11f5207b7SJohn Levon /*
21f5207b7SJohn Levon  * Copyright (C) 2010 Dan Carpenter.
31f5207b7SJohn Levon  *
41f5207b7SJohn Levon  * This program is free software; you can redistribute it and/or
51f5207b7SJohn Levon  * modify it under the terms of the GNU General Public License
61f5207b7SJohn Levon  * as published by the Free Software Foundation; either version 2
71f5207b7SJohn Levon  * of the License, or (at your option) any later version.
81f5207b7SJohn Levon  *
91f5207b7SJohn Levon  * This program is distributed in the hope that it will be useful,
101f5207b7SJohn Levon  * but WITHOUT ANY WARRANTY; without even the implied warranty of
121f5207b7SJohn Levon  * GNU General Public License for more details.
131f5207b7SJohn Levon  *
141f5207b7SJohn Levon  * You should have received a copy of the GNU General Public License
151f5207b7SJohn Levon  * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
161f5207b7SJohn Levon  */
171f5207b7SJohn Levon 
181f5207b7SJohn Levon /*
191f5207b7SJohn Levon  * This is kernel specific stuff for smatch_extra.
201f5207b7SJohn Levon  */
211f5207b7SJohn Levon 
221f5207b7SJohn Levon #include "scope.h"
231f5207b7SJohn Levon #include "smatch.h"
241f5207b7SJohn Levon #include "smatch_extra.h"
251f5207b7SJohn Levon 
26efe51d0cSJohn Levon static sval_t err_ptr_min;
27efe51d0cSJohn Levon static sval_t err_ptr_max;
28efe51d0cSJohn Levon static sval_t null_ptr;
29efe51d0cSJohn Levon 
implied_err_cast_return(struct expression * call,void * unused,struct range_list ** rl)301f5207b7SJohn Levon static int implied_err_cast_return(struct expression *call, void *unused, struct range_list **rl)
311f5207b7SJohn Levon {
321f5207b7SJohn Levon 	struct expression *arg;
331f5207b7SJohn Levon 
341f5207b7SJohn Levon 	arg = get_argument_from_call_expr(call->args, 0);
35*6523a3aaSJohn Levon 	if (!get_implied_rl(arg, rl))
36efe51d0cSJohn Levon 		*rl = alloc_rl(err_ptr_min, err_ptr_max);
37*6523a3aaSJohn Levon 
38*6523a3aaSJohn Levon 	*rl = cast_rl(get_type(call), *rl);
391f5207b7SJohn Levon 	return 1;
401f5207b7SJohn Levon }
411f5207b7SJohn Levon 
hack_ERR_PTR(struct symbol * sym)421f5207b7SJohn Levon static void hack_ERR_PTR(struct symbol *sym)
431f5207b7SJohn Levon {
441f5207b7SJohn Levon 	struct symbol *arg;
451f5207b7SJohn Levon 	struct smatch_state *estate;
461f5207b7SJohn Levon 	struct range_list *after;
471f5207b7SJohn Levon 	sval_t low_error;
481f5207b7SJohn Levon 	sval_t minus_one;
491f5207b7SJohn Levon 	sval_t zero;
501f5207b7SJohn Levon 
511f5207b7SJohn Levon 	low_error.type = &long_ctype;
521f5207b7SJohn Levon 	low_error.value = -4095;
531f5207b7SJohn Levon 
541f5207b7SJohn Levon 	minus_one.type = &long_ctype;
551f5207b7SJohn Levon 	minus_one.value = -1;
561f5207b7SJohn Levon 
571f5207b7SJohn Levon 	zero.type = &long_ctype;
581f5207b7SJohn Levon 	zero.value = 0;
591f5207b7SJohn Levon 
601f5207b7SJohn Levon 	if (!sym || !sym->ident)
611f5207b7SJohn Levon 		return;
621f5207b7SJohn Levon 	if (strcmp(sym->ident->name, "ERR_PTR") != 0)
631f5207b7SJohn Levon 		return;
641f5207b7SJohn Levon 
651f5207b7SJohn Levon 	arg = first_ptr_list((struct ptr_list *)sym->ctype.base_type->arguments);
661f5207b7SJohn Levon 	if (!arg || !arg->ident)
671f5207b7SJohn Levon 		return;
681f5207b7SJohn Levon 
691f5207b7SJohn Levon 	estate = get_state(SMATCH_EXTRA, arg->ident->name, arg);
