The parentheses are only needed if there is a disjunction, ie a
set of possible changes. If there is only one pattern, we can
remove these parentheses. Just like the format:
- x
+ y
not:
(
- x
+ y
)
Signed-off-by: Hongbo Li <lihongbo22@huawei.com>
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
As other rules done, we add rules for str_yes_no()
to check the relative opportunities.
Signed-off-by: Hongbo Li <lihongbo22@huawei.com>
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
As other rules done, we add rules for str_on_off()
to check the relative opportunities.
Signed-off-by: Hongbo Li <lihongbo22@huawei.com>
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
As other rules done, we add rules for str_write_read()
to check the relative opportunities.
Signed-off-by: Hongbo Li <lihongbo22@huawei.com>
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
As other rules done, we add rules for str_read_write()
to check the relative opportunities.
Signed-off-by: Hongbo Li <lihongbo22@huawei.com>
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
As other rules done, we add rules for str_enable{d}_
disable{d}() to check the relative opportunities.
Signed-off-by: Hongbo Li <lihongbo22@huawei.com>
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
As other rules done, we add rules for str_lo{w}_hi{gh}()
to check the relative opportunities.
Signed-off-by: Hongbo Li <lihongbo22@huawei.com>
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
As other rules done, we add rules for str_hi{gh}_lo{w}()
to check the relative opportunities.
Signed-off-by: Hongbo Li <lihongbo22@huawei.com>
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
As done with str_true_false(), add checks for str_false_true()
opportunities. A simple test can find over 9 cases currently
exist in the tree.
Signed-off-by: Hongbo Li <lihongbo22@huawei.com>
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
After str_true_false() has been introduced in the tree,
we can add rules for finding places where str_true_false()
can be used. A simple test can find over 10 locations.
Signed-off-by: Hongbo Li <lihongbo22@huawei.com>
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
no_llseek had been defined to NULL two years ago, in commit 868941b144
("fs: remove no_llseek")
To quote that commit,
At -rc1 we'll need do a mechanical removal of no_llseek -
git grep -l -w no_llseek | grep -v porting.rst | while read i; do
sed -i '/\<no_llseek\>/d' $i
done
would do it.
Unfortunately, that hadn't been done. Linus, could you do that now, so
that we could finally put that thing to rest? All instances are of the
form
.llseek = no_llseek,
so it's obviously safe.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
As done with str_up_down(), add checks for str_down_up() opportunities.
5 cases currently exist in the tree.
Suggested-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Link: https://lore.kernel.org/r/20240812183637.work.999-kees@kernel.org
Reviewed-by: Andy Shevchenko <andy@kernel.org>
Signed-off-by: Kees Cook <kees@kernel.org>
s/does not use unnecessary/do not unnecessarily use/
Signed-off-by: Thorsten Blum <thorsten.blum@toblux.com>
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
Most of the people prefer:
return ret < 0 ? ret: 0;
than:
return min(ret, 0);
Let's tweak the cocci file to ignore those lines completely.
Signed-off-by: Ricardo Ribalda <ribalda@chromium.org>
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
include/linux/overflow.h includes helper macros intended for calculating
sizes of allocations. These macros prevent accidental overflow by
saturating at SIZE_MAX.
In general when calculating such sizes use of the macros is preferred. Add
a semantic patch which can detect code patterns which can be replaced by
struct_size.
Note that I set the confidence to medium because this patch doesn't make an
attempt to ensure that the relevant array is actually a flexible array. The
struct_size macro does specifically require a flexible array. In many cases
the detected code could be refactored to a flexible array, but this is not
always possible (such as if there are multiple over-allocations).
Signed-off-by: Jacob Keller <jacob.e.keller@intel.com>
Link: https://lore.kernel.org/r/20230227202428.3657443-1-jacob.e.keller@intel.com
Signed-off-by: Kees Cook <keescook@chromium.org>
Add rules for finding places where str_plural() can be used. This
currently finds:
54 files changed, 62 insertions(+), 61 deletions(-)
Co-developed-by: Michal Wajdeczko <michal.wajdeczko@intel.com>
Signed-off-by: Michal Wajdeczko <michal.wajdeczko@intel.com>
Link: https://lore.kernel.org/all/fc1b25a8-6381-47c2-831c-ab6b8201a82b@intel.com/
Signed-off-by: Kees Cook <keescook@chromium.org>
Commit ff82e84e80 ("coccinelle: device_attr_show: simplify patch case")
simplifies the patch case, as a result, STR is no longer needed.
