Age | Commit message (Collapse) | Author | Files | Lines |
|
git://git.kernel.org/pub/scm/linux/kernel/git/jlawall/linux
Pull coccinelle update from Julia Lawall:
"Simplify the device_attr_show semantic patch
Also removes an unused variable warning"
* tag 'cocci-6.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jlawall/linux:
coccinelle: device_attr_show: Remove useless expression STR
|
|
include/linux/overflow.h includes helper macros intended for calculating
sizes of allocations. These macros prevent accidental overflow by
saturating at SIZE_MAX.
In general when calculating such sizes use of the macros is preferred. Add
a semantic patch which can detect code patterns which can be replaced by
struct_size.
Note that I set the confidence to medium because this patch doesn't make an
attempt to ensure that the relevant array is actually a flexible array. The
struct_size macro does specifically require a flexible array. In many cases
the detected code could be refactored to a flexible array, but this is not
always possible (such as if there are multiple over-allocations).
Signed-off-by: Jacob Keller <jacob.e.keller@intel.com>
Link: https://lore.kernel.org/r/20230227202428.3657443-1-jacob.e.keller@intel.com
Signed-off-by: Kees Cook <keescook@chromium.org>
|
|
Add rules for finding places where str_plural() can be used. This
currently finds:
54 files changed, 62 insertions(+), 61 deletions(-)
Co-developed-by: Michal Wajdeczko <michal.wajdeczko@intel.com>
Signed-off-by: Michal Wajdeczko <michal.wajdeczko@intel.com>
Link: https://lore.kernel.org/all/fc1b25a8-6381-47c2-831c-ab6b8201a82b@intel.com/
Signed-off-by: Kees Cook <keescook@chromium.org>
|
|
Commit ff82e84e80fc ("coccinelle: device_attr_show: simplify patch case")
simplifies the patch case, as a result, STR is no longer needed.
This also helps to fix below coccicheck warning:
> warning: rp: metavariable STR not used in the - or context code
CC: Julia Lawall <Julia.Lawall@inria.fr>
CC: Nicolas Palix <nicolas.palix@imag.fr>
CC: cocci@inria.fr
Fixes: ff82e84e80fc ("coccinelle: device_attr_show: simplify patch case")
Signed-off-by: Li Zhijian <lizhijian@fujitsu.com>
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
|
|
Replacing the final expression argument by ... allows the format
string to have multiple arguments.
It also has the advantage of allowing the change to be recognized as
a change in a single statement, thus avoiding adding unneeded braces.
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
|
|
Documentation/filesystems/sysfs.rst
Adapt description, warning message and MODE=patch according to the latest
Documentation/filesystems/sysfs.rst:
> show() should only use sysfs_emit() or sysfs_emit_at() when formatting
> the value to be returned to user space.
After this patch:
When MODE=report,
$ make coccicheck COCCI=scripts/coccinelle/api/device_attr_show.cocci M=drivers/hid/hid-picolcd_core.c MODE=report
<...snip...>
drivers/hid/hid-picolcd_core.c:304:8-16: WARNING: please use sysfs_emit or sysfs_emit_at
drivers/hid/hid-picolcd_core.c:259:9-17: WARNING: please use sysfs_emit or sysfs_emit_at
When MODE=patch,
$ make coccicheck COCCI=scripts/coccinelle/api/device_attr_show.cocci M=drivers/hid/hid-picolcd_core.c MODE=patch
<...snip...>
diff -u -p a/drivers/hid/hid-picolcd_core.c b/drivers/hid/hid-picolcd_core.c
--- a/drivers/hid/hid-picolcd_core.c
+++ b/drivers/hid/hid-picolcd_core.c
@@ -255,10 +255,12 @@ static ssize_t picolcd_operation_mode_sh
{
struct picolcd_data *data = dev_get_drvdata(dev);
- if (data->status & PICOLCD_BOOTLOADER)
- return snprintf(buf, PAGE_SIZE, "[bootloader] lcd\n");
- else
- return snprintf(buf, PAGE_SIZE, "bootloader [lcd]\n");
+ if (data->status & PICOLCD_BOOTLOADER) {
+ return sysfs_emit(buf, "[bootloader] lcd\n");
+ }
+ else {
+ return sysfs_emit(buf, "bootloader [lcd]\n");
+ }
}
static ssize_t picolcd_operation_mode_store(struct device *dev,
@@ -301,7 +303,7 @@ static ssize_t picolcd_operation_mode_de
{
struct picolcd_data *data = dev_get_drvdata(dev);
- return snprintf(buf, PAGE_SIZE, "hello world\n");
+ return sysfs_emit(buf, "hello world\n");
}
static ssize_t picolcd_operation_mode_delay_store(struct device *dev,
CC: Julia Lawall <Julia.Lawall@inria.fr>
CC: Nicolas Palix <nicolas.palix@imag.fr>
CC: cocci@inria.fr
Signed-off-by: Li Zhijian <lizhijian@fujitsu.com>
|
|
Remove coccinelle's recommendation to use DEFINE_DEBUGFS_ATTRIBUTE()
instead of DEFINE_SIMPLE_ATTRIBUTE(). Regardless of whether or not the
"significant overhead" incurred by debugfs_create_file() is actually
meaningful, warnings from the script have led to a rash of low-quality
patches that have sowed confusion and consumed maintainer time for little
to no benefit. There have been no less than four attempts to "fix" KVM,
and a quick search on lore shows that KVM is not alone.