701f5207b7SJohn Levon 	if (!estate) {
711f5207b7SJohn Levon 		after = alloc_rl(low_error, minus_one);
721f5207b7SJohn Levon 	} else {
731f5207b7SJohn Levon 		after = rl_intersection(estate_rl(estate), alloc_rl(low_error, zero));
741f5207b7SJohn Levon 		if (rl_equiv(estate_rl(estate), after))
751f5207b7SJohn Levon 			return;
761f5207b7SJohn Levon 	}
771f5207b7SJohn Levon 	set_state(SMATCH_EXTRA, arg->ident->name, arg, alloc_estate_rl(after));
781f5207b7SJohn Levon }
791f5207b7SJohn Levon 
match_param_valid_ptr(const char * fn,struct expression * call_expr,struct expression * assign_expr,void * _param)801f5207b7SJohn Levon static void match_param_valid_ptr(const char *fn, struct expression *call_expr,
811f5207b7SJohn Levon 			struct expression *assign_expr, void *_param)
821f5207b7SJohn Levon {
831f5207b7SJohn Levon 	int param = PTR_INT(_param);
841f5207b7SJohn Levon 	struct expression *arg;
851f5207b7SJohn Levon 	struct smatch_state *pre_state;
861f5207b7SJohn Levon 	struct smatch_state *end_state;
87efe51d0cSJohn Levon 	struct range_list *rl;
881f5207b7SJohn Levon 
891f5207b7SJohn Levon 	arg = get_argument_from_call_expr(call_expr->args, param);
901f5207b7SJohn Levon 	pre_state = get_state_expr(SMATCH_EXTRA, arg);
91efe51d0cSJohn Levon 	if (estate_rl(pre_state)) {
92efe51d0cSJohn Levon 		rl = estate_rl(pre_state);
93efe51d0cSJohn Levon 		rl = remove_range(rl, null_ptr, null_ptr);
94efe51d0cSJohn Levon 		rl = remove_range(rl, err_ptr_min, err_ptr_max);
95efe51d0cSJohn Levon 	} else {
96efe51d0cSJohn Levon 		rl = alloc_rl(valid_ptr_min_sval, valid_ptr_max_sval);
97efe51d0cSJohn Levon 	}
98efe51d0cSJohn Levon 	end_state = alloc_estate_rl(rl);
991f5207b7SJohn Levon 	set_extra_expr_nomod(arg, end_state);
1001f5207b7SJohn Levon }
1011f5207b7SJohn Levon 
match_param_err_or_null(const char * fn,struct expression * call_expr,struct expression * assign_expr,void * _param)1021f5207b7SJohn Levon static void match_param_err_or_null(const char *fn, struct expression *call_expr,
1031f5207b7SJohn Levon 			struct expression *assign_expr, void *_param)
1041f5207b7SJohn Levon {
1051f5207b7SJohn Levon 	int param = PTR_INT(_param);
1061f5207b7SJohn Levon 	struct expression *arg;
107c85f09ccSJohn Levon 	struct range_list *pre, *rl;
1081f5207b7SJohn Levon 	struct smatch_state *pre_state;
1091f5207b7SJohn Levon 	struct smatch_state *end_state;
1101f5207b7SJohn Levon 
1111f5207b7SJohn Levon 	arg = get_argument_from_call_expr(call_expr->args, param);
1121f5207b7SJohn Levon 	pre_state = get_state_expr(SMATCH_EXTRA, arg);
113c85f09ccSJohn Levon 	if (pre_state)
114c85f09ccSJohn Levon 		pre = estate_rl(pre_state);
115c85f09ccSJohn Levon 	else
116c85f09ccSJohn Levon 		pre = alloc_whole_rl(&ptr_ctype);
117efe51d0cSJohn Levon 	call_results_to_rl(call_expr, &ptr_ctype, "0,(-4095)-(-1)", &rl);
118c85f09ccSJohn Levon 	rl = rl_intersection(pre, rl);
119efe51d0cSJohn Levon 	rl = cast_rl(get_type(arg), rl);
1201f5207b7SJohn Levon 	end_state = alloc_estate_rl(rl);
1211f5207b7SJohn Levon 	set_extra_expr_nomod(arg, end_state);
1221f5207b7SJohn Levon }
1231f5207b7SJohn Levon 
match_not_err(const char * fn,struct expression * call_expr,struct expression * assign_expr,void * unused)1241f5207b7SJohn Levon static void match_not_err(const char *fn, struct expression *call_expr,
1251f5207b7SJohn Levon 			struct expression *assign_expr, void *unused)
