xref: /OK3568_Linux_fs/kernel/scripts/coccinelle/api/memdup_user.cocci (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1*4882a593Smuzhiyun// SPDX-License-Identifier: GPL-2.0-only
2*4882a593Smuzhiyun/// Use memdup_user rather than duplicating its implementation
3*4882a593Smuzhiyun/// This is a little bit restricted to reduce false positives
4*4882a593Smuzhiyun///
5*4882a593Smuzhiyun// Confidence: High
6*4882a593Smuzhiyun// Copyright: (C) 2010-2012 Nicolas Palix.
7*4882a593Smuzhiyun// Copyright: (C) 2010-2012 Julia Lawall, INRIA/LIP6.
8*4882a593Smuzhiyun// Copyright: (C) 2010-2012 Gilles Muller, INRIA/LiP6.
9*4882a593Smuzhiyun// URL: http://coccinelle.lip6.fr/
10*4882a593Smuzhiyun// Comments:
11*4882a593Smuzhiyun// Options: --no-includes --include-headers
12*4882a593Smuzhiyun
13*4882a593Smuzhiyunvirtual patch
14*4882a593Smuzhiyunvirtual context
15*4882a593Smuzhiyunvirtual org
16*4882a593Smuzhiyunvirtual report
17*4882a593Smuzhiyun
18*4882a593Smuzhiyun@initialize:python@
19*4882a593Smuzhiyun@@
20*4882a593Smuzhiyunfilter = frozenset(['memdup_user', 'vmemdup_user'])
21*4882a593Smuzhiyun
22*4882a593Smuzhiyundef relevant(p):
23*4882a593Smuzhiyun    return not (filter & {el.current_element for el in p})
24*4882a593Smuzhiyun
25*4882a593Smuzhiyun@depends on patch@
26*4882a593Smuzhiyunexpression from,to,size;
27*4882a593Smuzhiyunidentifier l1,l2;
28*4882a593Smuzhiyunposition p : script:python() { relevant(p) };
29*4882a593Smuzhiyun@@
30*4882a593Smuzhiyun
31*4882a593Smuzhiyun-  to = \(kmalloc@p\|kzalloc@p\)
32*4882a593Smuzhiyun-		(size,\(GFP_KERNEL\|GFP_USER\|
33*4882a593Smuzhiyun-		      \(GFP_KERNEL\|GFP_USER\)|__GFP_NOWARN\));
34*4882a593Smuzhiyun+  to = memdup_user(from,size);
35*4882a593Smuzhiyun   if (
36*4882a593Smuzhiyun-      to==NULL
37*4882a593Smuzhiyun+      IS_ERR(to)
38*4882a593Smuzhiyun                 || ...) {
39*4882a593Smuzhiyun   <+... when != goto l1;
40*4882a593Smuzhiyun-  -ENOMEM
41*4882a593Smuzhiyun+  PTR_ERR(to)
42*4882a593Smuzhiyun   ...+>
43*4882a593Smuzhiyun   }
44*4882a593Smuzhiyun-  if (copy_from_user(to, from, size) != 0) {
45*4882a593Smuzhiyun-    <+... when != goto l2;
46*4882a593Smuzhiyun-    -EFAULT
47*4882a593Smuzhiyun-    ...+>
48*4882a593Smuzhiyun-  }
49*4882a593Smuzhiyun
50*4882a593Smuzhiyun@depends on patch@
51*4882a593Smuzhiyunexpression from,to,size;
52*4882a593Smuzhiyunidentifier l1,l2;
53*4882a593Smuzhiyunposition p : script:python() { relevant(p) };
54*4882a593Smuzhiyun@@
55*4882a593Smuzhiyun
56*4882a593Smuzhiyun-  to = \(kvmalloc@p\|kvzalloc@p\)(size,\(GFP_KERNEL\|GFP_USER\));
