From: Kees Cook <keescook@chromium.org>
To: linux-kernel@vger.kernel.org
Cc: Vaishali Thakkar <vaishali.thakkar@oracle.com>,
Thomas Gleixner <tglx@linutronix.de>,
Christoph Hellwig <hch@infradead.org>,
Julia Lawall <Julia.Lawall@lip6.fr>,
Gilles Muller <Gilles.Muller@lip6.fr>,
Nicolas Palix <nicolas.palix@imag.fr>,
Michal Marek <mmarek@suse.com>,
cocci@systeme.lip6.fr
Subject: [PATCH] coccinelle: Improve setup_timer.cocci matching
Date: Tue, 22 Aug 2017 16:54:00 -0700 [thread overview]
Message-ID: <20170822235400.GA92944@beast> (raw)
This improves the patch mode of setup_timer.cocci. Several patterns were
missing:
- assignments-before-init_timer() cases
- limiting the .data case removal to the struct timer_list instance
- handling calls by dereference (timer->field vs timer.field)
Running this on the current kernel tree produces a large diff that I
would like to get applied as the first step in removing the .data
field from struct timer_list:
208 files changed, 367 insertions(+), 757 deletions(-)
Signed-off-by: Kees Cook <keescook@chromium.org>
---
scripts/coccinelle/api/setup_timer.cocci | 129 +++++++++++++++++++++++++------
1 file changed, 105 insertions(+), 24 deletions(-)
diff --git a/scripts/coccinelle/api/setup_timer.cocci b/scripts/coccinelle/api/setup_timer.cocci
index eb6bd9e4ab1a..bc6bd8f0b4bf 100644
--- a/scripts/coccinelle/api/setup_timer.cocci
+++ b/scripts/coccinelle/api/setup_timer.cocci
@@ -2,6 +2,7 @@
/// and data fields
// Confidence: High
// Copyright: (C) 2016 Vaishali Thakkar, Oracle. GPLv2
+// Copyright: (C) 2017 Kees Cook, Google. GPLv2
// Options: --no-includes --include-headers
// Keywords: init_timer, setup_timer
@@ -10,60 +11,123 @@ virtual context
virtual org
virtual report
+// Match the common cases first to avoid Coccinelle parsing loops with
+// "... when" clauses.
+
@match_immediate_function_data_after_init_timer
depends on patch && !context && !org && !report@
expression e, func, da;
@@
--init_timer (&e);
-+setup_timer (&e, func, da);
+-init_timer
++setup_timer
+ ( \(&e\|e\)
++, func, da
+ );
+(
+-\(e.function\|e->function\) = func;
+-\(e.data\|e->data\) = da;
+|
+-\(e.function\|e->function\) = func;
+-\(e.data\|e->data\) = da;
+)
+
+@match_immediate_function_data_before_init_timer
+depends on patch && !context && !org && !report@
+expression e, func, da;
+@@
(
+-\(e.function\|e->function\) = func;
+-\(e.data\|e->data\) = da;
+|
+-\(e.function\|e->function\) = func;
+-\(e.data\|e->data\) = da;
+)
+-init_timer
++setup_timer
+ ( \(&e\|e\)
++, func, da
+ );
+
+@match_function_and_data_after_init_timer
+depends on patch && !context && !org && !report@
+expression e, e2, e3, e4, e5, func, da;
+@@
+
+-init_timer
++setup_timer
+ ( \(&e\|e\)
++, func, da
+ );
+ ... when != func = e2
+ when != da = e3
+(
-e.function = func;
+... when != da = e4
-e.data = da;
|
+-e->function = func;
+... when != da = e4
+-e->data = da;
+|
-e.data = da;
+... when != func = e5
-e.function = func;
+|
+-e->data = da;
+... when != func = e5
+-e->function = func;
)
-@match_function_and_data_after_init_timer
+@match_function_and_data_before_init_timer
depends on patch && !context && !org && !report@
-expression e1, e2, e3, e4, e5, a, b;
+expression e, e2, e3, e4, e5, func, da;
@@
-
--init_timer (&e1);
-+setup_timer (&e1, a, b);
-
-... when != a = e2
- when != b = e3
(
--e1.function = a;
-... when != b = e4
--e1.data = b;
+-e.function = func;
+... when != da = e4
+-e.data = da;
|
--e1.data = b;
-... when != a = e5
--e1.function = a;
+-e->function = func;
+... when != da = e4
+-e->data = da;
+|
+-e.data = da;
+... when != func = e5
+-e.function = func;
+|
+-e->data = da;
+... when != func = e5
+-e->function = func;
)
+... when != func = e2
+ when != da = e3
+-init_timer
++setup_timer
+ ( \(&e\|e\)
++, func, da
+ );
@r1 exists@
+expression t;
identifier f;
position p;
@@
f(...) { ... when any
- init_timer@p(...)
+ init_timer@p(\(&t\|t\))
... when any
}
@r2 exists@
+expression r1.t;
identifier g != r1.f;
-struct timer_list t;
expression e8;
@@
g(...) { ... when any
- t.data = e8
+ \(t.data\|t->data\) = e8
... when any
}
@@ -77,14 +141,31 @@ p << r1.p;
cocci.include_match(False)
@r3 depends on patch && !context && !org && !report@
-expression e6, e7, c;
+expression r1.t, func, e7;
position r1.p;
@@
--init_timer@p (&e6);
-+setup_timer (&e6, c, 0UL);
-... when != c = e7
--e6.function = c;
+(
+-init_timer@p(&t);
++setup_timer(&t, func, 0UL);
+... when != func = e7
+-t.function = func;
+|
+-t.function = func;
+... when != func = e7
+-init_timer@p(&t);
++setup_timer(&t, func, 0UL);
+|
+-init_timer@p(t);
++setup_timer(t, func, 0UL);
+... when != func = e7
+-t->function = func;
+|
+-t->function = func;
+... when != func = e7
+-init_timer@p(t);
++setup_timer(t, func, 0UL);
+)
// ----------------------------------------------------------------------------
--
2.7.4
--
Kees Cook
Pixel Security
next reply other threads:[~2017-08-22 23:54 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-22 23:54 Kees Cook [this message]
2017-08-23 13:13 ` [PATCH] coccinelle: Improve setup_timer.cocci matching Julia Lawall
2017-08-23 18:57 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170822235400.GA92944@beast \
--to=keescook@chromium.org \
--cc=Gilles.Muller@lip6.fr \
--cc=Julia.Lawall@lip6.fr \
--cc=cocci@systeme.lip6.fr \
--cc=hch@infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mmarek@suse.com \
--cc=nicolas.palix@imag.fr \
--cc=tglx@linutronix.de \
--cc=vaishali.thakkar@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox