11f5207b7SJohn Levon /* 21f5207b7SJohn Levon * Copyright (C) 2010 Dan Carpenter. 31f5207b7SJohn Levon * 41f5207b7SJohn Levon * This program is free software; you can redistribute it and/or 51f5207b7SJohn Levon * modify it under the terms of the GNU General Public License 61f5207b7SJohn Levon * as published by the Free Software Foundation; either version 2 71f5207b7SJohn Levon * of the License, or (at your option) any later version. 81f5207b7SJohn Levon * 91f5207b7SJohn Levon * This program is distributed in the hope that it will be useful, 101f5207b7SJohn Levon * but WITHOUT ANY WARRANTY; without even the implied warranty of 111f5207b7SJohn Levon * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 121f5207b7SJohn Levon * GNU General Public License for more details. 131f5207b7SJohn Levon * 141f5207b7SJohn Levon * You should have received a copy of the GNU General Public License 151f5207b7SJohn Levon * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt 161f5207b7SJohn Levon */ 171f5207b7SJohn Levon 181f5207b7SJohn Levon /* 191f5207b7SJohn Levon * This is kernel specific stuff for smatch_extra. 201f5207b7SJohn Levon */ 211f5207b7SJohn Levon 221f5207b7SJohn Levon #include "scope.h" 231f5207b7SJohn Levon #include "smatch.h" 241f5207b7SJohn Levon #include "smatch_extra.h" 251f5207b7SJohn Levon 26*efe51d0cSJohn Levon static sval_t err_ptr_min; 27*efe51d0cSJohn Levon static sval_t err_ptr_max; 28*efe51d0cSJohn Levon static sval_t null_ptr; 29*efe51d0cSJohn Levon 301f5207b7SJohn Levon static int implied_err_cast_return(struct expression *call, void *unused, struct range_list **rl) 311f5207b7SJohn Levon { 321f5207b7SJohn Levon struct expression *arg; 331f5207b7SJohn Levon 341f5207b7SJohn Levon arg = get_argument_from_call_expr(call->args, 0); 35*efe51d0cSJohn Levon if (!get_implied_rl(arg, rl)) { 36*efe51d0cSJohn Levon *rl = alloc_rl(err_ptr_min, err_ptr_max); 37*efe51d0cSJohn Levon *rl = cast_rl(get_type(arg), *rl); 38*efe51d0cSJohn Levon } 391f5207b7SJohn Levon return 1; 401f5207b7SJohn Levon } 411f5207b7SJohn Levon 421f5207b7SJohn Levon static void hack_ERR_PTR(struct symbol *sym) 431f5207b7SJohn Levon { 441f5207b7SJohn Levon struct symbol *arg; 451f5207b7SJohn Levon struct smatch_state *estate; 461f5207b7SJohn Levon struct range_list *after; 471f5207b7SJohn Levon sval_t low_error; 481f5207b7SJohn Levon sval_t minus_one; 491f5207b7SJohn Levon sval_t zero; 501f5207b7SJohn Levon 511f5207b7SJohn Levon low_error.type = &long_ctype; 521f5207b7SJohn Levon low_error.value = -4095; 531f5207b7SJohn Levon 541f5207b7SJohn Levon minus_one.type = &long_ctype; 551f5207b7SJohn Levon minus_one.value = -1; 561f5207b7SJohn Levon 571f5207b7SJohn Levon zero.type = &long_ctype; 581f5207b7SJohn Levon zero.value = 0; 591f5207b7SJohn Levon 601f5207b7SJohn Levon if (!sym || !sym->ident) 611f5207b7SJohn Levon return; 621f5207b7SJohn Levon if (strcmp(sym->ident->name, "ERR_PTR") != 0) 631f5207b7SJohn Levon return; 641f5207b7SJohn Levon 651f5207b7SJohn Levon arg = first_ptr_list((struct ptr_list *)sym->ctype.base_type->arguments); 661f5207b7SJohn Levon if (!arg || !arg->ident) 671f5207b7SJohn Levon return; 681f5207b7SJohn Levon 691f5207b7SJohn Levon estate = get_state(SMATCH_EXTRA, arg->ident->name, arg); 701f5207b7SJohn Levon if (!estate) { 711f5207b7SJohn Levon after = alloc_rl(low_error, minus_one); 721f5207b7SJohn Levon } else { 731f5207b7SJohn Levon after = rl_intersection(estate_rl(estate), alloc_rl(low_error, zero)); 741f5207b7SJohn Levon if (rl_equiv(estate_rl(estate), after)) 751f5207b7SJohn Levon return; 761f5207b7SJohn Levon } 771f5207b7SJohn Levon set_state(SMATCH_EXTRA, arg->ident->name, arg, alloc_estate_rl(after)); 781f5207b7SJohn Levon } 791f5207b7SJohn Levon 801f5207b7SJohn Levon static void match_param_valid_ptr(const char *fn, struct expression *call_expr, 811f5207b7SJohn Levon struct expression *assign_expr, void *_param) 821f5207b7SJohn Levon { 831f5207b7SJohn Levon int param = PTR_INT(_param); 841f5207b7SJohn Levon struct expression *arg; 851f5207b7SJohn Levon struct smatch_state *pre_state; 861f5207b7SJohn Levon struct smatch_state *end_state; 87*efe51d0cSJohn Levon struct range_list *rl; 881f5207b7SJohn Levon 891f5207b7SJohn Levon arg = get_argument_from_call_expr(call_expr->args, param); 901f5207b7SJohn Levon pre_state = get_state_expr(SMATCH_EXTRA, arg); 91*efe51d0cSJohn Levon if (estate_rl(pre_state)) { 92*efe51d0cSJohn Levon rl = estate_rl(pre_state); 93*efe51d0cSJohn Levon rl = remove_range(rl, null_ptr, null_ptr); 94*efe51d0cSJohn Levon rl = remove_range(rl, err_ptr_min, err_ptr_max); 95*efe51d0cSJohn Levon } else { 96*efe51d0cSJohn Levon rl = alloc_rl(valid_ptr_min_sval, valid_ptr_max_sval); 97*efe51d0cSJohn Levon } 98*efe51d0cSJohn Levon end_state = alloc_estate_rl(rl); 991f5207b7SJohn Levon set_extra_expr_nomod(arg, end_state); 1001f5207b7SJohn Levon } 1011f5207b7SJohn Levon 1021f5207b7SJohn Levon static void match_param_err_or_null(const char *fn, struct expression *call_expr, 1031f5207b7SJohn Levon struct expression *assign_expr, void *_param) 1041f5207b7SJohn Levon { 1051f5207b7SJohn Levon int param = PTR_INT(_param); 1061f5207b7SJohn Levon struct expression *arg; 1071f5207b7SJohn Levon struct range_list *rl; 1081f5207b7SJohn Levon struct smatch_state *pre_state; 1091f5207b7SJohn Levon struct smatch_state *end_state; 1101f5207b7SJohn Levon 1111f5207b7SJohn Levon arg = get_argument_from_call_expr(call_expr->args, param); 1121f5207b7SJohn Levon pre_state = get_state_expr(SMATCH_EXTRA, arg); 113*efe51d0cSJohn Levon call_results_to_rl(call_expr, &ptr_ctype, "0,(-4095)-(-1)", &rl); 1141f5207b7SJohn Levon rl = rl_intersection(estate_rl(pre_state), rl); 115*efe51d0cSJohn Levon rl = cast_rl(get_type(arg), rl); 