162306a36Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0-only 262306a36Sopenharmony_ci/// Use memdup_user rather than duplicating its implementation 362306a36Sopenharmony_ci/// This is a little bit restricted to reduce false positives 462306a36Sopenharmony_ci/// 562306a36Sopenharmony_ci// Confidence: High 662306a36Sopenharmony_ci// Copyright: (C) 2010-2012 Nicolas Palix. 762306a36Sopenharmony_ci// Copyright: (C) 2010-2012 Julia Lawall, INRIA/LIP6. 862306a36Sopenharmony_ci// Copyright: (C) 2010-2012 Gilles Muller, INRIA/LiP6. 962306a36Sopenharmony_ci// URL: https://coccinelle.gitlabpages.inria.fr/website 1062306a36Sopenharmony_ci// Comments: 1162306a36Sopenharmony_ci// Options: --no-includes --include-headers 1262306a36Sopenharmony_ci 1362306a36Sopenharmony_civirtual patch 1462306a36Sopenharmony_civirtual context 1562306a36Sopenharmony_civirtual org 1662306a36Sopenharmony_civirtual report 1762306a36Sopenharmony_ci 1862306a36Sopenharmony_ci@initialize:python@ 1962306a36Sopenharmony_ci@@ 2062306a36Sopenharmony_cifilter = frozenset(['memdup_user', 'vmemdup_user']) 2162306a36Sopenharmony_ci 2262306a36Sopenharmony_cidef relevant(p): 2362306a36Sopenharmony_ci return not (filter & {el.current_element for el in p}) 2462306a36Sopenharmony_ci 2562306a36Sopenharmony_ci@depends on patch@ 2662306a36Sopenharmony_ciexpression from,to,size; 2762306a36Sopenharmony_ciidentifier l1,l2; 2862306a36Sopenharmony_ciposition p : script:python() { relevant(p) }; 2962306a36Sopenharmony_ci@@ 3062306a36Sopenharmony_ci 3162306a36Sopenharmony_ci- to = \(kmalloc@p\|kzalloc@p\) 3262306a36Sopenharmony_ci- (size,\(GFP_KERNEL\|GFP_USER\| 3362306a36Sopenharmony_ci- \(GFP_KERNEL\|GFP_USER\)|__GFP_NOWARN\)); 3462306a36Sopenharmony_ci+ to = memdup_user(from,size); 3562306a36Sopenharmony_ci if ( 3662306a36Sopenharmony_ci- to==NULL 3762306a36Sopenharmony_ci+ IS_ERR(to) 3862306a36Sopenharmony_ci || ...) { 3962306a36Sopenharmony_ci <+... when != goto l1; 4062306a36Sopenharmony_ci- -ENOMEM 4162306a36Sopenharmony_ci+ PTR_ERR(to) 4262306a36Sopenharmony_ci ...+> 4362306a36Sopenharmony_ci } 4462306a36Sopenharmony_ci- if (copy_from_user(to, from, size) != 0) { 4562306a36Sopenharmony_ci- <+... when != goto l2; 4662306a36Sopenharmony_ci- -EFAULT 4762306a36Sopenharmony_ci- ...+> 4862306a36Sopenharmony_ci- } 4962306a36Sopenharmony_ci 5062306a36Sopenharmony_ci@depends on patch@ 5162306a36Sopenharmony_ciexpression from,to,size; 5262306a36Sopenharmony_ciidentifier l1,l2; 5362306a36Sopenharmony_ciposition p : script:python() { relevant(p) }; 5462306a36Sopenharmony_ci@@ 5562306a36Sopenharmony_ci 5662306a36Sopenharmony_ci- to = \(kvmalloc@p\|kvzalloc@p\)(size,\(GFP_KERNEL\|GFP_USER\)); 5762306a36Sopenharmony_ci+ to = vmemdup_user(from,size); 5862306a36Sopenharmony_ci if ( 5962306a36Sopenharmony_ci- to==NULL 6062306a36Sopenharmony_ci+ IS_ERR(to) 6162306a36Sopenharmony_ci || ...) { 6262306a36Sopenharmony_ci <+... when != goto l1; 6362306a36Sopenharmony_ci- -ENOMEM 6462306a36Sopenharmony_ci+ PTR_ERR(to) 6562306a36Sopenharmony_ci ...