xref: /illumos-gate/usr/src/tools/smatch/src/smatch_fresh_alloc.c (revision b531f6d16eb39863e7bbc34773fb7ef7a282a0a2) 
1 /*
2  * Copyright (C) 2019 Oracle.
3  *
4  * This program is free software; you can redistribute it and/or
5  * modify it under the terms of the GNU General Public License
6  * as published by the Free Software Foundation; either version 2
7  * of the License, or (at your option) any later version.
8  *
9  * This program is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12  * GNU General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
16  */
17 
18 /*
19  * There are a bunch of allocation functions where we allocate some memory,
20  * set up some struct members and then return the allocated memory.  One
21  * nice thing about this is that we just one pointer to the allocated memory
22  * so what we can do is we can generate a mtag alias for it in the caller.
23  */
24 
25 #include "smatch.h"
26 #include "smatch_slist.h"
27 
28 static int my_id;
29 
30 STATE(fresh);
31 
32 struct alloc_info *alloc_funcs;
33 
34 struct alloc_info kernel_allocation_funcs[] = {
35 	{"kmalloc", 0},
36 	{"kmalloc_node", 0},
37 	{"kzalloc", 0},
38 	{"kzalloc_node", 0},
39 	{"vmalloc", 0},
40 	{"__vmalloc", 0},
41 	{"kvmalloc", 0},
42 	{"kcalloc", 0, 1},
43 	{"kmalloc_array", 0, 1},
44 	{"sock_kmalloc", 1},
45 	{"kmemdup", 1},
46 	{"kmemdup_user", 1},
47 	{"dma_alloc_attrs", 1},
48 	{"pci_alloc_consistent", 1},
49 	{"pci_alloc_coherent", 1},
50 	{"devm_kmalloc", 1},
51 	{"devm_kzalloc", 1},
52 	{"krealloc", 1},
53 	{"__alloc_bootmem", 0},
54 	{"alloc_bootmem", 0},
55 	{"dma_alloc_contiguous", 1},
56 	{"dma_alloc_coherent", 1},
57 	{},
58 };
59 
60 struct alloc_info general_allocation_funcs[] = {
61 	{"malloc", 0},
62 	{"calloc", 0, 1},
63 	{"memdup", 1},
64 	{"realloc", 1},
65 	{},
66 };
67 
68 static int fresh_callback(void *fresh, int argc, char **argv, char **azColName)
69 {
70 	*(int *)fresh = 1;
71 	return 0;
72 }
73 
74 static int fresh_from_db(struct expression *call)
75 {
76 	int fresh = 0;
77 
78 	/* for function pointers assume everything is used */
79 	if (call->fn->type != EXPR_SYMBOL)
80 		return 0;
81 
82 	run_sql(&fresh_callback, &fresh,
83 		"select * from return_states where %s and type = %d and parameter = -1 and key = '$' limit 1;",
84 		get_static_filter(call->fn->symbol), FRESH_ALLOC);
85 	return fresh;
86 }
87 
88 bool is_fresh_alloc_var_sym(const char *var, struct symbol *sym)
89 {
90 	return get_state(my_id, var, sym) == &fresh;
91 }
92 
93 bool is_fresh_alloc(struct expression *expr)
94 {
95 	sval_t sval;
96 	int i;
97 
98 	if (!expr)
99 		return false;
100 
101 	if (get_implied_value_fast(expr, &sval) && sval.value == 0)
102 		return false;
103 
104 	if (get_state_expr(my_id, expr) == &fresh)
105 		return true;
106 
107 	if (expr->type != EXPR_CALL)
108 		return false;
109 	if (fresh_from_db(expr))
110 		return true;
111 	i = -1;
112 	while (alloc_funcs[++i].fn) {
113 		if (sym_name_is(kernel_allocation_funcs[i].fn, expr->fn))
114 			return true;
115 	}
116 	return false;
117 }
118 
119 static void record_alloc_func(int return_id, char *return_ranges, struct expression *expr)
120 {
121 	if (!is_fresh_alloc(expr))
122 		return;
123 	sql_insert_return_states(return_id, return_ranges, FRESH_ALLOC, -1, "$", "");
124 }
125 
126 static void set_unfresh(struct expression *expr)
127 {
128 	struct sm_state *sm;
129 
130 	sm = get_sm_state_expr(my_id, expr);
131 	if (!sm)
132 		return;
133 	if (!slist_has_state(sm->possible, &fresh))
134 		return;
135 	// TODO call unfresh hooks
136 	set_state_expr(my_id, expr, &undefined);
137 }
138 
139 static void match_assign(struct expression *expr)
140 {
141 	set_unfresh(expr->right);
142 }
143 
144 static void match_call(struct expression *expr)
145 {
146 	struct expression *arg;
147 
148 	FOR_EACH_PTR(expr->args, arg) {
149 		set_unfresh(arg);
150 	} END_FOR_EACH_PTR(arg);
151 }
152 
153 static void set_fresh(struct expression *expr)
154 {
155 	expr = strip_expr(expr);
156 	if (expr->type != EXPR_SYMBOL)
157 		return;
158 	set_state_expr(my_id, expr, &fresh);
159 }
160 
161 static void returns_fresh_alloc(struct expression *expr, int param, char *key, char *value)
162 {
163 	if (param != -1 || !key || strcmp(key, "$") != 0)
164 		return;
165 	if (expr->type != EXPR_ASSIGNMENT)
166 		return;
167 
168 	set_fresh(expr->left);
169 }
170 
171 static void match_alloc(const char *fn, struct expression *expr, void *_size_arg)
172 {
173 	set_fresh(expr->left);
174 }
175 
176 void register_fresh_alloc(int id)
177 {
178 	int i;
179 
180 	my_id = id;
181 
182 	if (option_project == PROJ_KERNEL)
183 		alloc_funcs = kernel_allocation_funcs;
184 	else
185 		alloc_funcs = general_allocation_funcs;
186 
187 	i = -1;
188 	while (alloc_funcs[++i].fn)
189 		add_function_assign_hook(alloc_funcs[i].fn, &match_alloc, 0);
190 
191 	add_split_return_callback(&record_alloc_func);
192 	select_return_states_hook(FRESH_ALLOC, &returns_fresh_alloc);
193 	add_hook(&match_assign, ASSIGNMENT_HOOK);
194 	add_hook(&match_call, FUNCTION_CALL_HOOK);
195 }
196