1161f5207b7SJohn Levon end_state = alloc_estate_rl(rl); 1171f5207b7SJohn Levon set_extra_expr_nomod(arg, end_state); 1181f5207b7SJohn Levon } 1191f5207b7SJohn Levon 1201f5207b7SJohn Levon static void match_not_err(const char *fn, struct expression *call_expr, 1211f5207b7SJohn Levon struct expression *assign_expr, void *unused) 1221f5207b7SJohn Levon { 1231f5207b7SJohn Levon struct expression *arg; 1241f5207b7SJohn Levon struct smatch_state *pre_state; 125*efe51d0cSJohn Levon struct range_list *rl; 1261f5207b7SJohn Levon 1271f5207b7SJohn Levon arg = get_argument_from_call_expr(call_expr->args, 0); 1281f5207b7SJohn Levon pre_state = get_state_expr(SMATCH_EXTRA, arg); 129*efe51d0cSJohn Levon if (estate_rl(pre_state)) { 130*efe51d0cSJohn Levon rl = estate_rl(pre_state); 131*efe51d0cSJohn Levon rl = remove_range(rl, err_ptr_min, err_ptr_max); 132*efe51d0cSJohn Levon } else { 133*efe51d0cSJohn Levon rl = alloc_rl(valid_ptr_min_sval, valid_ptr_max_sval); 134*efe51d0cSJohn Levon } 135*efe51d0cSJohn Levon rl = cast_rl(get_type(arg), rl); 136*efe51d0cSJohn Levon set_extra_expr_nomod(arg, alloc_estate_rl(rl)); 1371f5207b7SJohn Levon } 1381f5207b7SJohn Levon 1391f5207b7SJohn Levon static void match_err(const char *fn, struct expression *call_expr, 1401f5207b7SJohn Levon struct expression *assign_expr, void *unused) 1411f5207b7SJohn Levon { 1421f5207b7SJohn Levon struct expression *arg; 1431f5207b7SJohn Levon struct smatch_state *pre_state; 144*efe51d0cSJohn Levon struct range_list *rl; 1451f5207b7SJohn Levon 1461f5207b7SJohn Levon arg = get_argument_from_call_expr(call_expr->args, 0); 1471f5207b7SJohn Levon pre_state = get_state_expr(SMATCH_EXTRA, arg); 148*efe51d0cSJohn Levon rl = estate_rl(pre_state); 149*efe51d0cSJohn Levon if (!rl) 150*efe51d0cSJohn Levon rl = alloc_rl(err_ptr_min, err_ptr_max); 151*efe51d0cSJohn Levon rl = rl_intersection(rl, alloc_rl(err_ptr_min, err_ptr_max)); 152*efe51d0cSJohn Levon rl = cast_rl(get_type(arg), rl); 153*efe51d0cSJohn Levon set_extra_expr_nomod(arg, alloc_estate_rl(rl)); 1541f5207b7SJohn Levon } 1551f5207b7SJohn Levon 1561f5207b7SJohn Levon static void match_container_of_macro(const char *fn, struct expression *expr, void *unused) 1571f5207b7SJohn Levon { 1581f5207b7SJohn Levon set_extra_expr_mod(expr->left, alloc_estate_range(valid_ptr_min_sval, valid_ptr_max_sval)); 1591f5207b7SJohn Levon } 1601f5207b7SJohn Levon 1611f5207b7SJohn Levon static void match_container_of(struct expression *expr) 1621f5207b7SJohn Levon { 1631f5207b7SJohn Levon struct expression *right = expr->right; 1641f5207b7SJohn Levon char *macro; 1651f5207b7SJohn Levon 1661f5207b7SJohn Levon /* 1671f5207b7SJohn Levon * The problem here is that sometimes the container_of() macro is itself 1681f5207b7SJohn Levon * inside a macro and get_macro() only returns the name of the outside 1691f5207b7SJohn Levon * macro. 