57*4882a593Smuzhiyun+  to = vmemdup_user(from,size);
58*4882a593Smuzhiyun   if (
59*4882a593Smuzhiyun-      to==NULL
60*4882a593Smuzhiyun+      IS_ERR(to)
61*4882a593Smuzhiyun                 || ...) {
62*4882a593Smuzhiyun   <+... when != goto l1;
63*4882a593Smuzhiyun-  -ENOMEM
64*4882a593Smuzhiyun+  PTR_ERR(to)
65*4882a593Smuzhiyun   ...+>
66*4882a593Smuzhiyun   }
67*4882a593Smuzhiyun-  if (copy_from_user(to, from, size) != 0) {
68*4882a593Smuzhiyun-    <+... when != goto l2;
69*4882a593Smuzhiyun-    -EFAULT
70*4882a593Smuzhiyun-    ...+>
71*4882a593Smuzhiyun-  }
72*4882a593Smuzhiyun
73*4882a593Smuzhiyun@r depends on !patch@
74*4882a593Smuzhiyunexpression from,to,size;
75*4882a593Smuzhiyunposition p : script:python() { relevant(p) };
76*4882a593Smuzhiyunstatement S1,S2;
77*4882a593Smuzhiyun@@
78*4882a593Smuzhiyun
79*4882a593Smuzhiyun*  to = \(kmalloc@p\|kzalloc@p\)
80*4882a593Smuzhiyun		(size,\(GFP_KERNEL\|GFP_USER\|
81*4882a593Smuzhiyun		      \(GFP_KERNEL\|GFP_USER\)|__GFP_NOWARN\));
82*4882a593Smuzhiyun   if (to==NULL || ...) S1
83*4882a593Smuzhiyun   if (copy_from_user(to, from, size) != 0)
84*4882a593Smuzhiyun   S2
85*4882a593Smuzhiyun
86*4882a593Smuzhiyun@rv depends on !patch@
87*4882a593Smuzhiyunexpression from,to,size;
88*4882a593Smuzhiyunposition p : script:python() { relevant(p) };
89*4882a593Smuzhiyunstatement S1,S2;
90*4882a593Smuzhiyun@@
91*4882a593Smuzhiyun
92*4882a593Smuzhiyun*  to = \(kvmalloc@p\|kvzalloc@p\)(size,\(GFP_KERNEL\|GFP_USER\));
93*4882a593Smuzhiyun   if (to==NULL || ...) S1
94*4882a593Smuzhiyun   if (copy_from_user(to, from, size) != 0)
95*4882a593Smuzhiyun   S2
96*4882a593Smuzhiyun
97*4882a593Smuzhiyun@script:python depends on org@
98*4882a593Smuzhiyunp << r.p;
99*4882a593Smuzhiyun@@
100*4882a593Smuzhiyun
101*4882a593Smuzhiyuncoccilib.org.print_todo(p[0], "WARNING opportunity for memdup_user")
102*4882a593Smuzhiyun
103*4882a593Smuzhiyun@script:python depends on report@
104*4882a593Smuzhiyunp << r.p;
105*4882a593Smuzhiyun@@
106*4882a593Smuzhiyun
107*4882a593Smuzhiyuncoccilib.report.print_report(p[0], "WARNING opportunity for memdup_user")
108*4882a593Smuzhiyun
109*4882a593Smuzhiyun@script:python depends on org@
110*4882a593Smuzhiyunp << rv.p;
111*4882a593Smuzhiyun@@
112*4882a593Smuzhiyun
113*4882a593Smuzhiyuncoccilib.org.print_todo(p[0], "WARNING opportunity for vmemdup_user")
114*4882a593Smuzhiyun
115*4882a593Smuzhiyun@script:python depends on report@
116*4882a593Smuzhiyunp << rv.p;
117*4882a593Smuzhiyun@@
118*4882a593Smuzhiyun
119*4882a593Smuzhiyuncoccilib.report.print_report(p[0], "WARNING opportunity for vmemdup_user")
120