This also helps to fix below coccicheck warning:
> warning: rp: metavariable STR not used in the - or context code
CC: Julia Lawall <Julia.Lawall@inria.fr>
CC: Nicolas Palix <nicolas.palix@imag.fr>
CC: cocci@inria.fr
Fixes: ff82e84e80 ("coccinelle: device_attr_show: simplify patch case")
Signed-off-by: Li Zhijian <lizhijian@fujitsu.com>
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
Replacing the final expression argument by ... allows the format
string to have multiple arguments.
It also has the advantage of allowing the change to be recognized as
a change in a single statement, thus avoiding adding unneeded braces.
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
A common practice is to grep for "WARNING" or "ERROR" text in the report
output from a Coccinelle semantic patch script. So, include the text
"WARNING: " in the report output generated by the semantic patch for
desired filtering of the output. Also improves the readability of the
output. Here is an example of the old and new outputs reported:
xyz_file.c:131:39-40: atomic_add_unless
xyz_file.c:131:39-40: WARNING: atomic_add_unless
xyz_file.c:196:6-25: atomic_dec_and_test variation before object free at line 208.
xyz_file.c:196:6-25: WARNING: atomic_dec_and_test variation before object free at line 208.
Signed-off-by: Deepak R Varma <drv@mailo.com>
Acked-by: Julia Lawall <Julia.Lawall@inria.fr>
Since commit b37a466837 ("netdevice: add the case if dev is NULL"),
NULL check before dev_{put, hold} functions is not needed.
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
The test of an expression's address does not necessarily represent the
whole condition, it may only be a part of it. Also, an expression's
address is likely to be non-zero in every test expression, not only in
if statements.
This change aims at detecting an address test in more complex conditions
and not only in if statements.
Signed-off-by: Jérémy Lefaure <jeremy.lefaure@netatmo.com>
Signed-off-by: Julia Lawall <julia.lawall@inria.fr>
This semantic patch does not take into account the fact that of_node_put
can be safely applied to NULL. Thus it gives only false positives.
Drop it.
Reported-by: Qing Wang <wangqing@vivo.com>
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
The BUG_ON script was never safe, in that it was not able to check
whether the condition was side-effecting. At this point, BUG_ON
should be well known, so it has probably outlived its usefuless.
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
Suggested-by: Matthew Wilcox <willy@infradead.org>
Update MAINTAINERS information (mailing list, web page, etc).
Add a semantic patch from Wen Yang to check for do_div calls that may
cause truncation, motivated by
commit b0ab99e773 ("sched: Fix possible divide by zero in avg_atom() calculation")
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEnGZC8gbRfLXdcpA0F+92B3f5RZ0FAmGOQVMACgkQF+92B3f5
RZ37Hw//R4CEHgb+E5hUUFhejNZTdX93pgoc1nMO8lmE1OwGf1ZMrsdBDrRZe270
LYKKXgH3H/J/Mc3MstPRDPjIeN6K/DRB1LrYksSEtTJnLwdcd4MoLX5ozwQdWfDQ
7pJkmdEAhrfGUh7Z2qopINa8XzaE6vAk3alo81GLUL2rOFDaJrtqoSKGZIZ/SPHZ
p9bnyqfU2Jv/PHCJrnIhAx4af6kae9WY4dSnVd16cB+e5h8u3x/2xEPobNF5+awd
hUNH+zu3QRP362Mb2rDa8P5Z15bAxLhAv4SwY8BJ8LYYvTtCGv4Vbu661egPahit
Jgj9mDUoEDMHVBqDMqH4LEc+aCmhKIl4k3p4rODQvW8L+hEP/2Q++FsKuJOK8CfF
a24NaMed1j6ORW00n1XW6c1AEbPAlfsNYfEGTin6LYtP/AA1FL04jW3FeF/WlPuv
X1P9U6X0Y/qCzLeCk5IqcoBD9Zf4iYOxEGGXuFEiXm7S41jK7N+TiwXhlEMUKsqF
0V/xfiXnwzrsCQQLaF5tX4CU9gXDxuZw1b5QfUVDptD42KTfdmss9xGxYVCrRKZy
R6rLgMcdgTHgRaYzGb3qlIQ0chyjBo8HGCbW1EDYWJwQoR92AkTlFcrWuqxsD2lM
GDafd6jqDQxdl441siJlZrjxY2EDiXfuWfdJ+fl60yVF6lo1YW0=
=vMjw
-----END PGP SIGNATURE-----
Merge tag 'coccinelle-5.16-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jlawall/linux
Pull coccinelle updates from Julia Lawall:
- Update MAINTAINERS information (mailing list, web page, etc).
