lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 10 Oct 2018 13:45:17 -0700
From:   Joel Fernandes <joel@...lfernandes.org>
To:     Julia Lawall <julia.lawall@...6.fr>
Cc:     linux-kernel@...r.kernel.org,
        Gilles Muller <Gilles.Muller@...6.fr>,
        Nicolas Palix <nicolas.palix@...g.fr>,
        Michal Marek <michal.lkml@...kovi.net>, cocci@...teme.lip6.fr,
        Kees Cook <keescook@...omium.org>
Subject: Re: First coccinelle script, need some help.

On Wed, Oct 10, 2018 at 10:23:18PM +0200, Julia Lawall wrote:
> 
> 
> On Wed, 10 Oct 2018, Joel Fernandes wrote:
> 
> >
> > Hi!
> >
> > I am trying to determine if a function argument is used across the whole
> > kernel for a certain kernel function.
> >
> > I mustered up enough courage to write my first coccinelle script after a few
> > late nights of reading up about it :)
> >
> > Here is .cocci script. I am trying to find if address is used at all in any
> > possible definitions of pte_alloc():
> >
> > $ cat ~/pte_alloc.cocci
> > virtual report
> >
> > @pte_args depends on report@
> > identifier E1, E2;
> > type T1, T2;
> > position p;
> > @@
> >
> >  pte_alloc@p(T1 E1, T2 E2)
> >  {
> > ...
> > (
> > ...
> >  E2
> > ...
> > )
> > ...
> >  }
> 
> 
> In report mode, by default, the pattern has to match on all paths.  Also
> when you have ... before or after E2, there can be no occurrence of E2 in
> the code matched by the ...  So your rule requires that on every possible
> execution path through the function, there is exactly one occurrence of
> E2.
> 
> You can try the following instead:
> 
> virtual report
> 
> @pte_args depends on report exists@
> identifier E1, E2;
> type T1, T2;
> position p;
> @@
> 
>  pte_alloc@p(T1 E1, T2 E2)
>  {
>  ... when any
>  E2
>  ... when any
>  }

Thanks for the quick reply.
If I just add 'depends on report exists' to the rule, then my original
example works fine now. I did not need to add the 'when any'. Do you mind
taking my original simple test.c example and modify it and let me know under
what situation would it not work?

I even added address = 1 outside of the if block and it works fine, I see the
warning as I expect without 'when any' in pront of the "...".

struct page *pte_alloc(struct mm_struct *mm, unsigned long address)
{
	 address = 1;
         if (condition()) {
		 while (1) {
			address++;
		 }
                return NULL;
        }
}
virtual report
-----
For your reference, I included the .cocci script below again. This time with
the 'depends on report exists' in the rule:

@pte_args depends on report exists@
identifier E1, E2;
type T1, T2;
position p;
@@

 pte_alloc@p(T1 E1, T2 E2)
 {
...
 E2
...
 }

@script:python depends on report@
p << pte_args.p;
@@
coccilib.report.print_report(p[0], "WARNING: found definition of
pte_alloc_one with address used in the body")

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