From 98d7eea68d50a354750accccca68ebb15102839a Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Mon, 16 Feb 2015 13:33:16 +0300 Subject: [PATCH] param_cleared, rosenberg: add underscored memset/cpy/zero() functions On my kernel config we are only using the underscored versions of these functions. These weren't handled before so it leads to a lot of false positive "information leak" warnings. It's not clear to me why some of these are in a separate data file and some are hard coded in the .c file. Oh well... Signed-off-by: Dan Carpenter --- check_rosenberg.c | 5 ++++- smatch_data/kernel.clears_argument | 1 + smatch_param_cleared.c | 5 ++++- smatch_struct_assignment.c | 3 +++ 4 files changed, 12 insertions(+), 2 deletions(-) diff --git a/check_rosenberg.c b/check_rosenberg.c index 5bcf85f4..cac166fa 100644 --- a/check_rosenberg.c +++ b/check_rosenberg.c @@ -355,8 +355,11 @@ void check_rosenberg(int id) add_function_hook("memset", &match_clear, INT_PTR(0)); add_function_hook("memcpy", &match_clear, INT_PTR(0)); - add_function_hook("__memzero", &match_clear, INT_PTR(0)); add_function_hook("memzero", &match_clear, INT_PTR(0)); + add_function_hook("__memset", &match_clear, INT_PTR(0)); + add_function_hook("__memcpy", &match_clear, INT_PTR(0)); + add_function_hook("__memzero", &match_clear, INT_PTR(0)); + add_hook(&match_assign, ASSIGNMENT_HOOK); register_clears_argument(); select_return_states_hook(PARAM_CLEARED, &db_param_cleared); diff --git a/smatch_data/kernel.clears_argument b/smatch_data/kernel.clears_argument index 55915092..53cef71c 100644 --- a/smatch_data/kernel.clears_argument +++ b/smatch_data/kernel.clears_argument @@ -1,4 +1,5 @@ copy_from_user 0 +__copy_from_user 0 loop_get_status 1 loop_info64_to_old 1 ib_copy_qp_attr_to_user 0 diff --git a/smatch_param_cleared.c b/smatch_param_cleared.c index f35f7535..29763a69 100644 --- a/smatch_param_cleared.c +++ b/smatch_param_cleared.c @@ -171,11 +171,14 @@ void register_param_cleared(int id) my_id = id; add_function_hook("memset", &match_memset, INT_PTR(0)); - add_function_hook("__memzero", &match_memset, INT_PTR(0)); add_function_hook("memzero", &match_memset, INT_PTR(0)); + add_function_hook("__memset", &match_memset, INT_PTR(0)); + add_function_hook("__memzero", &match_memset, INT_PTR(0)); add_function_hook("memcpy", &match_memcpy, INT_PTR(0)); add_function_hook("memmove", &match_memcpy, INT_PTR(0)); + add_function_hook("__memcpy", &match_memcpy, INT_PTR(0)); + add_function_hook("__memmove", &match_memcpy, INT_PTR(0)); add_function_hook("strcpy", &match_memcpy, INT_PTR(0)); add_function_hook("strncpy", &match_memcpy, INT_PTR(0)); add_function_hook("sprintf", &match_memcpy, INT_PTR(0)); diff --git a/smatch_struct_assignment.c b/smatch_struct_assignment.c index 665fbf11..841482f5 100644 --- a/smatch_struct_assignment.c +++ b/smatch_struct_assignment.c @@ -323,9 +323,12 @@ static void db_param_cleared(struct expression *expr, int param, char *key, char void register_struct_assignment(int id) { add_function_hook("memset", &match_memset, NULL); + add_function_hook("__memset", &match_memset, NULL); add_function_hook("memcpy", &match_memcpy, INT_PTR(0)); add_function_hook("memmove", &match_memcpy, INT_PTR(0)); + add_function_hook("__memcpy", &match_memcpy, INT_PTR(0)); + add_function_hook("__memmove", &match_memcpy, INT_PTR(0)); register_clears_param(); select_return_states_hook(PARAM_CLEARED, &db_param_cleared); -- 2.11.4.GIT