check_param_values.c

   1 /*
   2  * sparse/check_param_values.c
   3  *
   4  * Copyright (C) 2010 Dan Carpenter.
   5  *
   6  * Licensed under the Open Software License version 1.1
   7  *
   8  */
   9
  10 /*
  11  *
  12  *
  13  */
  14
  15 #include "smatch.h"
  16
  17 static int my_id;
  18
  19 STATE(user_data);
  20
  21 static void match_assign(struct expression *expr)
  22 {
  23         char *name;
  24
  25         name = get_macro_name(&expr->pos);
  26         if (!name || strcmp(name, "get_user") != 0)
  27                 return;
  28         name = get_variable_from_expr(expr->right, NULL);
  29         if (!name || strcmp(name, "__val_gu") != 0)
  30                 goto free;
  31         set_state_expr(my_id, expr->left, &user_data);
  32 free:
  33         free_string(name);
  34 }
  35
  36 static void match_user_copy(const char *fn, struct expression *expr, void *_param)
  37 {
  38         int param = PTR_INT(_param);
  39         struct expression *dest;
  40
  41         dest = get_argument_from_call_expr(expr->args, param);
  42         dest = strip_expr(dest);
  43         if (!dest)
  44                 return;
  45         /* the first thing I tested this on pass &foo to a function */
  46         set_state_expr(my_id, dest, &user_data);
  47         if (dest->type == EXPR_PREOP && dest->op == '&') {
  48                 /* but normally I'd think it would pass the actual variable */
  49                 dest = dest->unop;
  50                 set_state_expr(my_id, dest, &user_data);
  51         }
  52 }
  53
  54 static void match_call(struct expression *expr)
  55 {
  56         struct expression *tmp;
  57         char *func;
  58         int i;
  59
  60         if (expr->fn->type != EXPR_SYMBOL)
  61                 return;
  62
  63         func = expr->fn->symbol_name->name;
  64
  65         i = 0;
  66         FOR_EACH_PTR(expr->args, tmp) {
  67                 tmp = strip_expr(tmp);
  68                 if (get_state_expr(my_id, tmp) != &user_data) {
  69                         i++;
  70                         continue;
  71                 }
  72                 sm_msg("info: user_data %s %d", func, i);
  73                 i++;
  74         } END_FOR_EACH_PTR(tmp);
  75 }
  76
  77 void check_param_values(int id)
  78 {
  79         if (!option_info)
  80                 return;
  81         if (option_project != PROJ_KERNEL)
  82                 return;
  83         my_id = id;
  84         add_hook(&match_call, FUNCTION_CALL_HOOK);
  85         add_hook(&match_assign, ASSIGNMENT_HOOK);
  86         add_function_hook("copy_from_user", &match_user_copy, INT_PTR(0));
  87         add_function_hook("__copy_from_user", &match_user_copy, INT_PTR(0));
  88         add_function_hook("memcpy_fromiovec", &match_user_copy, INT_PTR(0));
  89         // memdup_user()
  90 }