1701f5207b7SJohn Levon */ 1711f5207b7SJohn Levon 1721f5207b7SJohn Levon /* 1731f5207b7SJohn Levon * This actually an expression statement assignment but smatch_flow 1741f5207b7SJohn Levon * pre-mangles it for us so we only get the last chunk: 1751f5207b7SJohn Levon * sk = (typeof(sk))((char *)__mptr - offsetof(...)) 1761f5207b7SJohn Levon */ 1771f5207b7SJohn Levon 1781f5207b7SJohn Levon macro = get_macro_name(right->pos); 1791f5207b7SJohn Levon if (!macro) 1801f5207b7SJohn Levon return; 1811f5207b7SJohn Levon if (right->type != EXPR_CAST) 1821f5207b7SJohn Levon return; 1831f5207b7SJohn Levon right = strip_expr(right); 1841f5207b7SJohn Levon if (right->type != EXPR_BINOP || right->op != '-' || 1851f5207b7SJohn Levon right->left->type != EXPR_CAST) 1861f5207b7SJohn Levon return; 1871f5207b7SJohn Levon right = strip_expr(right->left); 1881f5207b7SJohn Levon if (right->type != EXPR_SYMBOL) 1891f5207b7SJohn Levon return; 1901f5207b7SJohn Levon if (!right->symbol->ident || 1911f5207b7SJohn Levon strcmp(right->symbol->ident->name, "__mptr") != 0) 1921f5207b7SJohn Levon return; 1931f5207b7SJohn Levon set_extra_expr_mod(expr->left, alloc_estate_range(valid_ptr_min_sval, valid_ptr_max_sval)); 1941f5207b7SJohn Levon } 1951f5207b7SJohn Levon 1961f5207b7SJohn Levon static int match_next_bit(struct expression *call, void *unused, struct range_list **rl) 1971f5207b7SJohn Levon { 1981f5207b7SJohn Levon struct expression *start_arg; 1991f5207b7SJohn Levon struct expression *size_arg; 2001f5207b7SJohn Levon struct symbol *type; 2011f5207b7SJohn Levon sval_t min, max, tmp; 2021f5207b7SJohn Levon 2031f5207b7SJohn Levon size_arg = get_argument_from_call_expr(call->args, 1); 2041f5207b7SJohn Levon /* btw. there isn't a start_arg for find_first_bit() */ 2051f5207b7SJohn Levon start_arg = get_argument_from_call_expr(call->args, 2); 2061f5207b7SJohn Levon 2071f5207b7SJohn Levon type = get_type(call); 2081f5207b7SJohn Levon min = sval_type_val(type, 0); 2091f5207b7SJohn Levon max = sval_type_val(type, sizeof(long long) * 8); 2101f5207b7SJohn Levon 2111f5207b7SJohn Levon if (get_implied_max(size_arg, &tmp) && tmp.uvalue < max.value) 2121f5207b7SJohn Levon max = tmp; 2131f5207b7SJohn Levon if (start_arg && get_implied_min(start_arg, &tmp) && !sval_is_negative(tmp)) 2141f5207b7SJohn Levon min = tmp; 2151f5207b7SJohn Levon if (sval_cmp(min, max) > 0) 2161f5207b7SJohn Levon max = min; 2171f5207b7SJohn Levon min = sval_cast(type, min); 2181f5207b7SJohn Levon max = sval_cast(type, max); 2191f5207b7SJohn Levon *rl = alloc_rl(min, max); 2201f5207b7SJohn Levon return 1; 2211f5207b7SJohn Levon } 2221f5207b7SJohn Levon 2231f5207b7SJohn Levon static int match_fls(struct expression *call, void *unused, struct range_list **rl) 2241f5207b7SJohn Levon { 2251f5207b7SJohn Levon struct expression *arg; 2261f5207b7SJohn Levon struct range_list *arg_rl; 2271f5207b7SJohn Levon sval_t zero = {}; 2281f5207b7SJohn Levon sval_t start, end, sval; 2291f5207b7SJohn Levon 2301f5207b7SJohn Levon start.type = &int_ctype; 2311f5207b7SJohn Levon start.value = 0; 2321f5207b7SJohn Levon end.type = &int_ctype; 2331f5207b7SJohn Levon end.value = 32; 2341f5207b7SJohn Levon 2351f5207b7SJohn Levon arg = get_argument_from_call_expr(call->args, 0); 2361f5207b7SJohn Levon if (!get_implied_rl(arg, &arg_rl)) 2371f5207b7SJohn Levon return 0; 2381f5207b7SJohn Levon if (rl_to_sval(arg_rl, &sval)) { 2391f5207b7SJohn Levon int i; 2401f5207b7SJohn Levon 2411f5207b7SJohn Levon for (i = 63; i >= 0; i--) { 2421f5207b7SJohn Levon if (sval.uvalue & 1ULL << i) 2431f5207b7SJohn Levon break; 2441f5207b7SJohn Levon } 2451f5207b7SJohn Levon sval.value = i + 1; 2461f5207b7SJohn Levon *rl = alloc_rl(sval, sval); 2471f5207b7SJohn Levon return 1; 2481f5207b7SJohn Levon } 2491f5207b7SJohn Levon zero.type = rl_type(arg_rl); 2501f5207b7SJohn Levon if (!rl_has_sval(arg_rl, zero)) 2511f5207b7SJohn Levon start.value = 1; 2521f5207b7SJohn Levon *rl = alloc_rl(start, end); 2531f5207b7SJohn Levon return 1; 2541f5207b7SJohn Levon } 2551f5207b7SJohn Levon 2561f5207b7SJohn Levon 2571f5207b7SJohn Levon 2581f5207b7SJohn Levon static void find_module_init_exit(struct symbol_list *sym_list) 2591f5207b7SJohn Levon { 2601f5207b7SJohn Levon struct symbol *sym; 2611f5207b7SJohn Levon struct symbol *fn; 2621f5207b7SJohn Levon struct statement *stmt; 2631f5207b7SJohn Levon char *name; 2641f5207b7SJohn Levon int init; 2651f5207b7SJohn Levon int count; 2661f5207b7SJohn Levon 2671f5207b7SJohn Levon /* 2681f5207b7SJohn Levon * This is more complicated because Sparse ignores the "alias" 2691f5207b7SJohn Levon * attribute. I search backwards because module_init() is normally at 2701f5207b7SJohn Levon * the end of the file. 2711f5207b7SJohn Levon */ 2721f5207b7SJohn Levon count = 0; 2731f5207b7SJohn Levon FOR_EACH_PTR_REVERSE(sym_list, sym) { 2741f5207b7SJohn Levon if (sym->type != SYM_NODE) 2751f5207b7SJohn Levon continue; 2761f5207b7SJohn Levon if (!(sym->ctype.modifiers & MOD_STATIC)) 2771f5207b7SJohn Levon continue; 2781f5207b7SJohn Levon fn = get_base_type(sym); 2791f5207b7SJohn Levon if (!fn) 2801f5207b7SJohn Levon continue; 2811f5207b7SJohn Levon if (fn->type != SYM_FN) 2821f5207b7SJohn Levon continue; 2831f5207b7SJohn Levon if (!sym->ident) 2841f5207b7SJohn Levon continue; 2851f5207b7SJohn Levon if (!fn->inline_stmt) 2861f5207b7SJohn Levon continue; 2871f5207b7SJohn Levon if (strcmp(sym->ident->name, "__inittest") == 0) 2881f5207b7SJohn Levon init = 1; 2891f5207b7SJohn Levon else if (strcmp(sym->ident->name, "__exittest") == 0) 2901f5207b7SJohn Levon init = 0; 2911f5207b7SJohn Levon else 2921f5207b7SJohn Levon continue; 2931f5207b7SJohn Levon 2941f5207b7SJohn Levon count++; 2951f5207b7SJohn Levon 2961f5207b7SJohn