9 CVE bugs in Linux-next. about cvehound HOT 7 CLOSED

I didn't run the tests on linux-next yet. Thanks, I will check and make the patterns for these rules more strict.

from cvehound.

• What is your coccinelle version? spatch --version
• What is your cvehound version? cvehound --version
• What is your linux-next latest commit?

I can't reproduce the problem on latest cvehound from git. The tool detects nothing on linux-next.

UPD: all other cvehound versions also shows noting. My coccinelle version is 1.0.8

from cvehound.

I've added master branch from linux-next to tests. It shows nothing https://github.com/evdenis/cvehound/runs/1785485675?check_suite_focus=true Tests use coccinelle 1.0.4

from cvehound.

What is your coccinelle version?

• 1.0.8, same as you do

What is your cvehound version?

• This issue is not about cvehound in fact, because I use spatch xxx.cocci directly

What is your linux-next latest commit?

• 210128 XD

Let me make myself more clear ~

This issue is based on my personal abstract of this project:

1. CVE coccinelle rules come from an official site.
2. Use these rules to catch unsettled bugs in Linux kernel code and get results.
3. Use python to deal with these results
4. you wrap 1,2,3 as 'cvehound'

So when I do some check in 2. directly using spatch, as
spatch CVE-2020-27815.cocci ~/kernelcode/pandora/linux-next/
I get an unpredictable result as

diff -u -p ***/linux-next/fs/jfs/jfs_dmap.c /tmp/nothing/fs/jfs/jfs_dmap.c
---  ***/linux-next/fs/jfs/jfs_dmap.c
+++ /tmp/nothing/fs/jfs/jfs_dmap.c
@@ -2903,7 +2903,6 @@ static void dbAdjTree(dmtree_t * tp, int

        /* set the new value.
         */
-       tp->dmt_stree[lp] = newval;

        /* bubble the new value up the tree as required.
         */

Which means this bug is not settled in Linux-next, right?

By the way, I neglect such warning, not knowing whether it's important
warning: line 11: should t1 be a metavariable?

from cvehound.

CVE coccinelle rules come from an official site.

There is no official site. I develop these coccinelle rules solely by myself in this project.

you wrap 1,2,3 as 'cvehound'

As for current state I can agree with that this is wrap with metainfo from linuxkernelcves.com But in a week I will add configs analyser that will output under which CONFIG_* options but happens. Later I will add --cwe filter and filtering by kernel directory.
BTW, did you try to use verbose mode of the tool -vv?

directly using spatch, as
spatch CVE-2020-27815.cocci ~/kernelcode/pandora/linux-next/

You are doing it wrong. You need to add at least "-D detect"
https://github.com/evdenis/cvehound/blob/master/cvehound/__init__.py#L97-L99

I get an unpredictable result as

The result is predictable. These diffs means nothing. They are required to me only to debug the coccinelle rules when I develop them. For example, in your particular case (CVE-2020-27815) the bug is in combination when there is a define

#define dmt_stree t1.stree

and this define is used in dbAdjTree() function. In your case the rule detects only the latter, but not the former part.

Which means this bug is not settled in Linux-next, right?

Wrong. Missing fix is detected when there is a string in coccinelle output:
<file>:ERROR: CVE-1234-1234

For example:

linux/drivers/net/tun.c:1876:47-48: ERROR: CVE-2021-0342

By the way, I neglect such warning, not knowing whether it's important
warning: line 11: should t1 be a metavariable?

It's not important. I can't suppress these warnings because I need to use such variables as not metavariables intentionally.

from cvehound.

I've added linux-next to CI. No detections
#13

from cvehound.

you wrap 1,2,3 as 'cvehound'

It's not a simple wrap. It also speedups the check because it takes the info from the cocci rules headers about which kernel files are required to check. Without it spatch will try to check all kernel files and this is significantly slower.

from cvehound.