- Add a semantic patch from Wen Yang to check for do_div calls that may
cause truncation, motivated by commit b0ab99e773 ("sched: Fix
possible divide by zero in avg_atom() calculation")
* tag 'coccinelle-5.16-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jlawall/linux:
coccinelle: update Coccinelle entry
coccinelle: semantic patch to check for inappropriate do_div() calls
do_div() does a 64-by-32 division.
When the divisor is unsigned long, u64, or s64,
do_div() truncates it to 32 bits, this means it
can test non-zero and be truncated to zero for division.
This semantic patch is inspired by Mateusz Guzik's patch:
commit b0ab99e773 ("sched: Fix possible divide by zero in avg_atom() calculation")
Signed-off-by: Wen Yang <wenyang@linux.alibaba.com>
Signed-off-by: Julia Lawall <julia.lawall@inria.fr>
Cc: Gilles Muller <Gilles.Muller@lip6.fr>
Cc: Nicolas Palix <nicolas.palix@imag.fr>
Cc: Michal Marek <michal.lkml@markovi.net>
Cc: Matthias Maennich <maennich@google.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: cocci@systeme.lip6.fr
Cc: linux-kernel@vger.kernel.org
Currently use_after_iter.cocci generates false positives for code of the
following form:
~~~
list_for_each_entry(d, &ddata->irq_list, node) {
if (irq == d->irq)
break;
}
if (list_entry_is_head(d, &ddata->irq_list, node))
return IRQ_NONE;
~~~
[This specific example comes from drivers/power/supply/cpcap-battery.c]
Most list macros use list_entry_is_head() as loop exit condition meaning it
is not unsafe to reuse pos (a.k.a. d) in the code above.
Let's avoid reporting these cases.
Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org>
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
Commit 453431a549 ("mm, treewide: rename kzfree() to
kfree_sensitive()") renamed kzfree() to kfree_sensitive(),
it should be applied to coccinelle.
Signed-off-by: Weizhao Ouyang <o451686892@gmail.com>
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
Acked-by: Denis Efremov <efremov@linux.com>
Using kobj_to_dev() instead of container_of() is not universally
accepted among maintainers as an improvement. The warning leads to
repeated patch submissions that won't be accepted. Remove the script.
Cc: Christoph Hellwig <hch@lst.de>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Denis Efremov <efremov@linux.com>
Cc: Julia Lawall <Julia.Lawall@inria.fr>
Signed-off-by: Keith Busch <kbusch@kernel.org>
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
Acked-by: Jens Axboe <axboe@kernel.dk>
Acked-by: Denis Efremov <efremov@linux.com>
There is a standard idiom for "if 'ret' holds an error, return it":
return ret < 0 ? ret : 0;
Developers prefer to keep the things as they are because stylistic
change to "return min(ret, 0);" breaks readability.
Let's suppress automatic generation for this type of patches.
Signed-off-by: Denis Efremov <efremov@linux.com>
The IRQF_ONESHOT should be present for threaded IRQ using default
primary handler. However intetrupt of many child devices, e.g. children
of MFD, is nested thus the IRQF_ONESHOT is not needed. The coccinelle
message about error misleads submitters and reviewers about the severity
of the issue, so make it a warning and mention possible false positive.
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
Remove the documentation link from the warning message because commit
3942ea7a10 ("deprecated.rst: Remove now removed uninitialized_var")
removed the section from documentation. Update the rule documentation
accordingly.