Levon stmt = first_ptr_list((struct ptr_list *)fn->inline_stmt->stmts); 2971f5207b7SJohn Levon if (!stmt || stmt->type != STMT_RETURN) 2981f5207b7SJohn Levon continue; 2991f5207b7SJohn Levon name = expr_to_var(stmt->ret_value); 3001f5207b7SJohn Levon if (!name) 3011f5207b7SJohn Levon continue; 3021f5207b7SJohn Levon if (init) 3031f5207b7SJohn Levon sql_insert_function_ptr(name, "(struct module)->init"); 3041f5207b7SJohn Levon else 3051f5207b7SJohn Levon sql_insert_function_ptr(name, "(struct module)->exit"); 3061f5207b7SJohn Levon free_string(name); 3071f5207b7SJohn Levon if (count >= 2) 3081f5207b7SJohn Levon return; 3091f5207b7SJohn Levon } END_FOR_EACH_PTR_REVERSE(sym); 3101f5207b7SJohn Levon } 3111f5207b7SJohn Levon 3121f5207b7SJohn Levon static void match_end_file(struct symbol_list *sym_list) 3131f5207b7SJohn Levon { 3141f5207b7SJohn Levon struct symbol *sym; 3151f5207b7SJohn Levon 3161f5207b7SJohn Levon /* find the last static symbol in the file */ 3171f5207b7SJohn Levon FOR_EACH_PTR_REVERSE(sym_list, sym) { 3181f5207b7SJohn Levon if (!(sym->ctype.modifiers & MOD_STATIC)) 3191f5207b7SJohn Levon continue; 3201f5207b7SJohn Levon if (!sym->scope) 3211f5207b7SJohn Levon continue; 3221f5207b7SJohn Levon find_module_init_exit(sym->scope->symbols); 3231f5207b7SJohn Levon return; 3241f5207b7SJohn Levon } END_FOR_EACH_PTR_REVERSE(sym); 3251f5207b7SJohn Levon } 3261f5207b7SJohn Levon 3271f5207b7SJohn Levon static struct expression *get_val_expr(struct expression *expr) 3281f5207b7SJohn Levon { 3291f5207b7SJohn Levon struct symbol *sym, *val; 3301f5207b7SJohn Levon 3311f5207b7SJohn Levon if (expr->type != EXPR_DEREF) 3321f5207b7SJohn Levon return NULL; 3331f5207b7SJohn Levon expr = expr->deref; 3341f5207b7SJohn Levon if (expr->type != EXPR_SYMBOL) 3351f5207b7SJohn Levon return NULL; 3361f5207b7SJohn Levon if (strcmp(expr->symbol_name->name, "__u") != 0) 3371f5207b7SJohn Levon return NULL; 3381f5207b7SJohn Levon sym = get_base_type(expr->symbol); 3391f5207b7SJohn Levon val = first_ptr_list((struct ptr_list *)sym->symbol_list); 3401f5207b7SJohn Levon if (!val || strcmp(val->ident->name, "__val") != 0) 3411f5207b7SJohn Levon return NULL; 3421f5207b7SJohn Levon return member_expression(expr, '.', val->ident); 3431f5207b7SJohn Levon } 3441f5207b7SJohn Levon 3451f5207b7SJohn Levon static void match__write_once_size(const char *fn, struct expression *call, 3461f5207b7SJohn Levon void *unused) 3471f5207b7SJohn Levon { 3481f5207b7SJohn Levon struct expression *dest, *data, *assign; 3491f5207b7SJohn Levon struct range_list *rl; 3501f5207b7SJohn Levon 3511f5207b7SJohn Levon dest = get_argument_from_call_expr(call->args, 0); 3521f5207b7SJohn Levon if (dest->type != EXPR_PREOP || dest->op != '&') 3531f5207b7SJohn Levon return; 3541f5207b7SJohn Levon dest = strip_expr(dest->unop); 3551f5207b7SJohn Levon 3561f5207b7SJohn