Check for memset()/memset_explicit() with 0 followed by kfree()/vfree()/kvfree().
Signed-off-by: Denis Efremov <efre...@linux.com> --- Changes in v2: - memset_explicit() added - kvfree_sensitive() added - forall added to r1 - ... between memset and kfree added Unfortunately, it doesn't work as I would expect it to in "patch" mode. I've added my comment about it in the rule. It can be safely removed from the patch if I misunderstood something. Another "strange" behaviour that I faced that r2 rule works only if I write 2 expression lines: expression *E; expression size; If I try to use a single line "expression *E, size;" then r2 matches nothing. scripts/coccinelle/api/kzfree.cocci | 65 +++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 scripts/coccinelle/api/kzfree.cocci diff --git a/scripts/coccinelle/api/kzfree.cocci b/scripts/coccinelle/api/kzfree.cocci new file mode 100644 index 000000000000..5c7e4bb13bb7 --- /dev/null +++ b/scripts/coccinelle/api/kzfree.cocci @@ -0,0 +1,65 @@ +// SPDX-License-Identifier: GPL-2.0-only +/// +/// Use kzfree, kvfree_sensitive rather than memset or +/// memset_explicit with 0 followed by kfree +/// +// Confidence: High +// Copyright: (C) 2020 Denis Efremov ISPRAS +// Options: --no-includes --include-headers +// +// Keywords: kzfree, kvfree_sensitive +// + +virtual context +virtual patch +virtual org +virtual report + + +// Ignore kzfree definition +// Ignore kasan test +@r depends on !patch && !(file in "lib/test_kasan.c") && !(file in "mm/slab_common.c") forall@ +expression *E; +position p; +@@ + +* \(memset\|memset_explicit\)(E, 0, ...); + ... when != E + when strict +* \(kfree\|vfree\|kvfree\)(E)@p; + +@r1 depends on patch && !(file in "lib/test_kasan.c") && !(file in "mm/slab_common.c")@ +expression *E; +expression size; +@@ + +- \(memset\|memset_explicit\)(E, 0, size); +/// Unfortunately, it doesn't work as in !patch mode. +/// spatch (v1.0.8) should patch 4 functions in linux 5.7 with this rule +/// and uncommented "when" lines. With only "... when != E" line 2 functions +/// are patched, none with "when strict". 3 functions patch is produced by the +/// rule with "when" lines commented out. +// ... when != E +// when strict +( +- kfree(E); ++ kzfree(E); +| +- vfree(E); ++ kvfree_sensitive(E, size); +| +- kvfree(E); ++ kvfree_sensitive(E, size); +) + +@script:python depends on report@ +p << r.p; +@@ + +coccilib.report.print_report(p[0], "WARNING opportunity for kzfree/kvfree_sensitive") + +@script:python depends on org@ +p << r.p; +@@ + +coccilib.org.print_todo(p[0], "WARNING opportunity for kzfree/kvfree_sensitive") -- 2.26.2 _______________________________________________ Cocci mailing list Cocci@systeme.lip6.fr https://systeme.lip6.fr/mailman/listinfo/cocci