| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 8 Jun 2020 19:20:38 +0200
From: Markus Elfring <Markus.Elfring@....de>
To: Denis Efremov <efremov@...ux.com>,
Gilles Muller <Gilles.Muller@...6.fr>,
Julia Lawall <Julia.Lawall@...6.fr>,
Masahiro Yamada <yamada.masahiro@...ionext.com>,
Michal Marek <michal.lkml@...kovi.net>,
Nicolas Palix <nicolas.palix@...g.fr>
Cc: kernel-janitors@...r.kernel.org,
Coccinelle <cocci@...teme.lip6.fr>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 1/4] coccinelle: api: extend memdup_user transformation
with GFP_USER
> Match GFP_USER and optional __GFP_NOWARN allocations with
> memdup_user.cocci rule.
You suggest another interesting software extension.
…
> +++ b/scripts/coccinelle/api/memdup_user.cocci
> @@ -20,7 +20,9 @@ expression from,to,size;
> identifier l1,l2;
> @@
>
> -- to = \(kmalloc\|kzalloc\)(size,GFP_KERNEL);
> +- to = \(kmalloc\|kzalloc\)
> + (size,\(GFP_KERNEL\|GFP_USER\|
> + \(GFP_KERNEL\|GFP_USER\)|__GFP_NOWARN\));
> + to = memdup_user(from,size);
But I find the proposed change for such SmPL code inappropriate.
It was specified by the means of the semantic patch language
to replace an assignment statement for which a function call provides a value.
I would interpret your adjustment in the way that an expression list
should be preserved.
Were two minus characters forgotten for the first SmPL rule?
Further concerns should be taken into account for the SmPL rule “r”.
I would appreciate if the clarification will be continued also for
the topic “Safer source code analysis by "memdup_user.cocci"”?
https://github.com/coccinelle/coccinelle/issues/78
Regards,
Markus
Powered by blists - more mailing lists