From caf2e8a842d82b5b5152b455209c53837461bc15 Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Fri, 14 Jun 2013 10:44:43 +0300 Subject: [PATCH] kernel: move stuff from check_kernel.c to db/fixup_kernel.sh The good this about this is that it saves the comparison as well as setting the return value. Signed-off-by: Dan Carpenter --- check_kernel.c | 17 ----------------- smatch_data/db/fixup_kernel.sh | 12 ++++++++++++ 2 files changed, 12 insertions(+), 17 deletions(-) diff --git a/check_kernel.c b/check_kernel.c index b5ba69f2..e5620259 100644 --- a/check_kernel.c +++ b/check_kernel.c @@ -25,17 +25,6 @@ static int implied_err_cast_return(struct expression *call, void *unused, struct return 1; } -static int implied_copy_return(struct expression *call, void *unused, struct range_list **rl) -{ - struct expression *arg; - sval_t max; - - arg = get_argument_from_call_expr(call->args, 2); - get_absolute_max(arg, &max); - *rl = alloc_rl(ll_to_sval(0), max); - return 1; -} - static void match_param_valid_ptr(const char *fn, struct expression *call_expr, struct expression *assign_expr, void *_param) { @@ -248,12 +237,6 @@ void check_kernel(int id) add_macro_assign_hook_extra("container_of", &match_container_of_macro, NULL); add_hook(match_container_of, ASSIGNMENT_HOOK); - add_implied_return_hook("copy_to_user", &implied_copy_return, NULL); - add_implied_return_hook("__copy_to_user", &implied_copy_return, NULL); - add_implied_return_hook("copy_from_user", &implied_copy_return, NULL); - add_implied_return_hook("__copy_fom_user", &implied_copy_return, NULL); - add_implied_return_hook("clear_user", &implied_copy_return, NULL); - add_implied_return_hook("find_next_bit", &match_next_bit, NULL); add_implied_return_hook("find_next_zero_bit", &match_next_bit, NULL); add_implied_return_hook("find_first_bit", &match_next_bit, NULL); diff --git a/smatch_data/db/fixup_kernel.sh b/smatch_data/db/fixup_kernel.sh index 3a8aaf6b..520a7979 100755 --- a/smatch_data/db/fixup_kernel.sh +++ b/smatch_data/db/fixup_kernel.sh @@ -29,6 +29,13 @@ insert into return_states values ('faked', 'rw_verify_area', 0, 1, '0-1000000', insert into return_states values ('faked', 'rw_verify_area', 0, 1, '0-1000000', 0, 11, 3, '\$\$', '0-1000000'); insert into return_states values ('faked', 'rw_verify_area', 0, 2, '(-4095)-(-1)', 0, 0, -1, '', ''); +update return_states set return = '0-u32max[<=p2]' where function = 'copy_to_user'; +update return_states set return = '0-u32max[<=p2]' where function = '_copy_to_user'; +update return_states set return = '0-u32max[<=p2]' where function = '__copy_to_user'; +update return_states set return = '0-u32max[<=p2]' where function = 'copy_from_user'; +update return_states set return = '0-u32max[<=p2]' where function = '_copy_from_user'; +update return_states set return = '0-u32max[<=p2]' where function = '__copy_from_user'; + EOF call_id=$(echo "select distinct call_id from caller_info where function = '__kernel_write';" | sqlite3 smatch_db.sqlite) @@ -36,3 +43,8 @@ for id in $call_id ; do echo "insert into caller_info values ('fake', '', '__kernel_write', $id, 0, 1, 3, '*\$\$', '0-1000000');" | sqlite3 smatch_db.sqlite done +for i in $(echo "select distinct return from return_states where function = 'clear_user';" | sqlite3 smatch_db.sqlite ) ; do + echo "update return_states set return = \"$i[<=p1]\" where return = \"$i\" and function = 'clear_user';" | sqlite3 smatch_db.sqlite +done + + -- 2.11.4.GIT