Signed-off-by: Denis Efremov <efremov@linux.com>
Signed-off-by: Julia Lawall <julia.lawall@inria.fr>
Skip patches generation for structs with a single field.
Changing a zero-length array to a flexible array member in a struct
with no named members breaks the compilation. However, reporting
such cases is still valuable, e.g. commit 637464c59e
("ACPI: NFIT: Fix flexible_array.cocci warnings").
Signed-off-by: Denis Efremov <efremov@linux.com>
Signed-off-by: Julia Lawall <julia.lawall@inria.fr>
of_dev_get() and of_dev_put are just wrappers for get_device()/put_device()
on a platform_device. There's also already platform_device_{get,put}()
wrappers for this purpose. Let's update the few users and remove
of_dev_{get,put}().
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Frank Rowand <frowand.list@gmail.com>
Cc: Patrice Chotard <patrice.chotard@st.com>
Cc: Felipe Balbi <balbi@kernel.org>
Cc: Julia Lawall <Julia.Lawall@inria.fr>
Cc: Gilles Muller <Gilles.Muller@inria.fr>
Cc: Nicolas Palix <nicolas.palix@imag.fr>
Cc: Michal Marek <michal.lkml@markovi.net>
Cc: linuxppc-dev@lists.ozlabs.org
Cc: netdev@vger.kernel.org
Cc: linux-arm-kernel@lists.infradead.org
Cc: linux-usb@vger.kernel.org
Cc: cocci@systeme.lip6.fr
Signed-off-by: Rob Herring <robh@kernel.org>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Link: https://lore.kernel.org/r/20210211232745.1498137-2-robh@kernel.org
The ptr_ret script script addresses a number of situations where we end up
testing an error pointer, and if it's an error returning it, or return 0
otherwise to transform it into a PTR_ERR_OR_ZERO call.
So it will convert a block like this:
if (IS_ERR(err))
return PTR_ERR(err);
return 0;
into
return PTR_ERR_OR_ZERO(err);
While this is technically correct, it has a number of drawbacks. First, it
merges the error and success path, which will make it harder for a reviewer
or reader to grasp.
It's also more difficult to extend if we were to add some code between the
error check and the function return, making the author essentially revert
that patch before adding new lines, while it would have been a trivial
addition otherwise for the rewiever.
Therefore, since that script is only about cosmetic in the first place,
let's remove it since it's not worth it.
Acked-by: Jani Nikula <jani.nikula@intel.com>
Acked-by: Thierry Reding <treding@nvidia.com>
Acked-by: Julia Lawall <julia.lawall@inria.fr>
Reviewed-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Reviewed-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Maxime Ripard <maxime@cerno.tech>
Signed-off-by: Julia Lawall <julia.lawall@inria.fr>
0/1 for booleans is perfectly valid C.
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
Check that alloc and free types of functions match each other.
Signed-off-by: Denis Efremov <efremov@linux.com>
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
While iterating over child nodes with the for_each functions, if
control is transferred from the middle of the loop, as in the case
of a break or return or goto, there is no decrement in the
reference counter thus ultimately resulting in a memory leak.
Add this script to detect potential memory leaks caused by
the absence of of_node_put() before break, goto, or, return
statements which transfer control outside the loop.
Signed-off-by: Sumera Priyadarsini <sylphrenadin@gmail.com>
Signed-off-by: Julia Lawall <julia.lawall@inria.fr>
Print memset() call position in addition to the kfree() position to
ease issues identification.
Signed-off-by: Denis Efremov <efremov@linux.com>
Signed-off-by: Julia Lawall <julia.lawall@inria.fr>
One-element and zero-length arrays are deprecated [1]. Kernel
code should always use "flexible array members" instead, except
for existing uapi definitions.
The script warns about one-element and zero-length arrays in structs.
[1] commit 68e4cd17e2 ("docs: deprecated.rst: Add zero-length and
one-element arrays")
Cc: Kees Cook <keescook@chromium.org>
Cc: Gustavo A. R. Silva <gustavoars@kernel.org>
Signed-off-by: Denis Efremov <efremov@linux.com>
Signed-off-by: Julia Lawall <julia.lawall@inria.fr>