lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ZjkZBvuXlZAodPAU@wunner.de>
Date: Mon, 6 May 2024 19:53:10 +0200
From: Lukas Wunner <lukas@...ner.de>
To: Julia Lawall <Julia.Lawall@...ia.fr>,
	Nicolas Palix <nicolas.palix@...g.fr>
Cc: cocci@...ia.fr, linux-kernel@...r.kernel.org
Subject: coccinelle matching of identifiers

Dear coccinelle maintainers,

Linux kernel commit 5c6ca9d93665 ("X.509: Introduce scope-based
x509_certificate allocation"), which is queued for v6.10 in this repo ...

    https://git.kernel.org/herbert/cryptodev-2.6/c/5c6ca9d93665

.. triggers scripts/coccinelle/null/eno.cocci:

    ./crypto/asymmetric_keys/x509_cert_parser.c:69:9-15: ERROR: allocation function on line 68 returns NULL not ERR_PTR on failure
    ./fs/gfs2/inode.c:1850:6-12: ERROR: allocation function on line 1842 returns NULL not ERR_PTR on failure
    ./fs/smb/client/cifsfs.c:1186:6-12: ERROR: allocation function on line 1173 returns NULL not ERR_PTR on failure

The first of these three errors is newly introduced by the above-linked
commit, the other two already existed before.  All are false-positives.

I would like to silence the newly-introduced false-positive and have
attempted to do so using the small patch below.

However the result is that *only* the newly-introduced false-positive is
found and the other two are no longer found.  So the other way round than
what I'm aiming for.

I find this bewildering.  What am I doing wrong?

FWIW, coccinelle version is 1.1.1.

The newly introduced false-positive is triggered by the statement:

    assume(!IS_ERR(cert));

Which is a macro that expands to:

    do { if (!!IS_ERR(cert)) __builtin_unreachable(); } while(0);

The macro gives the compiler a hint that variable "cert" is not an error
pointer, which prevents the compiler from adding an unnecessary check
for that condition.

Thanks!

Lukas

-- >8 --

diff --git a/scripts/coccinelle/null/eno.cocci b/scripts/coccinelle/null/eno.cocci
index 7107d6c8db9e..79112d51bee8 100644
--- a/scripts/coccinelle/null/eno.cocci
+++ b/scripts/coccinelle/null/eno.cocci
@@ -26,10 +26,12 @@ x = \(kmalloc\|kzalloc\|kcalloc\|kmem_cache_alloc\|kmem_cache_zalloc\|kmem_cache
 @r depends on !patch exists@
 expression x,E;
 position p1,p2;
+identifier assume;
 @@
 
 *x = \(kmalloc@p1\|kzalloc@p1\|kcalloc@p1\|kmem_cache_alloc@p1\|kmem_cache_zalloc@p1\|kmem_cache_alloc_node@p1\|kmalloc_node@p1\|kzalloc_node@p1\)(...)
 ... when != x = E
+    when != assume
 * IS_ERR@p2(x)
 
 @script:python depends on org@

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