From patchwork Thu Dec 20 19:59:27 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tycho Andersen <tycho@tycho.ws>
X-Patchwork-Id: 10739519
Return-Path: <linux-sparse-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2EF366C5
	for <patchwork-linux-sparse@patchwork.kernel.org>;
 Thu, 20 Dec 2018 19:59:43 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1E85728BA7
	for <patchwork-linux-sparse@patchwork.kernel.org>;
 Thu, 20 Dec 2018 19:59:43 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 114B328BB8; Thu, 20 Dec 2018 19:59:43 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 93F0928BA7
	for <patchwork-linux-sparse@patchwork.kernel.org>;
 Thu, 20 Dec 2018 19:59:42 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1731422AbeLTT7m (ORCPT
        <rfc822;patchwork-linux-sparse@patchwork.kernel.org>);
        Thu, 20 Dec 2018 14:59:42 -0500
Received: from mail-it1-f196.google.com ([209.85.166.196]:34169 "EHLO
        mail-it1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725372AbeLTT7m (ORCPT
        <rfc822;linux-sparse@vger.kernel.org>);
        Thu, 20 Dec 2018 14:59:42 -0500
Received: by mail-it1-f196.google.com with SMTP id x124so13957531itd.1
        for <linux-sparse@vger.kernel.org>;
 Thu, 20 Dec 2018 11:59:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=tycho-ws.20150623.gappssmtp.com; s=20150623;
        h=from:to:cc:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=ePEyuTt0uOjbTZJSAeMWqP4ZVKuftaI+KTjidEORftc=;
        b=PcNSFJfXyqKfGjvZ/QJgKesPqUmAp6ywVGvO3qIFncYgYP6QS7LuNkhUH6vWRbbPzz
         hKFa1HcUbvaynO/PlTcj1ug3FvsQMTgAu+98Zi1gE554LjOeSqTx9xdCoDyT0/VU+aM2
         cJNOPg9s0hK0i/DW7UHEeBz2CrSjf7xuDK9Styy4YKwaJaaWqBYrT4MDkqTT3hGHDIzC
         8WfFCQQmD95lnCBtzILCa+6m2x4AvGm3j/PnxU1Wr9PfJgF4rOswamhRDoeZbCusgGL6
         Ylj1c94zMvw2ZN8ZbvBdbiiyN3Lx8sdVsxcUwXJxcmm2nOVzJ3L1/eEo3Kden6UUiU6n
         rQbg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=ePEyuTt0uOjbTZJSAeMWqP4ZVKuftaI+KTjidEORftc=;
        b=UDEgeFYlfh4wlaPhbNfA+LhFQ0EcsBbKe2prVKCWUWk54GYxJfNLv8CcSWmoHYivAA
         pNdp3R3QdrAvNkSJsFQC4A8fBFf7nrO+m1PkMiCN0e6xwPxxvo2QH7J58zPNga982oAH
         DEqce0ptLDbr7BRrnIXTfo2eSOMQ7HokHNVOHBdohBiEe4YwJQUnezl2HiCv8zJIpuf5
         1TKEAPLWsKtNv4XlzXacjH3yJoA/fMyeRiZAdRjlDPdNP1JFiLzEDkuQH8OkmCUAT3C4
         P6eteo+AL5KXzpJswRCgMbF7VvvDpchDSMfbQUIiHBg0nPaw6X5q/f+3DhU+wmxWfv2g
         nGbA==
X-Gm-Message-State: AA+aEWahg5HaKgCEqfiLwyMIhbpJn+6CeyjNKMvM9bDQIuYKQ6Rb2GG2
        3Q92sqoIxqfxdeI1eO/w2F2xqgM5lhxu4A==
X-Google-Smtp-Source: 
 AFSGD/WwvUxCF3nWkmLo5J4fljWsdOmbu7D7bI6cz0w2YswdGqFub4JD8ViTHdjdVohoTJwOQdgCEg==
X-Received: by 2002:a02:660f:: with SMTP id k15mr24911307jac.38.1545335980640;
        Thu, 20 Dec 2018 11:59:40 -0800 (PST)
Received: from cisco.lan (71-218-133-134.hlrn.qwest.net. [71.218.133.134])
        by smtp.gmail.com with ESMTPSA id
 b140sm5068429itc.4.2018.12.20.11.59.39
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 20 Dec 2018 11:59:39 -0800 (PST)
From: Tycho Andersen <tycho@tycho.ws>
To: linux-sparse@vger.kernel.org, kernel-hardening@lists.openwall.com
Cc: Tycho Andersen <tycho@tycho.ws>
Subject: [RFC v1 0/4] static analysis of copy_to_user()
Date: Thu, 20 Dec 2018 12:59:27 -0700
Message-Id: <20181220195931.20331-1-tycho@tycho.ws>
X-Mailer: git-send-email 2.19.1
MIME-Version: 1.0
Sender: linux-sparse-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-sparse.vger.kernel.org>
X-Mailing-List: linux-sparse@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Hi all,

A while ago I talked with various people about whether some static
analsys of copy_to_user() could be productive in finding infoleaks.
Unfortunately, due to the various issues outlined in the patch notes, it
doesn't seem like it is. Perhaps these checks are useful to put in just
to future proof ourselves against these sorts of issues, though.

Anyway, here's the code. Thoughts welcome!

Tycho

Tycho Andersen (4):
  expression.h: update comment to include other cast types
  move name-based analysis before linearization
  add a check for copy_to_user() address spaces
  check copy_to_user() sizes

 expression.h                           |   2 +-
 sparse.c                               | 327 ++++++++++++++++++++++---
 validation/copy_to_user.c              |  31 +++
 validation/copy_to_user_sizes.c        |  53 ++++
 validation/copy_to_user_sizes_inline.c |  29 +++
 5 files changed, 405 insertions(+), 37 deletions(-)
 create mode 100644 validation/copy_to_user.c
 create mode 100644 validation/copy_to_user_sizes.c
 create mode 100644 validation/copy_to_user_sizes_inline.c