1261f5207b7SJohn Levon {
1271f5207b7SJohn Levon 	struct expression *arg;
1281f5207b7SJohn Levon 	struct smatch_state *pre_state;
129efe51d0cSJohn Levon 	struct range_list *rl;
1301f5207b7SJohn Levon 
1311f5207b7SJohn Levon 	arg = get_argument_from_call_expr(call_expr->args, 0);
1321f5207b7SJohn Levon 	pre_state = get_state_expr(SMATCH_EXTRA, arg);
133*6523a3aaSJohn Levon 	if (pre_state)
134*6523a3aaSJohn Levon 		return;
135*6523a3aaSJohn Levon 	rl = alloc_rl(valid_ptr_min_sval, valid_ptr_max_sval);
136efe51d0cSJohn Levon 	rl = cast_rl(get_type(arg), rl);
137efe51d0cSJohn Levon 	set_extra_expr_nomod(arg, alloc_estate_rl(rl));
1381f5207b7SJohn Levon }
1391f5207b7SJohn Levon 
match_err(const char * fn,struct expression * call_expr,struct expression * assign_expr,void * unused)1401f5207b7SJohn Levon static void match_err(const char *fn, struct expression *call_expr,
1411f5207b7SJohn Levon 			struct expression *assign_expr, void *unused)
1421f5207b7SJohn Levon {
1431f5207b7SJohn Levon 	struct expression *arg;
1441f5207b7SJohn Levon 	struct smatch_state *pre_state;
145efe51d0cSJohn Levon 	struct range_list *rl;
1461f5207b7SJohn Levon 
1471f5207b7SJohn Levon 	arg = get_argument_from_call_expr(call_expr->args, 0);
1481f5207b7SJohn Levon 	pre_state = get_state_expr(SMATCH_EXTRA, arg);
149efe51d0cSJohn Levon 	rl = estate_rl(pre_state);
150efe51d0cSJohn Levon 	if (!rl)
151efe51d0cSJohn Levon 		rl = alloc_rl(err_ptr_min, err_ptr_max);
152efe51d0cSJohn Levon 	rl = rl_intersection(rl, alloc_rl(err_ptr_min, err_ptr_max));
153efe51d0cSJohn Levon 	rl = cast_rl(get_type(arg), rl);
154*6523a3aaSJohn Levon 	if (pre_state && rl) {
155*6523a3aaSJohn Levon 		/*
156*6523a3aaSJohn Levon 		 * Ideally this would all be handled by smatch_implied.c
157*6523a3aaSJohn Levon 		 * but it doesn't work very well for impossible paths.
158*6523a3aaSJohn Levon 		 *
159*6523a3aaSJohn Levon 		 */
160*6523a3aaSJohn Levon 		return;
161*6523a3aaSJohn Levon 	}
162efe51d0cSJohn Levon 	set_extra_expr_nomod(arg, alloc_estate_rl(rl));
1631f5207b7SJohn Levon }
1641f5207b7SJohn Levon 
match_container_of_macro(const char * fn,struct expression * expr,void * unused)1651f5207b7SJohn Levon static void match_container_of_macro(const char *fn, struct expression *expr, void *unused)
1661f5207b7SJohn Levon {
1671f5207b7SJohn Levon 	set_extra_expr_mod(expr->left, alloc_estate_range(valid_ptr_min_sval, valid_ptr_max_sval));
1681f5207b7SJohn Levon }
1691f5207b7SJohn Levon 
match_container_of(struct expression * expr)1701f5207b7SJohn Levon static void match_container_of(struct expression *expr)
1711f5207b7SJohn Levon {
1721f5207b7SJohn Levon 	struct expression *right = expr->right;
1731f5207b7SJohn Levon 	char *macro;
1741f5207b7SJohn Levon 
1751f5207b7SJohn Levon 	/*
1761f5207b7SJohn Levon 	 * The problem here is that sometimes the container_of() macro is itself
1771f5207b7SJohn Levon 	 * inside a macro and get_macro() only returns the name of the outside
1781f5207b7SJohn Levon 	 * macro.
1791f5207b7SJohn Levon 	 */
1801f5207b7SJohn Levon 
1811f5207b7SJohn Levon 	/*
1821f5207b7SJohn Levon 	 * This actually an expression statement assignment but smatch_flow
1831f5207b7SJohn Levon 	 * pre-mangles it for us so we only get the last chunk:
1841f5207b7SJohn Levon 	 * sk = (typeof(sk))((char *)__mptr - offsetof(...))
