2 * smatch/check_return_efault.c
4 * Copyright (C) 2010 Dan Carpenter.
6 * Licensed under the Open Software License version 1.1
11 * This tries to find places which should probably return -EFAULT
12 * but return the number of bytes to copy instead.
16 #include "smatch_slist.h"
17 #include "smatch_extra.h"
24 static void ok_to_use(const char *name
, struct symbol
*sym
, struct expression
*expr
, void *unused
)
26 set_state(my_id
, name
, sym
, &ok
);
29 static void match_copy(const char *fn
, struct expression
*expr
, void *unused
)
31 struct expression
*call
;
32 struct expression
*arg
;
35 if (expr
->op
== SPECIAL_SUB_ASSIGN
)
37 set_state_expr(my_id
, expr
->left
, &remaining
);
39 call
= strip_expr(expr
->right
);
40 if (call
->type
!= EXPR_CALL
)
42 arg
= get_argument_from_call_expr(call
->args
, 2);
43 if (!get_absolute_max(arg
, &max
))
44 max
= whole_range
.max
;
45 set_extra_expr_mod(expr
->left
, alloc_extra_state_range(0, max
));
49 static void match_condition(struct expression
*expr
)
51 if (!get_state_expr(my_id
, expr
))
53 /* If the variable is zero that's ok */
54 set_true_false_states_expr(my_id
, expr
, NULL
, &ok
);
58 * This function is biased in favour of print out errors.
59 * The heuristic to print is:
60 * If we have a potentially positive return from copy_to_user
61 * and there is a possibility that we return negative as well
64 static void match_return(struct expression
*ret_value
)
66 struct smatch_state
*state
;
70 sm
= get_sm_state_expr(my_id
, ret_value
);
73 if (!slist_has_state(sm
->possible
, &remaining
))
75 state
= get_state_expr(SMATCH_EXTRA
, ret_value
);
78 if (!get_absolute_min(ret_value
, &min
))
82 sm_msg("warn: maybe return -EFAULT instead of the bytes remaining?");
85 void check_return_efault(int id
)
87 if (option_project
!= PROJ_KERNEL
)
91 add_function_assign_hook("copy_to_user", &match_copy
, NULL
);
92 add_function_assign_hook("__copy_to_user", &match_copy
, NULL
);
93 add_function_assign_hook("copy_from_user", &match_copy
, NULL
);
94 add_function_assign_hook("__copy_from_user", &match_copy
, NULL
);
95 add_function_assign_hook("clear_user", &match_copy
, NULL
);
96 add_hook(&match_condition
, CONDITION_HOOK
);
97 add_hook(&match_return
, RETURN_HOOK
);
98 set_default_modification_hook(my_id
, ok_to_use
);