Category: Uncategorized
-
return 0 is better than return ret
There are a lot of people who write “return ret;” when they mean “return 0;” I feel like I’m the person who cares about this the most in the world, but hopefully after reading this blog you will notice it as well and it will annoy you.
-
When to use == 0
This is no longer a debate in the Linux kernel, but I saw some code written in out of date style recently and it was a moment of reminiscing. You used to see code like this: You should never use == NULL or != NULL. This rule is enforced by checkpatch. Comparing against zero is…
-
strcpy strncpy() strlcpy() and strscpy()
The kernel has a number of strcpy() functions that copy a string from one pointer to another. This blog is a short guide. strcpy() is dangerous because it has no bounds checking and can lead to a buffer overflow. strncpy() will not overflow the destination buffer. But the problem is that if it has to…
-
Ignore old warnings
I really believe in static checkers but sometimes static checker advice is wrong and harmful. For example, earlier in the week we made a buffer 16 bytes larger to silence checker false positive. Another time we got into a pointless argument about how to silence a different checker false positive. The best way to deal…
-
Writing a check for zero IRQ error codes
In the earliest git release of the Linux kernel the platform_get_irq() function used to return zero on error. It’s hard for me to know why this is. I do think that there is a sense where unsigned int is “cleaner” for this purpose. From a practical perspective negative error codes are standard. Also are we…
-
-Wsign-compare is garbage
The -Wsign-compare warning is bad. It is a waste of time and will only make your code worse and more buggy.
-
Debugfs functions are not supposed to be checked
Debugfs functions are not supposed to have error handling.
-
Writing a double fget() warning
Recently we were looking at CVE-2023-1838 fixed in commit fb4554c2232e (“Fix double fget() in vhost_net_set_backend()”). It’s a form of a double fetch bug, where you get data from the user, you run all kinds on checks on it to verify that the data is good and then you get the data from the user again.…
-
Debugging Smatch Checks
When you write your first Smatch check it is, unfortunately, unlikely that it will work on the first try. Here are some hints to figure out what is wrong. The first thing is to remember that Smatch works on pre-processed code. If you’re checking kernel code then you can view the pre-processed code using the…
-
Smatch hooks and modules
There are two kinds of Smatch files. smatch_*.c files are core files which provide functionality and check_*.c files are checks. The other files in the directory are Sparse files. The most interesting smatch_*.c file is smatch_flow.c which describes how the code flows and how smatch hooks are called. Search for __pass_to_client(expr, WHATEVER_HOOK); The smatch_function_hooks.c file…