Levon data = get_argument_from_call_expr(call->args, 1); 3571f5207b7SJohn Levon data = get_val_expr(data); 3581f5207b7SJohn Levon if (!data) 3591f5207b7SJohn Levon return; 3601f5207b7SJohn Levon get_absolute_rl(data, &rl); 3611f5207b7SJohn Levon assign = assign_expression(dest, '=', data); 3621f5207b7SJohn Levon 3631f5207b7SJohn Levon __in_fake_assign++; 3641f5207b7SJohn Levon __split_expr(assign); 3651f5207b7SJohn Levon __in_fake_assign--; 3661f5207b7SJohn Levon } 3671f5207b7SJohn Levon 3681f5207b7SJohn Levon static void match__read_once_size(const char *fn, struct expression *call, 3691f5207b7SJohn Levon void *unused) 3701f5207b7SJohn Levon { 3711f5207b7SJohn Levon struct expression *dest, *data, *assign; 3721f5207b7SJohn Levon struct symbol *type, *val_sym; 3731f5207b7SJohn Levon 3741f5207b7SJohn Levon /* 3751f5207b7SJohn Levon * We want to change: 3761f5207b7SJohn Levon * __read_once_size_nocheck(&(x), __u.__c, sizeof(x)); 3771f5207b7SJohn Levon * into a fake assignment: 3781f5207b7SJohn Levon * __u.val = x; 3791f5207b7SJohn Levon * 3801f5207b7SJohn Levon */ 3811f5207b7SJohn Levon 3821f5207b7SJohn Levon data = get_argument_from_call_expr(call->args, 0); 3831f5207b7SJohn Levon if (data->type != EXPR_PREOP || data->op != '&') 3841f5207b7SJohn Levon return; 3851f5207b7SJohn Levon data = strip_parens(data->unop); 3861f5207b7SJohn Levon 3871f5207b7SJohn Levon dest = get_argument_from_call_expr(call->args, 1); 3881f5207b7SJohn Levon if (dest->type != EXPR_DEREF || dest->op != '.') 3891f5207b7SJohn Levon return; 3901f5207b7SJohn Levon if (!dest->member || strcmp(dest->member->name, "__c") != 0) 3911f5207b7SJohn Levon return; 3921f5207b7SJohn Levon dest = dest->deref; 3931f5207b7SJohn Levon type = get_type(dest); 3941f5207b7SJohn Levon if (!type) 3951f5207b7SJohn Levon return; 3961f5207b7SJohn Levon val_sym = first_ptr_list((struct ptr_list *)type->symbol_list); 3971f5207b7SJohn Levon dest = member_expression(dest, '.', val_sym->ident); 3981f5207b7SJohn Levon 3991f5207b7SJohn Levon assign = assign_expression(dest, '=', data); 4001f5207b7SJohn Levon __in_fake_assign++; 4011f5207b7SJohn Levon __split_expr(assign); 4021f5207b7SJohn Levon __in_fake_assign--; 4031f5207b7SJohn Levon } 4041f5207b7SJohn Levon 405*efe51d0cSJohn Levon bool is_ignored_kernel_data(const char *name) 406*efe51d0cSJohn Levon { 407*efe51d0cSJohn Levon if (option_project != PROJ_KERNEL) 408*efe51d0cSJohn Levon return false; 409*efe51d0cSJohn Levon 410*efe51d0cSJohn Levon /* 411*efe51d0cSJohn Levon * On the file I was looking at lockdep was 25% of the DB. 412*efe51d0cSJohn Levon */ 413*efe51d0cSJohn Levon if (strstr(name, ".dep_map.")) 414*efe51d0cSJohn Levon return true; 415*efe51d0cSJohn Levon if (strstr(name, ".lockdep_map.")) 416*efe51d0cSJohn Levon return true; 417*efe51d0cSJohn Levon return false; 418*efe51d0cSJohn Levon } 