lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <c3464cad-e567-9ef5-b4e3-a01e3b11120b@web.de>
Date:   Mon, 8 Jun 2020 19:20:38 +0200
From:   Markus Elfring <Markus.Elfring@....de>
To:     Denis Efremov <efremov@...ux.com>,
        Gilles Muller <Gilles.Muller@...6.fr>,
        Julia Lawall <Julia.Lawall@...6.fr>,
        Masahiro Yamada <yamada.masahiro@...ionext.com>,
        Michal Marek <michal.lkml@...kovi.net>,
        Nicolas Palix <nicolas.palix@...g.fr>
Cc:     kernel-janitors@...r.kernel.org,
        Coccinelle <cocci@...teme.lip6.fr>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 1/4] coccinelle: api: extend memdup_user transformation
 with GFP_USER

> Match GFP_USER and optional __GFP_NOWARN allocations with
> memdup_user.cocci rule.

You suggest another interesting software extension.


…
> +++ b/scripts/coccinelle/api/memdup_user.cocci
> @@ -20,7 +20,9 @@ expression from,to,size;
>  identifier l1,l2;
> @@
>
> --  to = \(kmalloc\|kzalloc\)(size,GFP_KERNEL);
> +-  to = \(kmalloc\|kzalloc\)
> +		(size,\(GFP_KERNEL\|GFP_USER\|
> +		      \(GFP_KERNEL\|GFP_USER\)|__GFP_NOWARN\));
>  +  to = memdup_user(from,size);

But I find the proposed change for such SmPL code inappropriate.

It was specified by the means of the semantic patch language
to replace an assignment statement for which a function call provides a value.
I would interpret your adjustment in the way that an expression list
should be preserved.
Were two minus characters forgotten for the first SmPL rule?

Further concerns should be taken into account for the SmPL rule “r”.

I would appreciate if the clarification will be continued also for
the topic “Safer source code analysis by "memdup_user.cocci"”?
https://github.com/coccinelle/coccinelle/issues/78

Regards,
Markus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