This reverts commit 5103068eaca290f890a30aae70085fac44cecaf6.
Link: https://lore.kernel.org/all/87tu2nbnz3.fsf@mpe.ellerman.id.au
Link: https://lore.kernel.org/all/c0b98151-16b6-6d8f-1765-0f7d46682d60@redhat.com
Link: https://lkml.kernel.org/r/20230706072954.4881-1-duminjie%40vivo.com
Link: https://lore.kernel.org/all/Y2FsbufV00jbyF0B@google.com
Link: https://lore.kernel.org/all/Y2ENJJ1YiSg5oHiy@orome
Link: https://lore.kernel.org/all/7560b350e7b23786ce712118a9a504356ff1cca4.camel@kernel.org
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20230726202920.507756-1-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
A common practice is to grep for "WARNING" or "ERROR" text in the report
output from a Coccinelle semantic patch script. So, include the text
"WARNING: " in the report output generated by the semantic patch for
desired filtering of the output. Also improves the readability of the
output. Here is an example of the old and new outputs reported:
xyz_file.c:131:39-40: atomic_add_unless
xyz_file.c:131:39-40: WARNING: atomic_add_unless
xyz_file.c:196:6-25: atomic_dec_and_test variation before object free at line 208.
xyz_file.c:196:6-25: WARNING: atomic_dec_and_test variation before object free at line 208.
Signed-off-by: Deepak R Varma <drv@mailo.com>
Acked-by: Julia Lawall <Julia.Lawall@inria.fr>
|
|
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
|
|
The various functions contain a NULL check starting in v5.15.
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
|
|
Since commit b37a46683739 ("netdevice: add the case if dev is NULL"),
NULL check before dev_{put, hold} functions is not needed.
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
|
|
functions returning bool
There is nothing wrong with current code that returns 0 or 1 for a
function returning bool. It is perfectly acceptable by the C standard.
To avoid churn of unwanted patches that are constantly sent to maintainers
who do not care about this change, remove the script that flags it as an
issue. This issue is not worth the burden on maintainers to accept
useless patches.
Link: https://lore.kernel.org/all/20220705073822.7276-1-jiapeng.chong@linux.alibaba.com/
Link: https://lore.kernel.org/all/20220429075201.68581-1-jiapeng.chong@linux.alibaba.com/
Link: https://lore.kernel.org/all/1649236467-29390-1-git-send-email-baihaowen@meizu.com/
Link: https://lore.kernel.org/all/20220317014740.3138-1-jiapeng.chong@linux.alibaba.com/
Link: https://lore.kernel.org/all/190b5c2f2f2fb9cc775fce8daed72bf893be48a4.1642065293.git.davidcomponentone@gmail.com/
Link: https://lore.kernel.org/all/20211214113845.439392-1-deng.changcheng@zte.com.cn/
Link: https://lore.kernel.org/all/20210824065735.60660-1-deng.changcheng@zte.com.cn/
Link: https://lore.kernel.org/all/20210824064305.60081-1-deng.changcheng@zte.com.cn/
Link: https://lore.kernel.org/all/20210824062359.59474-1-deng.changcheng@zte.com.cn/
Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Cc: Julia Lawall <Julia.Lawall@lip6.fr>
Cc: Michal Marek <mmarek@suse.cz>
Cc: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Julia Lawall <julia.lawall@inria.fr>
Acked-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Acked-by: Paul Gortmaker <paul.gortmaker@windriver.com>
|
|
The test of an expression's address does not necessarily represent the
whole condition, it may only be a part of it. Also, an expression's
address is likely to be non-zero in every test expression, not only in
if statements.
