From patchwork Tue Nov 18 10:50:03 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Konstantin Khlebnikov X-Patchwork-Id: 5327931 Return-Path: X-Original-To: patchwork-linux-crypto@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork2.web.kernel.org (Postfix) with ESMTP id 94462C11AC for ; Tue, 18 Nov 2014 11:50:34 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id D1F2520136 for ; Tue, 18 Nov 2014 11:50:33 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id F0E6F200D9 for ; Tue, 18 Nov 2014 11:50:32 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753266AbaKRLuI (ORCPT ); Tue, 18 Nov 2014 06:50:08 -0500 Received: from mailout4.w1.samsung.com ([210.118.77.14]:16287 "EHLO mailout4.w1.samsung.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751699AbaKRLuH (ORCPT ); Tue, 18 Nov 2014 06:50:07 -0500 Received: from eucpsbgm1.samsung.com (unknown [203.254.199.244]) by mailout4.w1.samsung.com (Oracle Communications Messaging Server 7u4-24.01(7.0.4.24.0) 64bit (built Nov 17 2011)) with ESMTP id <0NF800ASKH01FO70@mailout4.w1.samsung.com>; Tue, 18 Nov 2014 11:52:49 +0000 (GMT) X-AuditID: cbfec7f4-b7f6c6d00000120b-71-546b326b2fbd Received: from eusync1.samsung.com ( [203.254.199.211]) by eucpsbgm1.samsung.com (EUCPMTA) with SMTP id 23.19.04619.B623B645; Tue, 18 Nov 2014 11:50:03 +0000 (GMT) Received: from localhost ([106.109.129.38]) by eusync1.samsung.com (Oracle Communications Messaging Server 7u4-23.01 (7.0.4.23.0) 64bit (built Aug 10 2011)) with ESMTPA id <0NF800A0CGVFA9B0@eusync1.samsung.com>; Tue, 18 Nov 2014 11:50:03 +0000 (GMT) Subject: [PATCH 1/2 v2] scripts/coccinelle: catch freeing cryptographic structures via kfree From: Konstantin Khlebnikov To: kexec@lists.infradead.org, linux-kernel@vger.kernel.org, Eric Biederman Cc: Michal Marek , Herbert Xu , Gilles Muller , Nicolas Palix , Julia Lawall , linux-crypto@vger.kernel.org, "David S. Miller" Date: Tue, 18 Nov 2014 14:50:03 +0400 Message-id: <20141118114920.13498.73584.stgit@buzz> In-reply-to: <20141117151420.10739.16342.stgit@buzz> References: <20141117151420.10739.16342.stgit@buzz> User-Agent: StGit/0.17.1-dirty MIME-version: 1.0 Content-type: text/plain; charset=utf-8 Content-transfer-encoding: 7bit X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrPLMWRmVeSWpSXmKPExsVy+t/xy7rZRtkhBvu+W1jMOd/CYvF/Wwu7 xeyfl5gsul/JWCx7cJrR4sfOXlaL3ae/Mlncv/eTyeLyrjlsFi37LjBZHHu5nMmB22PLyptM HtsOqHocO9bK7LF3S5bH5iX1Hn1bVjF6nFlwhN3j8yY5jymH2lkCOKO4bFJSczLLUov07RK4 Mub8PcFacJavYsbc54wNjFN5uhg5OSQETCTuL1jGCmGLSVy4t54NxBYSWMoo0bbHvIuRC8hu ZJL4fO43WJGwQJxE25eDYDabgJnEtn23GUFsEYFUiQWLjjCDNDALdDNJrHr1ggkkwSKgKjHr 3WT2LkYODl4BY4n252C9nECLu2dtZYVYZiyxp2sLmC0qICex8nILmM0rICjxY/I9FpBWZgF1 iSlTckHCzALyEpvXvGWewCgwC0nVLISqWUiqFjAyr2IUTS1NLihOSs811CtOzC0uzUvXS87P 3cQIiZQvOxgXH7M6xCjAwajEw9uwMStEiDWxrLgy9xCjBAezkgjvuW6gEG9KYmVValF+fFFp TmrxIUYmDk6pBsbmW963ty1/WWs8i32zrnzdlqub16xTu1Um88rlguK9Kw2BVV8D9hSHzf00 209CnNH1jOl3RS/f5lVHMiM/msjY/9BbH/CLLU2mtqu+uepnwnazVWpBt37N+HY4VcKmf69X vA1vpOaTvXrv097+fWzwYarC+ucbJtUt/6Q9q1Xg6/qAm8nXT89QYinOSDTUYi4qTgQAmP5p SXICAAA= Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, T_RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Structures allocated by crypto_alloc_* must be freed using crypto_free_*. Signed-off-by: Konstantin Khlebnikov --- scripts/coccinelle/free/crypto_free.cocci | 64 +++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 scripts/coccinelle/free/crypto_free.cocci -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/scripts/coccinelle/free/crypto_free.cocci b/scripts/coccinelle/free/crypto_free.cocci new file mode 100644 index 0000000..a717070 --- /dev/null +++ b/scripts/coccinelle/free/crypto_free.cocci @@ -0,0 +1,64 @@ +/// +/// Structures allocated by crypto_alloc_* must be freed using crypto_free_*. +/// This finds freeing them by kfree. +/// +// Confidence: Moderate +// Copyright: (C) 2014 Konstantin Khlebnikov, GPLv2. +// Comments: There are false positives in crypto/ where they are actually freed. +// Keywords: crypto, kfree +// Options: --no-includes --include-headers + +virtual org +virtual report +virtual context + +@r depends on context || org || report@ +expression x; +@@ + +( + x = crypto_alloc_base(...) +| + x = crypto_alloc_cipher(...) +| + x = crypto_alloc_ablkcipher(...) +| + x = crypto_alloc_aead(...) +| + x = crypto_alloc_instance(...) +| + x = crypto_alloc_instance2(...) +| + x = crypto_alloc_comp(...) +| + x = crypto_alloc_pcomp(...) +| + x = crypto_alloc_hash(...) +| + x = crypto_alloc_ahash(...) +| + x = crypto_alloc_shash(...) +| + x = crypto_alloc_rng(...) +) + +@pb@ +expression r.x; +position p; +@@ + +* kfree@p(x) + +@script:python depends on org@ +p << pb.p; +@@ + +msg="WARNING: invalid free of crypto_alloc_* allocated data" +coccilib.org.print_todo(p[0], msg) + +@script:python depends on report@ +p << pb.p; +@@ + +msg="WARNING: invalid free of crypto_alloc_* allocated data" +coccilib.report.print_report(p[0], msg)