[PATCH] sentinel_ctltable: Add a check for sentinel elements in ctl_table arrays

Joel Granados via B4 Relay <devnull+j.granados.samsung.com@xxxxxxxxxx> · Fri, 14 Jun 2024 14:29:41 +0200

From: Joel Granados <j.granados@xxxxxxxxxxx>

Added a new check named check_sentinel_ctltable that prints a warning
when a sentinel element is detected in a ctl_table struct array.
Sentinels marking the end of a ctl_table array where completely removed
from the linux kernel in [1]. We add this warning to avoid cases where a
sentinel gets added by mistake.

[1] https://lore.kernel.org/20240604-jag-sysctl_remset-v1-0-2df7ecdba0bd@xxxxxxxxxxx

Signed-off-by: Joel Granados <j.granados@xxxxxxxxxxx>
---
Signed-off-by: Joel Granados <j.granados@xxxxxxxxxxx>

--
---
 check_list.h              |  1 +
 check_sentinel_ctltable.c | 41 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 42 insertions(+)

diff --git a/check_list.h b/check_list.h
index 7115b069..a870c95f 100644
--- a/check_list.h
+++ b/check_list.h
@@ -252,6 +252,7 @@ CK(check_direct_return_instead_of_goto)
 CK(check_double_fget)
 CK(check_negative_error_code_type_promoted)
 CK(check_uninitialized_kobj)
+CK(check_sentinel_ctltable)
 
 /* wine specific stuff */
 CK(check_wine_filehandles)
diff --git a/check_sentinel_ctltable.c b/check_sentinel_ctltable.c
new file mode 100644
index 00000000..8bdb582a
--- /dev/null
+++ b/check_sentinel_ctltable.c
@@ -0,0 +1,41 @@
+#include "smatch.h"
+
+struct non_null_ctltable_elems {
+	const char *name;
+	const int len;
+};
+
+static struct non_null_ctltable_elems non_null_elems[] = {
+	{.name = "->procname", .len = 10},
+	{.name = "->proc_handler", .len = 14},
+};
+
+static int match_ctl_table_array_sentinel(struct expression *expr)
+{
+	char * member_name = NULL;
+	if (!expr)
+		return 0;
+
+	member_name = get_member_name(expr);
+	if (!member_name)
+		return 0;
+
+	if (strncmp(member_name, "(struct ctl_table)", 18) != 0)
+		return 0;
+
+	for (int i = 0 ; i < ARRAY_SIZE(non_null_elems) ; ++i) {
+		if (strncmp(member_name + 18, non_null_elems[i].name, non_null_elems[i].len) ==0) {
+			sm_warning ("(struct ctl_table)%s cannot be NULL. Expression : %s",
+				    non_null_elems[i].name, expr_to_str(expr));
+			return 0;
+		}
+	}
+
+	return 0;
+}
+
+void check_sentinel_ctltable(int id)
+{
+	add_hook(&match_ctl_table_array_sentinel, EXPR_HOOK);
+}
+

---
base-commit: ff1cc4d453ffeddf3cf3dc031c5b129eefbf3e2c
change-id: 20240614-master-db259d890db0

Best regards,
-- 
Joel Granados <j.granados@xxxxxxxxxxx>









