1// SPDX-License-Identifier: GPL-2.0-only
2/// Use memdup_user rather than duplicating its implementation
3/// This is a little bit restricted to reduce false positives
4///
5// Confidence: High
6// Copyright: (C) 2010-2012 Nicolas Palix.
7// Copyright: (C) 2010-2012 Julia Lawall, INRIA/LIP6.
8// Copyright: (C) 2010-2012 Gilles Muller, INRIA/LiP6.
9// URL: http://coccinelle.lip6.fr/
10// Comments:
11// Options: --no-includes --include-headers
12
13virtual patch
14virtual context
15virtual org
16virtual report
17
18@initialize:python@
19@@
20filter = frozenset(['memdup_user', 'vmemdup_user'])
21
22def relevant(p):
23    return not (filter & {el.current_element for el in p})
24
25@depends on patch@
26expression from,to,size;
27identifier l1,l2;
28position p : script:python() { relevant(p) };
29@@
30
31-  to = \(kmalloc@p\|kzalloc@p\)
32-		(size,\(GFP_KERNEL\|GFP_USER\|
33-		      \(GFP_KERNEL\|GFP_USER\)|__GFP_NOWARN\));
34+  to = memdup_user(from,size);
35   if (
36-      to==NULL
37+      IS_ERR(to)
38                 || ...) {
39   <+... when != goto l1;
40-  -ENOMEM
41+  PTR_ERR(to)
42   ...+>
43   }
44-  if (copy_from_user(to, from, size) != 0) {
45-    <+... when != goto l2;
46-    -EFAULT
47-    ...+>
48-  }
49
50@depends on patch@
51expression from,to,size;
52identifier l1,l2;
53position p : script:python() { relevant(p) };
54@@
55
56-  to = \(kvmalloc@p\|kvzalloc@p\)(size,\(GFP_KERNEL\|GFP_USER\));
57+  to = vmemdup_user(from,size);
58   if (
59-      to==NULL
60+      IS_ERR(to)
61                 || ...) {
62   <+... when != goto l1;
63-  -ENOMEM
64+  PTR_ERR(to)
65   ...+>
66   }
67-  if (copy_from_user(to, from, size) != 0) {
68-    <+... when != goto l2;
69-    -EFAULT
70-    ...+>
71-  }
72
73@r depends on !patch@
74expression from,to,size;
75position p : script:python() { relevant(p) };
76statement S1,S2;
77@@
78
79*  to = \(kmalloc@p\|kzalloc@p\)
80		(size,\(GFP_KERNEL\|GFP_USER\|
81		      \(GFP_KERNEL\|GFP_USER\)|__GFP_NOWARN\));
82   if (to==NULL || ...) S1
83   if (copy_from_user(to, from, size) != 0)
84   S2
85
86@rv depends on !patch@
87expression from,to,size;
88position p : script:python() { relevant(p) };
89statement S1,S2;
90@@
91
92*  to = \(kvmalloc@p\|kvzalloc@p\)(size,\(GFP_KERNEL\|GFP_USER\));
93   if (to==NULL || ...) S1
94   if (copy_from_user(to, from, size) != 0)
95   S2
96
97@script:python depends on org@
98p << r.p;
99@@
100
101coccilib.org.print_todo(p[0], "WARNING opportunity for memdup_user")
102
103@script:python depends on report@
104p << r.p;
105@@
106
107coccilib.report.print_report(p[0], "WARNING opportunity for memdup_user")
108
109@script:python depends on org@
110p << rv.p;
111@@
112
113coccilib.org.print_todo(p[0], "WARNING opportunity for vmemdup_user")
114
115@script:python depends on report@
116p << rv.p;
117@@
118
119coccilib.report.print_report(p[0], "WARNING opportunity for vmemdup_user")
120