This change aims at detecting an address test in more complex conditions
and not only in if statements.
Signed-off-by: Jérémy Lefaure <jeremy.lefaure@netatmo.com>
Signed-off-by: Julia Lawall <julia.lawall@inria.fr>
|
|
This semantic patch does not take into account the fact that of_node_put
can be safely applied to NULL. Thus it gives only false positives.
Drop it.
Reported-by: Qing Wang <wangqing@vivo.com>
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
|
|
The BUG_ON script was never safe, in that it was not able to check
whether the condition was side-effecting. At this point, BUG_ON
should be well known, so it has probably outlived its usefuless.
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
Suggested-by: Matthew Wilcox <willy@infradead.org>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/jlawall/linux
Pull coccinelle updates from Julia Lawall:
- Update MAINTAINERS information (mailing list, web page, etc).
- Add a semantic patch from Wen Yang to check for do_div calls that may
cause truncation, motivated by commit b0ab99e7736a ("sched: Fix
possible divide by zero in avg_atom() calculation")
* tag 'coccinelle-5.16-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jlawall/linux:
coccinelle: update Coccinelle entry
coccinelle: semantic patch to check for inappropriate do_div() calls
|
|
do_div() does a 64-by-32 division.
When the divisor is unsigned long, u64, or s64,
do_div() truncates it to 32 bits, this means it
can test non-zero and be truncated to zero for division.
This semantic patch is inspired by Mateusz Guzik's patch:
commit b0ab99e7736a ("sched: Fix possible divide by zero in avg_atom() calculation")
Signed-off-by: Wen Yang <wenyang@linux.alibaba.com>
Signed-off-by: Julia Lawall <julia.lawall@inria.fr>
Cc: Gilles Muller <Gilles.Muller@lip6.fr>
Cc: Nicolas Palix <nicolas.palix@imag.fr>
Cc: Michal Marek <michal.lkml@markovi.net>
Cc: Matthias Maennich <maennich@google.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: cocci@systeme.lip6.fr
Cc: linux-kernel@vger.kernel.org
|
|
Currently use_after_iter.cocci generates false positives for code of the
following form:
~~~
list_for_each_entry(d, &ddata->irq_list, node) {
if (irq == d->irq)
break;
}
if (list_entry_is_head(d, &ddata->irq_list, node))
return IRQ_NONE;
~~~
[This specific example comes from drivers/power/supply/cpcap-battery.c]
Most list macros use list_entry_is_head() as loop exit condition meaning it
is not unsafe to reuse pos (a.k.a. d) in the code above.
Let's avoid reporting these cases.
Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org>
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
|
|
Commit 453431a54934 ("mm, treewide: rename kzfree() to
kfree_sensitive()") renamed kzfree() to kfree_sensitive(),
it should be applied to coccinelle.
Signed-off-by: Weizhao Ouyang <o451686892@gmail.com>
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
Acked-by: Denis Efremov <efremov@linux.com>
|
|
Using kobj_to_dev() instead of container_of() is not universally
accepted among maintainers as an improvement. The warning leads to
repeated patch submissions that won't be accepted. Remove the script.
Cc: Christoph Hellwig <hch@lst.de>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Denis Efremov <efremov@linux.com>
Cc: Julia Lawall <Julia.Lawall@inria.fr>
Signed-off-by: Keith Busch <kbusch@kernel.org>
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
Acked-by: Jens Axboe <axboe@kernel.dk>
Acked-by: Denis Efremov <efremov@linux.com>
|
|
There is a standard idiom for "if 'ret' holds an error, return it":
return ret < 0 ? ret : 0;
Developers prefer to keep the things as they are because stylistic
change to "return min(ret, 0);" breaks readability.
