coccinelle: semantic patch to check for potential struct_size calls
include/linux/overflow.h includes helper macros intended for calculating sizes of allocations. These macros prevent accidental overflow by saturating at SIZE_MAX. In general when calculating such sizes use of the macros is preferred. Add a semantic patch which can detect code patterns which can be replaced by struct_size. Note that I set the confidence to medium because this patch doesn't make an attempt to ensure that the relevant array is actually a flexible array. The struct_size macro does specifically require a flexible array. In many cases the detected code could be refactored to a flexible array, but this is not always possible (such as if there are multiple over-allocations). Signed-off-by: Jacob Keller <jacob.e.keller@intel.com> Link: https://lore.kernel.org/r/20230227202428.3657443-1-jacob.e.keller@intel.com Signed-off-by: Kees Cook <keescook@chromium.org>
This commit is contained in:
parent
1d02f25233
commit
e754948125
74
scripts/coccinelle/misc/struct_size.cocci
Normal file
74
scripts/coccinelle/misc/struct_size.cocci
Normal file
@ -0,0 +1,74 @@
|
||||
// SPDX-License-Identifier: GPL-2.0-only
|
||||
///
|
||||
/// Check for code that could use struct_size().
|
||||
///
|
||||
// Confidence: Medium
|
||||
// Author: Jacob Keller <jacob.e.keller@intel.com>
|
||||
// Copyright: (C) 2023 Intel Corporation
|
||||
// Options: --no-includes --include-headers
|
||||
|
||||
virtual patch
|
||||
virtual context
|
||||
virtual org
|
||||
virtual report
|
||||
|
||||
// the overflow Kunit tests have some code which intentionally does not use
|
||||
// the macros, so we want to ignore this code when reporting potential
|
||||
// issues.
|
||||
@overflow_tests@
|
||||
identifier f = overflow_size_helpers_test;
|
||||
@@
|
||||
|
||||
f
|
||||
|
||||
//----------------------------------------------------------
|
||||
// For context mode
|
||||
//----------------------------------------------------------
|
||||
|
||||
@depends on !overflow_tests && context@
|
||||
expression E1, E2;
|
||||
identifier m;
|
||||
@@
|
||||
(
|
||||
* (sizeof(*E1) + (E2 * sizeof(*E1->m)))
|
||||
)
|
||||
|
||||
//----------------------------------------------------------
|
||||
// For patch mode
|
||||
//----------------------------------------------------------
|
||||
|
||||
@depends on !overflow_tests && patch@
|
||||
expression E1, E2;
|
||||
identifier m;
|
||||
@@
|
||||
(
|
||||
- (sizeof(*E1) + (E2 * sizeof(*E1->m)))
|
||||
+ struct_size(E1, m, E2)
|
||||
)
|
||||
|
||||
//----------------------------------------------------------
|
||||
// For org and report mode
|
||||
//----------------------------------------------------------
|
||||
|
||||
@r depends on !overflow_tests && (org || report)@
|
||||
expression E1, E2;
|
||||
identifier m;
|
||||
position p;
|
||||
@@
|
||||
(
|
||||
(sizeof(*E1)@p + (E2 * sizeof(*E1->m)))
|
||||
)
|
||||
|
||||
@script:python depends on org@
|
||||
p << r.p;
|
||||
@@
|
||||
|
||||
coccilib.org.print_todo(p[0], "WARNING should use struct_size")
|
||||
|
||||
@script:python depends on report@
|
||||
p << r.p;
|
||||
@@
|
||||
|
||||
msg="WARNING: Use struct_size"
|
||||
coccilib.report.print_report(p[0], msg)
|
||||
|
Loading…
x
Reference in New Issue
Block a user