1851f5207b7SJohn Levon 	 */
1861f5207b7SJohn Levon 
1871f5207b7SJohn Levon 	macro = get_macro_name(right->pos);
1881f5207b7SJohn Levon 	if (!macro)
1891f5207b7SJohn Levon 		return;
1901f5207b7SJohn Levon 	if (right->type != EXPR_CAST)
1911f5207b7SJohn Levon 		return;
1921f5207b7SJohn Levon 	right = strip_expr(right);
1931f5207b7SJohn Levon 	if (right->type != EXPR_BINOP || right->op != '-' ||
1941f5207b7SJohn Levon 	    right->left->type != EXPR_CAST)
1951f5207b7SJohn Levon 		return;
1961f5207b7SJohn Levon 	right = strip_expr(right->left);
1971f5207b7SJohn Levon 	if (right->type != EXPR_SYMBOL)
1981f5207b7SJohn Levon 		return;
1991f5207b7SJohn Levon 	if (!right->symbol->ident ||
2001f5207b7SJohn Levon 	    strcmp(right->symbol->ident->name, "__mptr") != 0)
2011f5207b7SJohn Levon 		return;
2021f5207b7SJohn Levon 	set_extra_expr_mod(expr->left, alloc_estate_range(valid_ptr_min_sval, valid_ptr_max_sval));
2031f5207b7SJohn Levon }
2041f5207b7SJohn Levon 
match_next_bit(struct expression * call,void * unused,struct range_list ** rl)2051f5207b7SJohn Levon static int match_next_bit(struct expression *call, void *unused, struct range_list **rl)
2061f5207b7SJohn Levon {
2071f5207b7SJohn Levon 	struct expression *start_arg;
2081f5207b7SJohn Levon 	struct expression *size_arg;
2091f5207b7SJohn Levon 	struct symbol *type;
2101f5207b7SJohn Levon 	sval_t min, max, tmp;
2111f5207b7SJohn Levon 
2121f5207b7SJohn Levon 	size_arg = get_argument_from_call_expr(call->args, 1);
2131f5207b7SJohn Levon 	/* btw. there isn't a start_arg for find_first_bit() */
2141f5207b7SJohn Levon 	start_arg = get_argument_from_call_expr(call->args, 2);
2151f5207b7SJohn Levon 
2161f5207b7SJohn Levon 	type = get_type(call);
2171f5207b7SJohn Levon 	min = sval_type_val(type, 0);
2181f5207b7SJohn Levon 	max = sval_type_val(type, sizeof(long long) * 8);
2191f5207b7SJohn Levon 
2201f5207b7SJohn Levon 	if (get_implied_max(size_arg, &tmp) && tmp.uvalue < max.value)
2211f5207b7SJohn Levon 		max = tmp;
2221f5207b7SJohn Levon 	if (start_arg && get_implied_min(start_arg, &tmp) && !sval_is_negative(tmp))
2231f5207b7SJohn Levon 		min = tmp;
2241f5207b7SJohn Levon 	if (sval_cmp(min, max) > 0)
2251f5207b7SJohn Levon 		max = min;
2261f5207b7SJohn Levon 	min = sval_cast(type, min);
2271f5207b7SJohn Levon 	max = sval_cast(type, max);
2281f5207b7SJohn Levon 	*rl = alloc_rl(min, max);
2291f5207b7SJohn Levon 	return 1;
2301f5207b7SJohn Levon }
2311f5207b7SJohn Levon 
match_fls(struct expression * call,void * unused,struct range_list ** rl)2321f5207b7SJohn Levon static int match_fls(struct expression *call, void *unused, struct range_list **rl)
2331f5207b7SJohn Levon {
2341f5207b7SJohn Levon 	struct expression *arg;
2351f5207b7SJohn Levon 	struct range_list *arg_rl;
2361f5207b7SJohn Levon 	sval_t zero = {};
2371f5207b7SJohn Levon 	sval_t start, end, sval;
2381f5207b7SJohn Levon 
2391f5207b7SJohn Levon 	start.type = &int_ctype;
2401f5207b7SJohn Levon 	start.value = 0;
2411f5207b7SJohn Levon 	end.type = &int_ctype;
2421f5207b7SJohn Levon 	end.value = 32;
2431f5207b7SJohn Levon 
2441f5207b7SJohn Levon 	arg = get_argument_from_call_expr(call->args, 0);