Let's suppress automatic generation for this type of patches.
Signed-off-by: Denis Efremov <efremov@linux.com>
|
|
Kfree.cocci only supports org and report mode, so the *s (used for
context mode) are not useful.
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
|
|
The IRQF_ONESHOT should be present for threaded IRQ using default
primary handler. However intetrupt of many child devices, e.g. children
of MFD, is nested thus the IRQF_ONESHOT is not needed. The coccinelle
message about error misleads submitters and reviewers about the severity
of the issue, so make it a warning and mention possible false positive.
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
|
|
Check for opencoded swap() implementation.
Signed-off-by: Denis Efremov <efremov@linux.com>
Signed-off-by: Julia Lawall <julia.lawall@inria.fr>
|
|
Remove the documentation link from the warning message because commit
3942ea7a10c9 ("deprecated.rst: Remove now removed uninitialized_var")
removed the section from documentation. Update the rule documentation
accordingly.
Signed-off-by: Denis Efremov <efremov@linux.com>
Signed-off-by: Julia Lawall <julia.lawall@inria.fr>
|
|
Skip patches generation for structs with a single field.
Changing a zero-length array to a flexible array member in a struct
with no named members breaks the compilation. However, reporting
such cases is still valuable, e.g. commit 637464c59e0b
("ACPI: NFIT: Fix flexible_array.cocci warnings").
Signed-off-by: Denis Efremov <efremov@linux.com>
Signed-off-by: Julia Lawall <julia.lawall@inria.fr>
|
|
Check for opencoded min(), max() implementations.
Signed-off-by: Denis Efremov <efremov@linux.com>
Signed-off-by: Julia Lawall <julia.lawall@inria.fr>
|
|
of_dev_get() and of_dev_put are just wrappers for get_device()/put_device()
on a platform_device. There's also already platform_device_{get,put}()
wrappers for this purpose. Let's update the few users and remove
of_dev_{get,put}().
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Frank Rowand <frowand.list@gmail.com>
Cc: Patrice Chotard <patrice.chotard@st.com>
Cc: Felipe Balbi <balbi@kernel.org>
Cc: Julia Lawall <Julia.Lawall@inria.fr>
Cc: Gilles Muller <Gilles.Muller@inria.fr>
Cc: Nicolas Palix <nicolas.palix@imag.fr>
Cc: Michal Marek <michal.lkml@markovi.net>
Cc: linuxppc-dev@lists.ozlabs.org
Cc: netdev@vger.kernel.org
Cc: linux-arm-kernel@lists.infradead.org
Cc: linux-usb@vger.kernel.org
Cc: cocci@systeme.lip6.fr
Signed-off-by: Rob Herring <robh@kernel.org>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Link: https://lore.kernel.org/r/20210211232745.1498137-2-robh@kernel.org
|
|
The ptr_ret script script addresses a number of situations where we end up
testing an error pointer, and if it's an error returning it, or return 0
otherwise to transform it into a PTR_ERR_OR_ZERO call.
So it will convert a block like this:
if (IS_ERR(err))
return PTR_ERR(err);
return 0;
into
return PTR_ERR_OR_ZERO(err);
While this is technically correct, it has a number of drawbacks. First, it
merges the error and success path, which will make it harder for a reviewer
or reader to grasp.
It's also more difficult to extend if we were to add some code between the
error check and the function return, making the author essentially revert
that patch before adding new lines, while it would have been a trivial
addition otherwise for the rewiever.
Therefore, since that script is only about cosmetic in the first place,
let's remove it since it's not worth it.
Acked-by: Jani Nikula <jani.nikula@intel.com>
Acked-by: Thierry Reding <treding@nvidia.com>
Acked-by: Julia Lawall <julia.lawall@inria.fr>
Reviewed-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Reviewed-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Maxime Ripard <maxime@cerno.tech>
Signed-off-by: Julia Lawall <julia.lawall@inria.fr>
|
|
0/1 for booleans is perfectly valid C.
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/jlawall/linux
Pull coccinelle updates from Julia Lawall.
* 'for-5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/jlawall/linux:
coccinelle: api: add kfree_mismatch script
coccinelle: iterators: Add for_each_child.cocci script
scripts: coccicheck: Change default condition for parallelism
scripts: coccicheck: Add quotes to improve portability
coccinelle: api: kfree_sensitive: print memset position
coccinelle: misc: add flexible_array.cocci script
coccinelle: api: add kvmalloc script
scripts: coccicheck: Change default value for parallelism
coccinelle: misc: add excluded_middle.cocci script
scripts: coccicheck: Improve error feedback when coccicheck fails
coccinelle: api: update kzfree script to kfree_sensitive
coccinelle: misc: add uninitialized_var.cocci script
coccinelle: ifnullfree: add vfree(), kvfree*() functions
coccinelle: api: add kobj_to_dev.cocci script
coccinelle: add patch rule for dma_alloc_coherent
scripts: coccicheck: Add chain mode to list of modes
|
|
Check that alloc and free types of functions match each other.
Signed-off-by: Denis Efremov <efremov@linux.com>
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
|
|
While iterating over child nodes with the for_each functions, if
control is transferred from the middle of the loop, as in the case
of a break or return or goto, there is no decrement in the
reference counter thus ultimately resulting in a memory leak.
Add this script to detect potential memory leaks caused by
the absence of of_node_put() before break, goto, or, return
statements which transfer control outside the loop.
Signed-off-by: Sumera Priyadarsini <sylphrenadin@gmail.com>
Signed-off-by: Julia Lawall <julia.lawall@inria.fr>
|
|
Print memset() call position in addition to the kfree() position to
ease issues identification.
Signed-off-by: Denis Efremov <efremov@linux.com>
Signed-off-by: Julia Lawall <julia.lawall@inria.fr>
|
|
One-element and zero-length arrays are deprecated [1]. Kernel
code should always use "flexible array members" instead, except
for existing uapi definitions.
The script warns about one-element and zero-length arrays in structs.
[1] commit 68e4cd17e218 ("docs: deprecated.rst: Add zero-length and
one-element arrays")
Cc: Kees Cook <keescook@chromium.org>
Cc: Gustavo A. R. Silva <gustavoars@kernel.org>
Signed-off-by: Denis Efremov <efremov@linux.com>
Signed-off-by: Julia Lawall <julia.lawall@inria.fr>
|
|
Suggest kvmalloc, kvfree instead of opencoded patterns.
Signed-off-by: Denis Efremov <efremov@linux.com>
Signed-off-by: Julia Lawall <julia.lawall@inria.fr>
|
|
Check for !A || A && B condition. It's equivalent to !A || B.
Signed-off-by: Denis Efremov <efremov@linux.com>
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
|
|
Commit 453431a54934 ("mm, treewide: rename kzfree() to kfree_sensitive()")
renames kzfree to kfree_sensitive and uses memzero_explicit(...) instead of
memset(..., 0, ...) internally. Update cocci script to reflect these
changes.
Signed-off-by: Denis Efremov <efremov@linux.com>
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
|
|
sysfs.txt was converted and renamed to sysfs.rst.
Update device_attr_show.cocci script accordingly.
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Link: https://lore.kernel.org/r/048ed24b09aefa0051d76396d6250e35e6ba035c.1599660067.git.mchehab+huawei@kernel.org
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
|
|
uninitialized_var() macro was removed from the sources [1] and
other warning-silencing tricks were deprecated [2]. The purpose of this
cocci script is to prevent new occurrences of uninitialized_var()
open-coded variants.
[1] commit 63a0895d960a ("compiler: Remove uninitialized_var() macro")
[2] commit 4b19bec97c88 ("docs: deprecated.rst: Add uninitialized_var()")
Cc: Kees Cook <keescook@chromium.org>
Cc: Gustavo A. R. Silva <gustavoars@kernel.org>
Signed-off-by: Denis Efremov <efremov@linux.com>
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
|
|
Extend the list of free functions with kvfree(), kvfree_sensitive(),
vfree().
Signed-off-by: Denis Efremov <efremov@linux.com>
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
|
|
Use kobj_to_dev() instead of container_of().
Signed-off-by: Denis Efremov <efremov@linux.com>
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
|
|
Commit dfd32cad146e ("dma-mapping: remove dma_zalloc_coherent()")
removed the definition of dma_zalloc_coherent() and also removed the
corresponding patch rule for replacing instances of dma_alloc_coherent +
memset in zalloc-simple.cocci (though left the report rule).
Add a new patch rule to remove unnecessary calls to memset after
allocating with dma_alloc_coherent. While we're at it, fix a couple of
typos.
Fixes: dfd32cad146e ("dma-mapping: remove dma_zalloc_coherent()")
Signed-off-by: Alex Dewar <alex.dewar90@gmail.com>
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
|
|
As said by Linus:
A symmetric naming is only helpful if it implies symmetries in use.
Otherwise it's actively misleading.
In "kzalloc()", the z is meaningful and an important part of what the
caller wants.
In "kzfree()", the z is actively detrimental, because maybe in the
future we really _might_ want to use that "memfill(0xdeadbeef)" or
something. The "zero" part of the interface isn't even _relevant_.
The main reason that kzfree() exists is to clear sensitive information
that should not be leaked to other future users of the same memory
objects.
Rename kzfree() to kfree_sensitive() to follow the example of the recently
added kvfree_sensitive() and make the intention of the API more explicit.
In addition, memzero_explicit() is used to clear the memory to make sure
that it won't get optimized away by the compiler.
The renaming is done by using the command sequence:
git grep -w --name-only kzfree |\
xargs sed -i 's/kzfree/kfree_sensitive/'
followed by some editing of the kfree_sensitive() kerneldoc and adding
a kzfree backward compatibility macro in slab.h.
[akpm@linux-foundation.org: fs/crypto/inline_crypt.c needs linux/slab.h]
[akpm@linux-foundation.org: fix fs/crypto/inline_crypt.c some more]
Suggested-by: Joe Perches <joe@perches.com>
Signed-off-by: Waiman Long <longman@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: David Howells <dhowells@redhat.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Cc: James Morris <jmorris@namei.org>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Joe Perches <joe@perches.com>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: David Rientjes <rientjes@google.com>
Cc: Dan Carpenter <dan.carpenter@oracle.com>
Cc: "Jason A . Donenfeld" <Jason@zx2c4.com>
Link: http://lkml.kernel.org/r/20200616154311.12314-3-longman@redhat.com
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/jlawall/linux
Pull coccinelle updates from Julia Lawall:
"New semantic patches and semantic patch improvements from Denis
Efremov"
* 'for-5.9' of git://git.kernel.org/pub/scm/linux/kernel/git/jlawall/linux:
coccinelle: api: filter out memdup_user definitions
coccinelle: api: extend memdup_user rule with vmemdup_user()
coccinelle: api: extend memdup_user transformation with GFP_USER
coccinelle: api: add kzfree script
coccinelle: misc: add array_size_dup script to detect missed overflow checks
coccinelle: api/kstrdup: fix coccinelle position
coccinelle: api: add device_attr_show script
|
|
Don't match memdup_user/vmemdup_user.
Signed-off-by: Denis Efremov <efremov@linux.com>
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
|
|
Add vmemdup_user() transformations to the memdup_user.cocci rule.
Commit 50fd2f298bef ("new primitive: vmemdup_user()") introduced
vmemdup_user(). The function uses kvmalloc with GPF_USER flag.
Signed-off-by: Denis Efremov <efremov@linux.com>
|
|
Match GFP_USER and optional __GFP_NOWARN allocations with
memdup_user.cocci rule.
Commit 6c2c97a24f09 ("memdup_user(): switch to GFP_USER") switched
memdup_user() from GFP_KERNEL to GFP_USER. In almost all cases it
is still a good idea to recommend memdup_user() for GFP_KERNEL
allocations. The motivation behind altering memdup_user() to GFP_USER:
https://lkml.org/lkml/2018/1/6/333
Signed-off-by: Denis Efremov <efremov@linux.com>
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
|
|
Check for memset()/memzero_explicit() followed by kfree()/vfree()/kvfree().
Signed-off-by: Denis Efremov <efremov@linux.com>
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
|
|
Detect an opencoded expression that is used before or after
array_size()/array3_size()/struct_size() to compute the same size.
Signed-off-by: Denis Efremov <efremov@linux.com>
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
|