1// SPDX-License-Identifier: GPL-2.0-only
2/// Use memdup_user rather than duplicating its implementation
3/// This is a little bit restricted to reduce false positives
4///
5// Confidence: High
6// Copyright: (C) 2010-2012 Nicolas Palix.
7// Copyright: (C) 2010-2012 Julia Lawall, INRIA/LIP6.
8// Copyright: (C) 2010-2012 Gilles Muller, INRIA/LiP6.
9// URL: http://coccinelle.lip6.fr/
10// Comments:
11// Options: --no-includes --include-headers
12
13virtual patch
14virtual context
15virtual org
16virtual report
17
18@depends on patch@
19expression from,to,size;
20identifier l1,l2;
21@@
22
23-  to = \(kmalloc\|kzalloc\)(size,GFP_KERNEL);
24+  to = memdup_user(from,size);
25   if (
26-      to==NULL
27+      IS_ERR(to)
28                 || ...) {
29   <+... when != goto l1;
30-  -ENOMEM
31+  PTR_ERR(to)
32   ...+>
33   }
34-  if (copy_from_user(to, from, size) != 0) {
35-    <+... when != goto l2;
36-    -EFAULT
37-    ...+>
38-  }
39
40@r depends on !patch@
41expression from,to,size;
42position p;
43statement S1,S2;
44@@
45
46*  to = \(kmalloc@p\|kzalloc@p\)(size,GFP_KERNEL);
47   if (to==NULL || ...) S1
48   if (copy_from_user(to, from, size) != 0)
49   S2
50
51@script:python depends on org@
52p << r.p;
53@@
54
55coccilib.org.print_todo(p[0], "WARNING opportunity for memdup_user")
56
57@script:python depends on report@
58p << r.p;
59@@
60
61coccilib.report.print_report(p[0], "WARNING opportunity for memdup_user")
62