Re: [Cocci] [PATCH] coccicheck: add a test for repeat copy_from_user

From: Kees Cook
Date: Mon Jan 09 2017 - 17:02:25 EST


On Mon, Jan 9, 2017 at 12:56 PM, Kees Cook <keescook@xxxxxxxxxxxx> wrote:
> On Mon, Jan 9, 2017 at 11:08 AM, Julia Lawall <julia.lawall@xxxxxxx> wrote:
>>
>> On Mon, 9 Jan 2017, Vaishali Thakkar wrote:
>>
>>> Here, may be we should add few more lines from Pengfei's
>>> script to avoid th potential FPs.
>>
>> Which lines (I don't have it handy)?
>
> I'm going to compare
> https://github.com/wpengfei/double_fetch_cocci/blob/master/pattern_match_linux.cocci
> to my original one, add your improvements and see what I get...

Okay, I finally had time to look at this. Pengfei added two other
logical cases that should be checked for, IIUC:

1) destination alias checking (with assignment either before or after
the first copy_from_user):

struct thing object;
struct thing *pointer = &object;

copy_from_user(..., &object);
...
copy_from_user(..., pointer);

2) field writes (via . or ->, instead of short writes):

struct thing object;

copy_from_user(..., &object.field);
...
copy_from_user(..., &object);


It'd probably better to convert Pengfei's into being able to run under
the coccicheck target.

-Kees

--
Kees Cook
Nexus Security