+> 6662306a36Sopenharmony_ci } 6762306a36Sopenharmony_ci- if (copy_from_user(to, from, size) != 0) { 6862306a36Sopenharmony_ci- <+... when != goto l2; 6962306a36Sopenharmony_ci- -EFAULT 7062306a36Sopenharmony_ci- ...+> 7162306a36Sopenharmony_ci- } 7262306a36Sopenharmony_ci 7362306a36Sopenharmony_ci@r depends on !patch@ 7462306a36Sopenharmony_ciexpression from,to,size; 7562306a36Sopenharmony_ciposition p : script:python() { relevant(p) }; 7662306a36Sopenharmony_cistatement S1,S2; 7762306a36Sopenharmony_ci@@ 7862306a36Sopenharmony_ci 7962306a36Sopenharmony_ci* to = \(kmalloc@p\|kzalloc@p\) 8062306a36Sopenharmony_ci (size,\(GFP_KERNEL\|GFP_USER\| 8162306a36Sopenharmony_ci \(GFP_KERNEL\|GFP_USER\)|__GFP_NOWARN\)); 8262306a36Sopenharmony_ci if (to==NULL || ...) S1 8362306a36Sopenharmony_ci if (copy_from_user(to, from, size) != 0) 8462306a36Sopenharmony_ci S2 8562306a36Sopenharmony_ci 8662306a36Sopenharmony_ci@rv depends on !patch@ 8762306a36Sopenharmony_ciexpression from,to,size; 8862306a36Sopenharmony_ciposition p : script:python() { relevant(p) }; 8962306a36Sopenharmony_cistatement S1,S2; 9062306a36Sopenharmony_ci@@ 9162306a36Sopenharmony_ci 9262306a36Sopenharmony_ci* to = \(kvmalloc@p\|kvzalloc@p\)(size,\(GFP_KERNEL\|GFP_USER\)); 9362306a36Sopenharmony_ci if (to==NULL || ...) S1 9462306a36Sopenharmony_ci if (copy_from_user(to, from, size) != 0) 9562306a36Sopenharmony_ci S2 9662306a36Sopenharmony_ci 9762306a36Sopenharmony_ci@script:python depends on org@ 9862306a36Sopenharmony_cip << r.p; 9962306a36Sopenharmony_ci@@ 10062306a36Sopenharmony_ci 10162306a36Sopenharmony_cicoccilib.org.print_todo(p[0], "WARNING opportunity for memdup_user") 10262306a36Sopenharmony_ci 10362306a36Sopenharmony_ci@script:python depends on report@ 10462306a36Sopenharmony_cip << r.p; 10562306a36Sopenharmony_ci@@ 10662306a36Sopenharmony_ci 10762306a36Sopenharmony_cicoccilib.report.print_report(p[0], "WARNING opportunity for memdup_user") 10862306a36Sopenharmony_ci 10962306a36Sopenharmony_ci@script:python depends on org@ 11062306a36Sopenharmony_cip << rv.p; 11162306a36Sopenharmony_ci@@ 11262306a36Sopenharmony_ci 11362306a36Sopenharmony_cicoccilib.org.print_todo(p[0], "WARNING opportunity for vmemdup_user") 11462306a36Sopenharmony_ci 11562306a36Sopenharmony_ci@script:python depends on report@ 11662306a36Sopenharmony_cip << rv.p; 11762306a36Sopenharmony_ci@@ 11862306a36Sopenharmony_ci 11962306a36Sopenharmony_cicoccilib.report.print_report(p[0], "WARNING opportunity for vmemdup_user") 120