[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20230227202428.3657443-1-jacob.e.keller@intel.com>
Date: Mon, 27 Feb 2023 12:24:28 -0800
From: Jacob Keller <jacob.e.keller@...el.com>
To: Julia Lawall <Julia.Lawall@...6.fr>
Cc: Jacob Keller <jacob.e.keller@...el.com>,
Kees Cook <keescook@...omium.org>,
"Gustavo A . R . Silva" <gustavoars@...nel.org>,
cocci@...teme.lip6.fr, linux-kernel@...r.kernel.org
Subject: [PATCH] coccinelle: semantic patch to check for potential struct_size calls
include/linux/overflow.h includes helper macros intended for calculating
sizes of allocations. These macros prevent accidental overflow by
saturating at SIZE_MAX.
In general when calculating such sizes use of the macros is preferred. Add
a semantic patch which can detect code patterns which can be replaced by
struct_size.
Note that I set the confidence to medium because this patch doesn't make an
attempt to ensure that the relevant array is actually a flexible array. The
struct_size macro does specifically require a flexible array. In many cases
the detected code could be refactored to a flexible array, but this is not
always possible (such as if there are multiple over-allocations).
Signed-off-by: Jacob Keller <jacob.e.keller@...el.com>
Cc: Julia Lawall <Julia.Lawall@...6.fr>
Cc: Kees Cook <keescook@...omium.org>
Cc: Gustavo A. R. Silva <gustavoars@...nel.org>
Cc: cocci@...teme.lip6.fr
Cc: linux-kernel@...r.kernel.org
scripts/coccinelle/misc/struct_size.cocci | 74 +++++++++++++++++++++++
1 file changed, 74 insertions(+)
create mode 100644 scripts/coccinelle/misc/struct_size.cocci
diff --git a/scripts/coccinelle/misc/struct_size.cocci b/scripts/coccinelle/misc/struct_size.cocci
new file mode 100644
index 000000000000..4ede9586e3c6
--- /dev/null
+++ b/scripts/coccinelle/misc/struct_size.cocci
@@ -0,0 +1,74 @@
+// SPDX-License-Identifier: GPL-2.0-only
+///
+/// Check for code that could use struct_size().
+///
+// Confidence: Medium
+// Author: Jacob Keller <jacob.e.keller@...el.com>
+// Copyright: (C) 2023 Intel Corporation
+// Options: --no-includes --include-headers
+
+virtual patch
+virtual context
+virtual org
+virtual report
+
+// the overflow Kunit tests have some code which intentionally does not use
+// the macros, so we want to ignore this code when reporting potential
+// issues.
+@...rflow_tests@
+identifier f = overflow_size_helpers_test;
+@@
+
+f
+
+//----------------------------------------------------------
+// For context mode
+//----------------------------------------------------------
+
+@...ends on !overflow_tests && context@
+expression E1, E2;
+identifier m;
+@@
+(
+* (sizeof(*E1) + (E2 * sizeof(*E1->m)))
+)
+
+//----------------------------------------------------------
+// For patch mode
+//----------------------------------------------------------
+
+@...ends on !overflow_tests && patch@
+expression E1, E2;
+identifier m;
+@@
+(
+- (sizeof(*E1) + (E2 * sizeof(*E1->m)))
++ struct_size(E1, m, E2)
+)
+
+//----------------------------------------------------------
+// For org and report mode
+//----------------------------------------------------------
+
+@r depends on !overflow_tests && (org || report)@
+expression E1, E2;
+identifier m;
+position p;
+@@
+(
+ (sizeof(*E1)@p + (E2 * sizeof(*E1->m)))
+)
+
+@...ipt:python depends on org@
+p << r.p;
+@@
+
+coccilib.org.print_todo(p[0], "WARNING should use struct_size")
+
+@...ipt:python depends on report@
+p << r.p;
+@@
+
+msg="WARNING: Use struct_size"
+coccilib.report.print_report(p[0], msg)
+
base-commit: 982818426a0ffaf93b0621826ed39a84be3d7d62
--
2.39.1.405.gd4c25cc71f83
Powered by blists - more mailing lists