Commit e7549481 authored by Jacob Keller's avatar Jacob Keller Committed by Kees Cook

coccinelle: semantic patch to check for potential struct_size calls

include/linux/overflow.h includes helper macros intended for calculating
sizes of allocations. These macros prevent accidental overflow by
saturating at SIZE_MAX.

In general when calculating such sizes use of the macros is preferred. Add
a semantic patch which can detect code patterns which can be replaced by
struct_size.

Note that I set the confidence to medium because this patch doesn't make an
attempt to ensure that the relevant array is actually a flexible array. The
struct_size macro does specifically require a flexible array. In many cases
the detected code could be refactored to a flexible array, but this is not
always possible (such as if there are multiple over-allocations).
Signed-off-by: default avatarJacob Keller <jacob.e.keller@intel.com>
Link: https://lore.kernel.org/r/20230227202428.3657443-1-jacob.e.keller@intel.comSigned-off-by: default avatarKees Cook <keescook@chromium.org>
parent 1d02f252
// SPDX-License-Identifier: GPL-2.0-only
///
/// Check for code that could use struct_size().
///
// Confidence: Medium
// Author: Jacob Keller <jacob.e.keller@intel.com>
// Copyright: (C) 2023 Intel Corporation
// Options: --no-includes --include-headers
virtual patch
virtual context
virtual org
virtual report
// the overflow Kunit tests have some code which intentionally does not use
// the macros, so we want to ignore this code when reporting potential
// issues.
@overflow_tests@
identifier f = overflow_size_helpers_test;
@@
f
//----------------------------------------------------------
// For context mode
//----------------------------------------------------------
@depends on !overflow_tests && context@
expression E1, E2;
identifier m;
@@
(
* (sizeof(*E1) + (E2 * sizeof(*E1->m)))
)
//----------------------------------------------------------
// For patch mode
//----------------------------------------------------------
@depends on !overflow_tests && patch@
expression E1, E2;
identifier m;
@@
(
- (sizeof(*E1) + (E2 * sizeof(*E1->m)))
+ struct_size(E1, m, E2)
)
//----------------------------------------------------------
// For org and report mode
//----------------------------------------------------------
@r depends on !overflow_tests && (org || report)@
expression E1, E2;
identifier m;
position p;
@@
(
(sizeof(*E1)@p + (E2 * sizeof(*E1->m)))
)
@script:python depends on org@
p << r.p;
@@
coccilib.org.print_todo(p[0], "WARNING should use struct_size")
@script:python depends on report@
p << r.p;
@@
msg="WARNING: Use struct_size"
coccilib.report.print_report(p[0], msg)
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment