linux-toradex.git/scripts/coccinelle, branch v5.9-rc5 Linux kernel for Apalis and Colibri modules mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07T18:33:22+00:00 Waiman Long longman@redhat.com 2020-08-07T06:18:13+00:00 453431a54934d917153c65211b2dabf45562ca88 As said by Linus: A symmetric naming is only helpful if it implies symmetries in use. Otherwise it's actively misleading. In "kzalloc()", the z is meaningful and an important part of what the caller wants. In "kzfree()", the z is actively detrimental, because maybe in the future we really _might_ want to use that "memfill(0xdeadbeef)" or something. The "zero" part of the interface isn't even _relevant_. The main reason that kzfree() exists is to clear sensitive information that should not be leaked to other future users of the same memory objects. Rename kzfree() to kfree_sensitive() to follow the example of the recently added kvfree_sensitive() and make the intention of the API more explicit. In addition, memzero_explicit() is used to clear the memory to make sure that it won't get optimized away by the compiler. The renaming is done by using the command sequence: git grep -w --name-only kzfree |\ xargs sed -i 's/kzfree/kfree_sensitive/' followed by some editing of the kfree_sensitive() kerneldoc and adding a kzfree backward compatibility macro in slab.h. [akpm@linux-foundation.org: fs/crypto/inline_crypt.c needs linux/slab.h] [akpm@linux-foundation.org: fix fs/crypto/inline_crypt.c some more] Suggested-by: Joe Perches <joe@perches.com> Signed-off-by: Waiman Long <longman@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Acked-by: David Howells <dhowells@redhat.com> Acked-by: Michal Hocko <mhocko@suse.com> Acked-by: Johannes Weiner <hannes@cmpxchg.org> Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Cc: James Morris <jmorris@namei.org> Cc: "Serge E. Hallyn" <serge@hallyn.com> Cc: Joe Perches <joe@perches.com> Cc: Matthew Wilcox <willy@infradead.org> Cc: David Rientjes <rientjes@google.com> Cc: Dan Carpenter <dan.carpenter@oracle.com> Cc: "Jason A . Donenfeld" <Jason@zx2c4.com> Link: http://lkml.kernel.org/r/20200616154311.12314-3-longman@redhat.com Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
As said by Linus:

  A symmetric naming is only helpful if it implies symmetries in use.
  Otherwise it's actively misleading.

  In "kzalloc()", the z is meaningful and an important part of what the
  caller wants.

  In "kzfree()", the z is actively detrimental, because maybe in the
  future we really _might_ want to use that "memfill(0xdeadbeef)" or
  something. The "zero" part of the interface isn't even _relevant_.

The main reason that kzfree() exists is to clear sensitive information
that should not be leaked to other future users of the same memory
objects.

Rename kzfree() to kfree_sensitive() to follow the example of the recently
added kvfree_sensitive() and make the intention of the API more explicit.
In addition, memzero_explicit() is used to clear the memory to make sure
that it won't get optimized away by the compiler.

The renaming is done by using the command sequence:

  git grep -w --name-only kzfree |\
  xargs sed -i 's/kzfree/kfree_sensitive/'

followed by some editing of the kfree_sensitive() kerneldoc and adding
a kzfree backward compatibility macro in slab.h.

[akpm@linux-foundation.org: fs/crypto/inline_crypt.c needs linux/slab.h]
[akpm@linux-foundation.org: fix fs/crypto/inline_crypt.c some more]

Suggested-by: Joe Perches <joe@perches.com>
Signed-off-by: Waiman Long <longman@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: David Howells <dhowells@redhat.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Cc: James Morris <jmorris@namei.org>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Joe Perches <joe@perches.com>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: David Rientjes <rientjes@google.com>
Cc: Dan Carpenter <dan.carpenter@oracle.com>
Cc: "Jason A . Donenfeld" <Jason@zx2c4.com>
Link: http://lkml.kernel.org/r/20200616154311.12314-3-longman@redhat.com
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Merge branch 'for-5.9' of git://git.kernel.org/pub/scm/linux/kernel/git/jlawall/linux 2020-08-06T18:34:35+00:00 Linus Torvalds torvalds@linux-foundation.org 2020-08-06T18:34:35+00:00 e3243e2a273d79c69d821e27cd246089638c472a Pull coccinelle updates from Julia Lawall: "New semantic patches and semantic patch improvements from Denis Efremov" * 'for-5.9' of git://git.kernel.org/pub/scm/linux/kernel/git/jlawall/linux: coccinelle: api: filter out memdup_user definitions coccinelle: api: extend memdup_user rule with vmemdup_user() coccinelle: api: extend memdup_user transformation with GFP_USER coccinelle: api: add kzfree script coccinelle: misc: add array_size_dup script to detect missed overflow checks coccinelle: api/kstrdup: fix coccinelle position coccinelle: api: add device_attr_show script 
Pull coccinelle updates from Julia Lawall:
 "New semantic patches and semantic patch improvements from Denis
  Efremov"

* 'for-5.9' of git://git.kernel.org/pub/scm/linux/kernel/git/jlawall/linux:
  coccinelle: api: filter out memdup_user definitions
  coccinelle: api: extend memdup_user rule with vmemdup_user()
  coccinelle: api: extend memdup_user transformation with GFP_USER
  coccinelle: api: add kzfree script
  coccinelle: misc: add array_size_dup script to detect missed overflow checks
  coccinelle: api/kstrdup: fix coccinelle position
  coccinelle: api: add device_attr_show script
coccinelle: api: filter out memdup_user definitions 2020-08-04T20:46:59+00:00 Denis Efremov efremov@linux.com 2020-07-20T16:22:16+00:00 d05f94ad28c76cbd98aecee8e617f18454050f57 Don't match memdup_user/vmemdup_user. Signed-off-by: Denis Efremov <efremov@linux.com> Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr> 
Don't match memdup_user/vmemdup_user.

Signed-off-by: Denis Efremov <efremov@linux.com>
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
coccinelle: api: extend memdup_user rule with vmemdup_user() 2020-08-04T20:46:59+00:00 Denis Efremov efremov@linux.com 2020-07-20T16:22:15+00:00 9c568dbd677bcfc975220d3157c89c48669a23e3 Add vmemdup_user() transformations to the memdup_user.cocci rule. Commit 50fd2f298bef ("new primitive: vmemdup_user()") introduced vmemdup_user(). The function uses kvmalloc with GPF_USER flag. Signed-off-by: Denis Efremov <efremov@linux.com> 
Add vmemdup_user() transformations to the memdup_user.cocci rule.
Commit 50fd2f298bef ("new primitive: vmemdup_user()") introduced
vmemdup_user(). The function uses kvmalloc with GPF_USER flag.

Signed-off-by: Denis Efremov <efremov@linux.com>
coccinelle: api: extend memdup_user transformation with GFP_USER 2020-08-04T20:46:59+00:00 Denis Efremov efremov@linux.com 2020-07-20T16:22:14+00:00 547ade42ced037db77a82e67d70b55c0eecc49e0 Match GFP_USER and optional __GFP_NOWARN allocations with memdup_user.cocci rule. Commit 6c2c97a24f09 ("memdup_user(): switch to GFP_USER") switched memdup_user() from GFP_KERNEL to GFP_USER. In almost all cases it is still a good idea to recommend memdup_user() for GFP_KERNEL allocations. The motivation behind altering memdup_user() to GFP_USER: https://lkml.org/lkml/2018/1/6/333 Signed-off-by: Denis Efremov <efremov@linux.com> Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr> 
Match GFP_USER and optional __GFP_NOWARN allocations with
memdup_user.cocci rule.
Commit 6c2c97a24f09 ("memdup_user(): switch to GFP_USER") switched
memdup_user() from GFP_KERNEL to GFP_USER. In almost all cases it
is still a good idea to recommend memdup_user() for GFP_KERNEL
allocations. The motivation behind altering memdup_user() to GFP_USER:
https://lkml.org/lkml/2018/1/6/333

Signed-off-by: Denis Efremov <efremov@linux.com>
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
coccinelle: api: add kzfree script 2020-08-04T20:46:59+00:00 Denis Efremov efremov@linux.com 2020-07-17T11:57:09+00:00 7cf4be68b177855b620dbc045bf26606eed197ac Check for memset()/memzero_explicit() followed by kfree()/vfree()/kvfree(). Signed-off-by: Denis Efremov <efremov@linux.com> Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr> 
Check for memset()/memzero_explicit() followed by kfree()/vfree()/kvfree().

Signed-off-by: Denis Efremov <efremov@linux.com>
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
coccinelle: misc: add array_size_dup script to detect missed overflow checks 2020-08-04T20:46:58+00:00 Denis Efremov efremov@linux.com 2020-06-22T22:10:56+00:00 de50862520480b90ec2fcaed6ad1ad41462fbf30 Detect an opencoded expression that is used before or after array_size()/array3_size()/struct_size() to compute the same size. Signed-off-by: Denis Efremov <efremov@linux.com> Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr> 
Detect an opencoded expression that is used before or after
array_size()/array3_size()/struct_size() to compute the same size.

Signed-off-by: Denis Efremov <efremov@linux.com>
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
coccinelle: api/kstrdup: fix coccinelle position 2020-08-04T20:46:58+00:00 Denis Efremov efremov@linux.com 2020-06-19T13:23:07+00:00 2fbecb7dfefdbe8250a86f92bb81d87deebc0488 There is a typo in rule r2. Position p1 should be attached to kzalloc() call. Fixes: 29a36d4dec6c ("scripts/coccinelle: improve the coverage of some semantic patches") Signed-off-by: Denis Efremov <efremov@linux.com> Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr> 
There is a typo in rule r2. Position p1 should be attached to kzalloc()
call.

Fixes: 29a36d4dec6c ("scripts/coccinelle: improve the coverage of some semantic patches")
Signed-off-by: Denis Efremov <efremov@linux.com>
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
coccinelle: api: add device_attr_show script 2020-08-04T20:46:58+00:00 Denis Efremov efremov@linux.com 2020-06-15T13:02:42+00:00 abfc19ff202d287742483e15fd478ddd6ada2187 According to the documentation[1] show() methods of device attributes should return the number of bytes printed into the buffer. This is the return value of scnprintf(). show() must not use snprintf() when formatting the value to be returned to user space. snprintf() returns the length the resulting string would be, assuming it all fit into the destination array[2]. scnprintf() return the length of the string actually created in buf. If one can guarantee that an overflow will never happen sprintf() can be used otherwise scnprintf(). [1] Documentation/filesystems/sysfs.txt [2] "snprintf() confusion" https://lwn.net/Articles/69419/ Signed-off-by: Denis Efremov <efremov@linux.com> Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr> 
According to the documentation[1] show() methods of device attributes
should return the number of bytes printed into the buffer. This is
the return value of scnprintf(). show() must not use snprintf()
when formatting the value to be returned to user space. snprintf()
returns the length the resulting string would be, assuming it all
fit into the destination array[2]. scnprintf() return the length of
the string actually created in buf. If one can guarantee that an
overflow will never happen sprintf() can be used otherwise scnprintf().

[1] Documentation/filesystems/sysfs.txt
[2] "snprintf() confusion" https://lwn.net/Articles/69419/

Signed-off-by: Denis Efremov <efremov@linux.com>
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
scripts: add dummy report mode to add_namespace.cocci 2020-07-10T12:19:58+00:00 Matthias Maennich maennich@google.com 2020-06-04T16:41:45+00:00 55c7549819e438f40a3ef1d8ac5c38b73390bcb7 When running `make coccicheck` in report mode using the add_namespace.cocci file, it will fail for files that contain MODULE_LICENSE. Those match the replacement precondition, but spatch errors out as virtual.ns is not set. In order to fix that, add the virtual rule nsdeps and only do search and replace if that rule has been explicitly requested. In order to make spatch happy in report mode, we also need a dummy rule, as otherwise it errors out with "No rules apply". Using a script:python rule appears unrelated and odd, but this is the shortest I could come up with. Adjust scripts/nsdeps accordingly to set the nsdeps rule when run trough `make nsdeps`. Suggested-by: Julia Lawall <julia.lawall@inria.fr> Fixes: c7c4e29fb5a4 ("scripts: add_namespace: Fix coccicheck failed") Cc: YueHaibing <yuehaibing@huawei.com> Cc: jeyu@kernel.org Cc: cocci@systeme.lip6.fr Cc: stable@vger.kernel.org Signed-off-by: Matthias Maennich <maennich@google.com> Reported-by: Shuah Khan <skhan@linuxfoundation.org> Acked-by: Julia Lawall <julia.lawall@inria.fr> Link: https://lore.kernel.org/r/20200604164145.173925-1-maennich@google.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
When running `make coccicheck` in report mode using the
add_namespace.cocci file, it will fail for files that contain
MODULE_LICENSE. Those match the replacement precondition, but spatch
errors out as virtual.ns is not set.

In order to fix that, add the virtual rule nsdeps and only do search and
replace if that rule has been explicitly requested.

In order to make spatch happy in report mode, we also need a dummy rule,
as otherwise it errors out with "No rules apply". Using a script:python
rule appears unrelated and odd, but this is the shortest I could come up
with.

Adjust scripts/nsdeps accordingly to set the nsdeps rule when run trough
`make nsdeps`.

Suggested-by: Julia Lawall <julia.lawall@inria.fr>
Fixes: c7c4e29fb5a4 ("scripts: add_namespace: Fix coccicheck failed")
Cc: YueHaibing <yuehaibing@huawei.com>
Cc: jeyu@kernel.org
Cc: cocci@systeme.lip6.fr
Cc: stable@vger.kernel.org
Signed-off-by: Matthias Maennich <maennich@google.com>
Reported-by: Shuah Khan <skhan@linuxfoundation.org>
Acked-by: Julia Lawall <julia.lawall@inria.fr>
Link: https://lore.kernel.org/r/20200604164145.173925-1-maennich@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>