check_return_efault.c

   1 /*
   2  * smatch/check_return_efault.c
   3  *
   4  * Copyright (C) 2010 Dan Carpenter.
   5  *
   6  * Licensed under the Open Software License version 1.1
   7  *
   8  */
   9
  10 /*
  11  * This tries to find places which should probably return -EFAULT
  12  * but return the number of bytes to copy instead.
  13  */
  14
  15 #include "smatch.h"
  16 #include "smatch_slist.h"
  17 #include "smatch_extra.h"
  18
  19 static int my_id;
  20
  21 STATE(remaining);
  22 STATE(ok);
  23
  24 static void ok_to_use(struct sm_state *sm)
  25 {
  26         if (sm->state != &ok)
  27                 set_state(my_id, sm->name, sm->sym, &ok);
  28 }
  29
  30 static void match_copy(const char *fn, struct expression *expr, void *unused)
  31 {
  32         if (expr->op == SPECIAL_SUB_ASSIGN)
  33                 return;
  34         set_state_expr(my_id, expr->left, &remaining);
  35 }
  36
  37 static void match_condition(struct expression *expr)
  38 {
  39         if (!get_state_expr(my_id, expr))
  40                 return;
  41         /* If the variable is zero that's ok */
  42         set_true_false_states_expr(my_id, expr, NULL, &ok);
  43 }
  44
  45 /*
  46  * This function is biased in favour of print out errors.
  47  * The heuristic to print is:
  48  *    If we have a potentially positive return from copy_to_user
  49  *    and there is a possibility that we return negative as well
  50  *    then complain.
  51  */
  52 static void match_return(struct expression *ret_value)
  53 {
  54         struct smatch_state *state;
  55         struct sm_state *sm;
  56         sval_t min;
  57
  58         sm = get_sm_state_expr(my_id, ret_value);
  59         if (!sm)
  60                 return;
  61         if (!slist_has_state(sm->possible, &remaining))
  62                 return;
  63         state = get_state_expr(SMATCH_EXTRA, ret_value);
  64         if (!state)
  65                 return;
  66         if (!get_absolute_min(ret_value, &min))
  67                 return;
  68         if (min.value == 0)
  69                 return;
  70         sm_msg("warn: maybe return -EFAULT instead of the bytes remaining?");
  71 }
  72
  73 void check_return_efault(int id)
  74 {
  75         if (option_project != PROJ_KERNEL)
  76                 return;
  77
  78         my_id = id;
  79         add_function_assign_hook("copy_to_user", &match_copy, NULL);
  80         add_function_assign_hook("__copy_to_user", &match_copy, NULL);
  81         add_function_assign_hook("copy_from_user", &match_copy, NULL);
  82         add_function_assign_hook("__copy_from_user", &match_copy, NULL);
  83         add_function_assign_hook("clear_user", &match_copy, NULL);
  84         add_hook(&match_condition, CONDITION_HOOK);
  85         add_hook(&match_return, RETURN_HOOK);
  86         add_modification_hook(my_id, &ok_to_use);
  87 }