2 * sparse/check_err_ptr_deref.c
4 * Copyright (C) 2009 Dan Carpenter.
6 * Licensed under the Open Software License version 1.1
11 #include "smatch_slist.h"
12 #include "smatch_extra.h"
19 static void ok_to_use(const char *name
, struct symbol
*sym
, struct expression
*expr
, void *unused
)
21 set_state(my_id
, name
, sym
, &checked
);
24 static void check_is_err_ptr(struct sm_state
*sm
)
29 if (slist_has_state(sm
->possible
, &err_ptr
)) {
30 sm_msg("error: '%s' dereferencing possible ERR_PTR()",
32 set_state(my_id
, sm
->name
, sm
->sym
, &checked
);
36 static void match_returns_err_ptr(const char *fn
, struct expression
*expr
,
39 set_state_expr(my_id
, expr
->left
, &err_ptr
);
43 static void match_checked(const char *fn
, struct expression
*call_expr
,
44 struct expression
*assign_expr
, void *unused
)
46 struct expression
*arg
;
48 arg
= get_argument_from_call_expr(call_expr
->args
, 0);
49 arg
= strip_expr(arg
);
50 while (arg
->type
== EXPR_ASSIGNMENT
)
51 arg
= strip_expr(arg
->left
);
52 set_state_expr(my_id
, arg
, &checked
);
55 static void match_err(const char *fn
, struct expression
*call_expr
,
56 struct expression
*assign_expr
, void *unused
)
58 struct expression
*arg
;
60 arg
= get_argument_from_call_expr(call_expr
->args
, 0);
61 arg
= strip_expr(arg
);
62 while (arg
->type
== EXPR_ASSIGNMENT
)
63 arg
= strip_expr(arg
->left
);
64 set_state_expr(my_id
, arg
, &err_ptr
);
67 static void match_dereferences(struct expression
*expr
)
71 if (expr
->type
!= EXPR_PREOP
)
73 expr
= strip_expr(expr
->unop
);
75 sm
= get_sm_state_expr(my_id
, expr
);
79 static void match_condition(struct expression
*expr
)
81 if (expr
->type
== EXPR_ASSIGNMENT
) {
82 match_condition(expr
->right
);
83 match_condition(expr
->left
);
85 if (!get_state_expr(my_id
, expr
))
87 /* If we know the variable is zero that means it's not an ERR_PTR */
88 set_true_false_states_expr(my_id
, expr
, NULL
, &checked
);
91 static void register_err_ptr_funcs(void)
96 token
= get_tokens_file("kernel.returns_err_ptr");
99 if (token_type(token
) != TOKEN_STREAMBEGIN
)
102 while (token_type(token
) != TOKEN_STREAMEND
) {
103 if (token_type(token
) != TOKEN_IDENT
)
105 func
= show_ident(token
->ident
);
106 add_function_assign_hook(func
, &match_returns_err_ptr
, NULL
);
112 static void match_err_ptr(const char *fn
, struct expression
*expr
, void *unused
)
114 struct expression
*arg
;
116 struct sm_state
*tmp
;
119 long long min
= whole_range
.max
;
120 long long max
= whole_range
.min
;
122 arg
= get_argument_from_call_expr(expr
->args
, 0);
123 sm
= get_sm_state_expr(SMATCH_EXTRA
, arg
);
126 FOR_EACH_PTR(sm
->possible
, tmp
) {
127 tmp_min
= get_dinfo_min(get_dinfo(tmp
->state
));
128 if (tmp_min
!= whole_range
.min
&& tmp_min
< min
)
130 tmp_max
= get_dinfo_max(get_dinfo(tmp
->state
));
131 if (tmp_max
!= whole_range
.max
&& tmp_max
> max
)
133 } END_FOR_EACH_PTR(tmp
);
135 sm_msg("error: %lld too low for ERR_PTR", min
);
137 sm_msg("error: passing non neg %lld to ERR_PTR", max
);
140 static void match_ptr_err(const char *fn
, struct expression
*expr
, void *unused
)
142 struct expression
*arg
;
143 struct expression
*right
;
145 right
= strip_expr(expr
->right
);
146 arg
= get_argument_from_call_expr(right
->args
, 0);
147 if (get_state_expr(my_id
, arg
) == &err_ptr
) {
148 set_extra_expr_mod(expr
->left
, alloc_extra_state_range(-4095, -1));
152 void check_err_ptr_deref(int id
)
154 if (option_project
!= PROJ_KERNEL
)
158 return_implies_state("IS_ERR", 0, 0, &match_checked
, NULL
);
159 return_implies_state("IS_ERR", 1, 1, &match_err
, NULL
);
160 return_implies_state("IS_ERR_OR_NULL", 0, 0, &match_checked
, NULL
);
161 return_implies_state("IS_ERR_OR_NULL", 1, 1, &match_err
, NULL
);
162 return_implies_state("PTR_RET", 0, 0, &match_checked
, NULL
);
163 return_implies_state("PTR_RET", -4096, -1, &match_err
, NULL
);
164 register_err_ptr_funcs();
165 add_hook(&match_dereferences
, DEREF_HOOK
);
166 add_function_hook("ERR_PTR", &match_err_ptr
, NULL
);
167 add_function_assign_hook("PTR_ERR", &match_ptr_err
, NULL
);
168 add_hook(&match_condition
, CONDITION_HOOK
);
169 set_default_modification_hook(my_id
, ok_to_use
);