Commit e7549481 authored by Jacob Keller's avatar Jacob Keller Committed by Kees Cook
Browse files

coccinelle: semantic patch to check for potential struct_size calls 



include/linux/overflow.h includes helper macros intended for calculating
sizes of allocations. These macros prevent accidental overflow by
saturating at SIZE_MAX.

In general when calculating such sizes use of the macros is preferred. Add
a semantic patch which can detect code patterns which can be replaced by
struct_size.

Note that I set the confidence to medium because this patch doesn't make an
attempt to ensure that the relevant array is actually a flexible array. The
struct_size macro does specifically require a flexible array. In many cases
the detected code could be refactored to a flexible array, but this is not
always possible (such as if there are multiple over-allocations).

Signed-off-by: default avatarJacob Keller <jacob.e.keller@intel.com>
Link: https://lore.kernel.org/r/20230227202428.3657443-1-jacob.e.keller@intel.com


Signed-off-by: default avatarKees Cook <keescook@chromium.org>
parent 1d02f252

scripts/coccinelle/misc/struct_size.cocci

0 → 100644
+74 −0
Original line number Diff line number Diff line 
// SPDX-License-Identifier: GPL-2.0-only

///

/// Check for code that could use struct_size().

///

// Confidence: Medium

// Author: Jacob Keller <jacob.e.keller@intel.com>

// Copyright: (C) 2023 Intel Corporation

// Options: --no-includes --include-headers



virtual patch

virtual context

virtual org

virtual report



// the overflow Kunit tests have some code which intentionally does not use

// the macros, so we want to ignore this code when reporting potential

// issues.

@overflow_tests@

identifier f = overflow_size_helpers_test;

@@



f



//----------------------------------------------------------

//  For context mode

//----------------------------------------------------------



@depends on !overflow_tests && context@

expression E1, E2;

identifier m;

@@

(

* (sizeof(*E1) + (E2 * sizeof(*E1->m)))

)



//----------------------------------------------------------

//  For patch mode

//----------------------------------------------------------



@depends on !overflow_tests && patch@

expression E1, E2;

identifier m;

@@

(

- (sizeof(*E1) + (E2 * sizeof(*E1->m)))

+ struct_size(E1, m, E2)

)



//----------------------------------------------------------

//  For org and report mode

//----------------------------------------------------------



@r depends on !overflow_tests && (org || report)@

expression E1, E2;

identifier m;

position p;

@@

(

 (sizeof(*E1)@p + (E2 * sizeof(*E1->m)))

)



@script:python depends on org@

p << r.p;

@@



coccilib.org.print_todo(p[0], "WARNING should use struct_size")



@script:python depends on report@

p << r.p;

@@



msg="WARNING: Use struct_size"

coccilib.report.print_report(p[0], msg)