112
    113coccilib.org.print_todo(p[0], "WARNING opportunity for vmemdup_user")
    114
    115@script:python depends on report@
    116p << rv.p;
    117@@
    118
    119coccilib.report.print_report(p[0], "WARNING opportunity for vmemdup_user")