2451f5207b7SJohn Levon 	if (!get_implied_rl(arg, &arg_rl))
2461f5207b7SJohn Levon 		return 0;
2471f5207b7SJohn Levon 	if (rl_to_sval(arg_rl, &sval)) {
2481f5207b7SJohn Levon 		int i;
2491f5207b7SJohn Levon 
2501f5207b7SJohn Levon 		for (i = 63; i >= 0; i--) {
2511f5207b7SJohn Levon 			if (sval.uvalue & 1ULL << i)
2521f5207b7SJohn Levon 				break;
2531f5207b7SJohn Levon 		}
2541f5207b7SJohn Levon 		sval.value = i + 1;
2551f5207b7SJohn Levon 		*rl = alloc_rl(sval, sval);
2561f5207b7SJohn Levon 		return 1;
2571f5207b7SJohn Levon 	}
2581f5207b7SJohn Levon 	zero.type = rl_type(arg_rl);
2591f5207b7SJohn Levon 	if (!rl_has_sval(arg_rl, zero))
2601f5207b7SJohn Levon 		start.value = 1;
2611f5207b7SJohn Levon 	*rl = alloc_rl(start, end);
2621f5207b7SJohn Levon 	return 1;
2631f5207b7SJohn Levon }
2641f5207b7SJohn Levon 
find_module_init_exit(struct symbol_list * sym_list)2651f5207b7SJohn Levon static void find_module_init_exit(struct symbol_list *sym_list)
2661f5207b7SJohn Levon {
2671f5207b7SJohn Levon 	struct symbol *sym;
2681f5207b7SJohn Levon 	struct symbol *fn;
2691f5207b7SJohn Levon 	struct statement *stmt;
2701f5207b7SJohn Levon 	char *name;
2711f5207b7SJohn Levon 	int init;
2721f5207b7SJohn Levon 	int count;
2731f5207b7SJohn Levon 
2741f5207b7SJohn Levon 	/*
2751f5207b7SJohn Levon 	 * This is more complicated because Sparse ignores the "alias"
2761f5207b7SJohn Levon 	 * attribute.  I search backwards because module_init() is normally at
2771f5207b7SJohn Levon 	 * the end of the file.
2781f5207b7SJohn Levon 	 */
2791f5207b7SJohn Levon 	count = 0;
2801f5207b7SJohn Levon 	FOR_EACH_PTR_REVERSE(sym_list, sym) {
2811f5207b7SJohn Levon 		if (sym->type != SYM_NODE)
2821f5207b7SJohn Levon 			continue;
2831f5207b7SJohn Levon 		if (!(sym->ctype.modifiers & MOD_STATIC))
2841f5207b7SJohn Levon 			continue;
2851f5207b7SJohn Levon 		fn = get_base_type(sym);
2861f5207b7SJohn Levon 		if (!fn)
2871f5207b7SJohn Levon 			continue;
2881f5207b7SJohn Levon 		if (fn->type != SYM_FN)
2891f5207b7SJohn Levon 			continue;
2901f5207b7SJohn Levon 		if (!sym->ident)
2911f5207b7SJohn Levon 			continue;
2921f5207b7SJohn Levon 		if (!fn->inline_stmt)
2931f5207b7SJohn Levon 			continue;
2941f5207b7SJohn Levon 		if (strcmp(sym->ident->name, "__inittest") == 0)
2951f5207b7SJohn Levon 			init = 1;
2961f5207b7SJohn Levon 		else if (strcmp(sym->ident->name, "__exittest") == 0)
2971f5207b7SJohn Levon 			init = 0;
2981f5207b7SJohn Levon 		else
2991f5207b7SJohn Levon 			continue;
3001f5207b7SJohn Levon 
3011f5207b7SJohn Levon 		count++;
3021f5207b7SJohn Levon 
3031f5207b7SJohn Levon 		stmt = first_ptr_list((struct ptr_list *)fn->inline_stmt->stmts);
3041f5207b7SJohn Levon 		if (!stmt || stmt->type != STMT_RETURN)
3051f5207b7SJohn Levon 			continue;
3061f5207b7SJohn Levon 		name = expr_to_var(stmt->ret_value);
3071f5207b7SJohn Levon 		if (!name)
3081f5207b7SJohn Levon 			continue;
3091f5207b7SJohn Levon 		if (init)
3101f5207b7SJohn Levon 			sql_insert_function_ptr(name, "(struct module)->init");
3111f5207b7SJohn Levon 		else
3121f5207b7SJohn Levon 			sql_insert_function_ptr(name, "(struct module)->exit");
3131f5207b7SJohn Levon 		free_string(name);