419*efe51d0cSJohn Levon 4201f5207b7SJohn Levon void check_kernel(int id) 4211f5207b7SJohn Levon { 4221f5207b7SJohn Levon if (option_project != PROJ_KERNEL) 4231f5207b7SJohn Levon return; 4241f5207b7SJohn Levon 425*efe51d0cSJohn Levon err_ptr_min.type = &ptr_ctype; 426*efe51d0cSJohn Levon err_ptr_min.value = -4095; 427*efe51d0cSJohn Levon err_ptr_max.type = &ptr_ctype; 428*efe51d0cSJohn Levon err_ptr_max.value = -1l; 429*efe51d0cSJohn Levon null_ptr.type = &ptr_ctype; 430*efe51d0cSJohn Levon null_ptr.value = 0; 431*efe51d0cSJohn Levon 432*efe51d0cSJohn Levon err_ptr_min = sval_cast(&ptr_ctype, err_ptr_min); 433*efe51d0cSJohn Levon err_ptr_max = sval_cast(&ptr_ctype, err_ptr_max); 434*efe51d0cSJohn Levon 4351f5207b7SJohn Levon add_implied_return_hook("ERR_PTR", &implied_err_cast_return, NULL); 4361f5207b7SJohn Levon add_implied_return_hook("ERR_CAST", &implied_err_cast_return, NULL); 4371f5207b7SJohn Levon add_implied_return_hook("PTR_ERR", &implied_err_cast_return, NULL); 4381f5207b7SJohn Levon add_hook(hack_ERR_PTR, AFTER_DEF_HOOK); 4391f5207b7SJohn Levon return_implies_state("IS_ERR_OR_NULL", 0, 0, &match_param_valid_ptr, (void *)0); 4401f5207b7SJohn Levon return_implies_state("IS_ERR_OR_NULL", 1, 1, &match_param_err_or_null, (void *)0); 4411f5207b7SJohn Levon return_implies_state("IS_ERR", 0, 0, &match_not_err, NULL); 4421f5207b7SJohn Levon return_implies_state("IS_ERR", 1, 1, &match_err, NULL); 4431f5207b7SJohn Levon return_implies_state("tomoyo_memory_ok", 1, 1, &match_param_valid_ptr, (void *)0); 4441f5207b7SJohn Levon 4451f5207b7SJohn Levon add_macro_assign_hook_extra("container_of", &match_container_of_macro, NULL); 4461f5207b7SJohn Levon add_hook(match_container_of, ASSIGNMENT_HOOK); 4471f5207b7SJohn Levon 4481f5207b7SJohn Levon add_implied_return_hook("find_next_bit", &match_next_bit, NULL); 4491f5207b7SJohn Levon add_implied_return_hook("find_next_zero_bit", &match_next_bit, NULL); 4501f5207b7SJohn Levon add_implied_return_hook("find_first_bit", &match_next_bit, NULL); 4511f5207b7SJohn Levon add_implied_return_hook("find_first_zero_bit", &match_next_bit, NULL); 4521f5207b7SJohn Levon 4531f5207b7SJohn Levon add_implied_return_hook("fls", &match_fls, NULL); 4541f5207b7SJohn Levon add_implied_return_hook("fls64", &match_fls, NULL); 4551f5207b7SJohn Levon 4561f5207b7SJohn Levon add_function_hook("__ftrace_bad_type", &__match_nullify_path_hook, NULL); 4571f5207b7SJohn Levon add_function_hook("__write_once_size", &match__write_once_size, NULL); 4581f5207b7SJohn Levon 4591f5207b7SJohn Levon add_function_hook("__read_once_size", &match__read_once_size, NULL); 4601f5207b7SJohn Levon add_function_hook("__read_once_size_nocheck", &match__read_once_size, NULL); 4611f5207b7SJohn Levon 4621f5207b7SJohn Levon if (option_info) 4631f5207b7SJohn Levon add_hook(match_end_file, END_FILE_HOOK); 4641f5207b7SJohn Levon } 465