lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 13 Sep 2020 09:15:04 +0300 From: Denis Efremov <efremov@...ux.com> To: Julia Lawall <julia.lawall@...ia.fr> Cc: cocci@...teme.lip6.fr, linux-kernel@...r.kernel.org, Kees Cook <keescook@...omium.org>, "Gustavo A . R . Silva" <gustavoars@...nel.org> Subject: Re: [PATCH v2] coccinelle: misc: add flexible_array.cocci script Hi, On 9/12/20 5:43 PM, Julia Lawall wrote: > > > On Mon, 10 Aug 2020, Denis Efremov wrote: > >> Commit 68e4cd17e218 ("docs: deprecated.rst: Add zero-length and one-element >> arrays") marks one-element and zero-length arrays as deprecated. Kernel >> code should always use "flexible array members" instead. >> >> The script warns about one-element and zero-length arrays in structs. >> >> Cc: Kees Cook <keescook@...omium.org> >> Cc: Gustavo A. R. Silva <gustavoars@...nel.org> >> Signed-off-by: Denis Efremov <efremov@...ux.com> >> --- >> Changes in v2: >> - all uapi headers are now filtered-out. Unfortunately, coccinelle >> doesn't provide structure names in Location.current_element. >> For structures the field is always "something_else". Thus, there is >> no easy way to create a list of existing structures in uapi headers >> and suppress the warning only for them, but not for the newly added >> uapi structures. >> - The pattern doesn't require 2+ fields in a structure/union anymore. >> Now it also checks single field structures/unions. >> - The pattern simplified and now uses disjuction in array elements >> (Thanks, Markus) >> - Unions are removed from patch mode >> - one-element arrays are removed from patch mode. Correct patch may >> involve turning the array to a simple field instead of a flexible >> array. >> >> On the current master branch, the rule generates: >> - context: https://gist.github.com/evdenis/e2b4323491f9eff35376372df07f723c >> - patch: https://gist.github.com/evdenis/46081da9d68ecefd07edc3769cebcf32 >> >> scripts/coccinelle/misc/flexible_array.cocci | 88 ++++++++++++++++++++ >> 1 file changed, 88 insertions(+) >> create mode 100644 scripts/coccinelle/misc/flexible_array.cocci >> >> diff --git a/scripts/coccinelle/misc/flexible_array.cocci b/scripts/coccinelle/misc/flexible_array.cocci >> new file mode 100644 >> index 000000000000..bf6dcda1783e >> --- /dev/null >> +++ b/scripts/coccinelle/misc/flexible_array.cocci >> @@ -0,0 +1,88 @@ >> +// SPDX-License-Identifier: GPL-2.0-only >> +/// >> +/// Zero-length and one-element arrays are deprecated, see >> +/// Documentation/process/deprecated.rst >> +/// Flexible-array members should be used instead. >> +/// >> +// >> +// Confidence: High >> +// Copyright: (C) 2020 Denis Efremov ISPRAS. >> +// Comments: >> +// Options: --no-includes --include-headers >> + >> +virtual context >> +virtual report >> +virtual org >> +virtual patch >> + >> +@...tialize:python@ >> +@@ >> +def relevant(positions): >> + for p in positions: >> + if "uapi" in p.file: >> + return False >> + return True >> + >> +@r depends on !patch@ >> +identifier name, array; >> +type T; >> +position p : script:python() { relevant(p) }; >> +@@ >> + >> +( >> + struct name { >> + ... >> +* T array@p[\(0\|1\)]; >> + }; >> +| >> + struct { >> + ... >> +* T array@p[\(0\|1\)]; >> + }; >> +| >> + union name { >> + ... >> +* T array@p[\(0\|1\)]; >> + }; >> +| >> + union { >> + ... >> +* T array@p[\(0\|1\)]; >> + }; >> +) >> + >> +@...ends on patch exists@ > > exists is not necessary here. There are not multiple control-flow paths > through a structure declaration. > >> +identifier name, array; >> +type T; >> +position p : script:python() { relevant(p) }; >> +@@ >> + >> +( >> + struct name { >> + ... >> + T array@p[ >> +- 0 >> + ]; >> + }; >> +| >> + struct { >> + ... >> + T array@p[ >> +- 0 >> + ]; >> + }; >> +) >> + >> +@...ipt: python depends on report@ >> +p << r.p; >> +@@ >> + >> +msg = "WARNING: use flexible-array member instead" >> +coccilib.report.print_report(p[0], msg) >> + >> +@...ipt: python depends on org@ >> +p << r.p; >> +@@ >> + >> +msg = "WARNING: use flexible-array member instead" >> +coccilib.org.print_todo(p, msg) > > This should be coccilib.org.print_todo(p[0], msg) > Thanks, I will send v3 with fixes and proper links to online documentation. Regards, Denis
Powered by blists - more mailing lists