3141f5207b7SJohn Levon 		if (count >= 2)
3151f5207b7SJohn Levon 			return;
3161f5207b7SJohn Levon 	} END_FOR_EACH_PTR_REVERSE(sym);
3171f5207b7SJohn Levon }
3181f5207b7SJohn Levon 
match_end_file(struct symbol_list * sym_list)3191f5207b7SJohn Levon static void match_end_file(struct symbol_list *sym_list)
3201f5207b7SJohn Levon {
3211f5207b7SJohn Levon 	struct symbol *sym;
3221f5207b7SJohn Levon 
3231f5207b7SJohn Levon 	/* find the last static symbol in the file */
3241f5207b7SJohn Levon 	FOR_EACH_PTR_REVERSE(sym_list, sym) {
3251f5207b7SJohn Levon 		if (!(sym->ctype.modifiers & MOD_STATIC))
3261f5207b7SJohn Levon 			continue;
3271f5207b7SJohn Levon 		if (!sym->scope)
3281f5207b7SJohn Levon 			continue;
3291f5207b7SJohn Levon 		find_module_init_exit(sym->scope->symbols);
3301f5207b7SJohn Levon 		return;
3311f5207b7SJohn Levon 	} END_FOR_EACH_PTR_REVERSE(sym);
3321f5207b7SJohn Levon }
3331f5207b7SJohn Levon 
get_val_expr(struct expression * expr)3341f5207b7SJohn Levon static struct expression *get_val_expr(struct expression *expr)
3351f5207b7SJohn Levon {
3361f5207b7SJohn Levon 	struct symbol *sym, *val;
3371f5207b7SJohn Levon 
3381f5207b7SJohn Levon 	if (expr->type != EXPR_DEREF)
3391f5207b7SJohn Levon 		return NULL;
3401f5207b7SJohn Levon 	expr = expr->deref;
3411f5207b7SJohn Levon 	if (expr->type != EXPR_SYMBOL)
3421f5207b7SJohn Levon 		return NULL;
3431f5207b7SJohn Levon 	if (strcmp(expr->symbol_name->name, "__u") != 0)
3441f5207b7SJohn Levon 		return NULL;
3451f5207b7SJohn Levon 	sym = get_base_type(expr->symbol);
3461f5207b7SJohn Levon 	val = first_ptr_list((struct ptr_list *)sym->symbol_list);
3471f5207b7SJohn Levon 	if (!val || strcmp(val->ident->name, "__val") != 0)
3481f5207b7SJohn Levon 		return NULL;
3491f5207b7SJohn Levon 	return member_expression(expr, '.', val->ident);
3501f5207b7SJohn Levon }
3511f5207b7SJohn Levon 
match__write_once_size(const char * fn,struct expression * call,void * unused)3521f5207b7SJohn Levon static void match__write_once_size(const char *fn, struct expression *call,
3531f5207b7SJohn Levon 			       void *unused)
3541f5207b7SJohn Levon {
3551f5207b7SJohn Levon 	struct expression *dest, *data, *assign;
3561f5207b7SJohn Levon 	struct range_list *rl;
3571f5207b7SJohn Levon 
3581f5207b7SJohn Levon 	dest = get_argument_from_call_expr(call->args, 0);
3591f5207b7SJohn Levon 	if (dest->type != EXPR_PREOP || dest->op != '&')
3601f5207b7SJohn Levon 		return;
3611f5207b7SJohn Levon 	dest = strip_expr(dest->unop);
3621f5207b7SJohn Levon 
3631f5207b7SJohn Levon 	data = get_argument_from_call_expr(call->args, 1);
3641f5207b7SJohn Levon 	data = get_val_expr(data);
3651f5207b7SJohn Levon 	if (!data)
3661f5207b7SJohn Levon 		return;
3671f5207b7SJohn Levon 	get_absolute_rl(data, &rl);
3681f5207b7SJohn Levon 	assign = assign_expression(dest, '=', data);
3691f5207b7SJohn Levon 
3701f5207b7SJohn Levon 	__in_fake_assign++;
3711f5207b7SJohn Levon 	__split_expr(assign);
3721f5207b7SJohn Levon 	__in_fake_assign--;
3731f5207b7SJohn Levon }
3741f5207b7SJohn Levon 
match__read_once_size(const char * fn,struct expression * call,void * unused)3751f5207b7SJohn Levon static void match__read_once_size(const char *fn, struct expression *call,
