1// SPDX-License-Identifier: GPL-2.0-only 2/// Use memdup_user rather than duplicating its implementation 3/// This is a little bit restricted to reduce false positives 4/// 5// Confidence: High 6// Copyright: (C) 2010-2012 Nicolas Palix. 7// Copyright: (C) 2010-2012 Julia Lawall, INRIA/LIP6. 8// Copyright: (C) 2010-2012 Gilles Muller, INRIA/LiP6. 9// URL: http://coccinelle.lip6.fr/ 10// Comments: 11// Options: --no-includes --include-headers 12 13virtual patch 14virtual context 15virtual org 16virtual report 17 18@depends on patch@ 19expression from,to,size; 20identifier l1,l2; 21@@ 22 23- to = \(kmalloc\|kzalloc\)(size,GFP_KERNEL); 24+ to = memdup_user(from,size); 25 if ( 26- to==NULL 27+ IS_ERR(to) 28 || ...) { 29 <+... when != goto l1; 30- -ENOMEM 31+ PTR_ERR(to) 32 ...+> 33 } 34- if (copy_from_user(to, from, size) != 0) { 35- <+... when != goto l2; 36- -EFAULT 37- ...+> 38- } 39 40@r depends on !patch@ 41expression from,to,size; 42position p; 43statement S1,S2; 44@@ 45 46* to = \(kmalloc@p\|kzalloc@p\)(size,GFP_KERNEL); 47 if (to==NULL || ...) S1 48 if (copy_from_user(to, from, size) != 0) 49 S2 50 51@script:python depends on org@ 52p << r.p; 53@@ 54 55coccilib.org.print_todo(p[0], "WARNING opportunity for memdup_user") 56 57@script:python depends on report@ 58p << r.p; 59@@ 60 61coccilib.report.print_report(p[0], "WARNING opportunity for memdup_user") 62