3761f5207b7SJohn Levon 			       void *unused)
3771f5207b7SJohn Levon {
3781f5207b7SJohn Levon 	struct expression *dest, *data, *assign;
3791f5207b7SJohn Levon 	struct symbol *type, *val_sym;
3801f5207b7SJohn Levon 
3811f5207b7SJohn Levon 	/*
3821f5207b7SJohn Levon 	 * We want to change:
3831f5207b7SJohn Levon 	 *	__read_once_size_nocheck(&(x), __u.__c, sizeof(x));
3841f5207b7SJohn Levon 	 * into a fake assignment:
3851f5207b7SJohn Levon 	 *	__u.val = x;
3861f5207b7SJohn Levon 	 *
3871f5207b7SJohn Levon 	 */
3881f5207b7SJohn Levon 
3891f5207b7SJohn Levon 	data = get_argument_from_call_expr(call->args, 0);
3901f5207b7SJohn Levon 	if (data->type != EXPR_PREOP || data->op != '&')
3911f5207b7SJohn Levon 		return;
3921f5207b7SJohn Levon 	data = strip_parens(data->unop);
3931f5207b7SJohn Levon 
3941f5207b7SJohn Levon 	dest = get_argument_from_call_expr(call->args, 1);
3951f5207b7SJohn Levon 	if (dest->type != EXPR_DEREF || dest->op != '.')
3961f5207b7SJohn Levon 		return;
3971f5207b7SJohn Levon 	if (!dest->member || strcmp(dest->member->name, "__c") != 0)
3981f5207b7SJohn Levon 		return;
3991f5207b7SJohn Levon 	dest = dest->deref;
4001f5207b7SJohn Levon 	type = get_type(dest);
4011f5207b7SJohn Levon 	if (!type)
4021f5207b7SJohn Levon 		return;
4031f5207b7SJohn Levon 	val_sym = first_ptr_list((struct ptr_list *)type->symbol_list);
4041f5207b7SJohn Levon 	dest = member_expression(dest, '.', val_sym->ident);
4051f5207b7SJohn Levon 
4061f5207b7SJohn Levon 	assign = assign_expression(dest, '=', data);
4071f5207b7SJohn Levon 	__in_fake_assign++;
4081f5207b7SJohn Levon 	__split_expr(assign);
4091f5207b7SJohn Levon 	__in_fake_assign--;
4101f5207b7SJohn Levon }
4111f5207b7SJohn Levon 
match_closure_call(const char * name,struct expression * call,void * unused)412*6523a3aaSJohn Levon static void match_closure_call(const char *name, struct expression *call,
413*6523a3aaSJohn Levon 			       void *unused)
414*6523a3aaSJohn Levon {
415*6523a3aaSJohn Levon 	struct expression *cl, *fn, *fake_call;
416*6523a3aaSJohn Levon 	struct expression_list *args = NULL;
417*6523a3aaSJohn Levon 
418*6523a3aaSJohn Levon 	cl = get_argument_from_call_expr(call->args, 0);
419*6523a3aaSJohn Levon 	fn = get_argument_from_call_expr(call->args, 1);
420*6523a3aaSJohn Levon 	if (!fn || !cl)
421*6523a3aaSJohn Levon 		return;
422*6523a3aaSJohn Levon 
423*6523a3aaSJohn Levon 	add_ptr_list(&args, cl);
424*6523a3aaSJohn Levon 	fake_call = call_expression(fn, args);
425*6523a3aaSJohn Levon 	__split_expr(fake_call);
426*6523a3aaSJohn Levon }
427*6523a3aaSJohn Levon 
is_ignored_kernel_data(const char * name)428efe51d0cSJohn Levon bool is_ignored_kernel_data(const char *name)
429efe51d0cSJohn Levon {
430efe51d0cSJohn Levon 	if (option_project != PROJ_KERNEL)
431efe51d0cSJohn Levon 		return false;
432efe51d0cSJohn Levon 
433efe51d0cSJohn Levon 	/*
434efe51d0cSJohn Levon 	 * On the file I was looking at lockdep was 25% of the DB.
435efe51d0cSJohn Levon 	 */
436efe51d0cSJohn Levon 	if (strstr(name, ".dep_map."))
437efe51d0cSJohn Levon 		return true;
438efe51d0cSJohn Levon 	if (strstr(name, ".lockdep_map."))
439efe51d0cSJohn Levon 		return true;
440efe51d0cSJohn Levon 	return false;
441efe51d0cSJohn Levon }
442efe51d0cSJohn Levon 
check_kernel(int id)4431f5207b7SJohn Levon void check_kernel(int id)
4441f5207b7SJohn Levon {
4451f5207b7SJohn Levon 	if (option_project != PROJ_KERNEL)
4461f5207b7SJohn Levon 		return;
4471f5207b7SJohn Levon 
448efe51d0cSJohn Levon 	err_ptr_min.type = &ptr_ctype;
449efe51d0cSJohn Levon 	err_ptr_min.value = -4095;
450efe51d0cSJohn Levon 	err_ptr_max.type = &ptr_ctype;
451efe51d0cSJohn Levon 	err_ptr_max.value = -1l;
452efe51d0cSJohn Levon 	null_ptr.type = &ptr_ctype;
453efe51d0cSJohn Levon 	null_ptr.value = 0;
454efe51d0cSJohn Levon 
455efe51d0cSJohn Levon 	err_ptr_min = sval_cast(&ptr_ctype, err_ptr_min);
456efe51d0cSJohn Levon 	err_ptr_max = sval_cast(&ptr_ctype, err_ptr_max);
457efe51d0cSJohn Levon 
4581f5207b7SJohn Levon 	add_implied_return_hook("ERR_PTR", &implied_err_cast_return, NULL);
4591f5207b7SJohn Levon 	add_implied_return_hook("ERR_CAST", &implied_err_cast_return, NULL);
4601f5207b7SJohn Levon 	add_implied_return_hook("PTR_ERR", &implied_err_cast_return, NULL);
4611f5207b7SJohn Levon 	add_hook(hack_ERR_PTR, AFTER_DEF_HOOK);
4621f5207b7SJohn Levon 	return_implies_state("IS_ERR_OR_NULL", 0, 0, &match_param_valid_ptr, (void *)0);
4631f5207b7SJohn Levon 	return_implies_state("IS_ERR_OR_NULL", 1, 1, &match_param_err_or_null, (void *)0);
4641f5207b7SJohn Levon 	return_implies_state("IS_ERR", 0, 0, &match_not_err, NULL);
4651f5207b7SJohn Levon 	return_implies_state("IS_ERR", 1, 1, &match_err, NULL);
4661f5207b7SJohn Levon 	return_implies_state("tomoyo_memory_ok", 1, 1, &match_param_valid_ptr, (void *)0);
4671f5207b7SJohn Levon 
4681f5207b7SJohn Levon 	add_macro_assign_hook_extra("container_of", &match_container_of_macro, NULL);
4691f5207b7SJohn Levon 	add_hook(match_container_of, ASSIGNMENT_HOOK);
4701f5207b7SJohn Levon 
4711f5207b7SJohn Levon 	add_implied_return_hook("find_next_bit", &match_next_bit, NULL);
4721f5207b7SJohn Levon 	add_implied_return_hook("find_next_zero_bit", &match_next_bit, NULL);
4731f5207b7SJohn Levon 	add_implied_return_hook("find_first_bit", &match_next_bit, NULL);
4741f5207b7SJohn Levon 	add_implied_return_hook("find_first_zero_bit", &match_next_bit, NULL);
4751f5207b7SJohn Levon 
4761f5207b7SJohn Levon 	add_implied_return_hook("fls", &match_fls, NULL);
4771f5207b7SJohn Levon 	add_implied_return_hook("fls64", &match_fls, NULL);
4781f5207b7SJohn Levon 
4791f5207b7SJohn Levon 	add_function_hook("__ftrace_bad_type", &__match_nullify_path_hook, NULL);
4801f5207b7SJohn Levon 	add_function_hook("__write_once_size", &match__write_once_size, NULL);
4811f5207b7SJohn Levon 
4821f5207b7SJohn Levon 	add_function_hook("__read_once_size", &match__read_once_size, NULL);
4831f5207b7SJohn Levon 	add_function_hook("__read_once_size_nocheck", &match__read_once_size, NULL);
4841f5207b7SJohn Levon 
485*6523a3aaSJohn Levon 	add_function_hook("closure_call", &match_closure_call, NULL);
486*6523a3aaSJohn Levon 
4871f5207b7SJohn Levon 	if (option_info)
4881f5207b7SJohn Levon 		add_hook(match_end_file, END_FILE_HOOK);
4891f5207b7SJohn Levon }