1 /*
2 * Copyright (C) 2015 Rasmus Villemoes.
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version 2
7 * of the License, or (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
16 */
17
18 #include <assert.h>
19 #include <ctype.h>
20 #include <string.h>
21 #include "smatch.h"
22 #include "smatch_slist.h"
23
24 #define spam(args...) do { \
25 if (option_spammy) \
26 sm_msg(args); \
27 } while (0)
28
29 static int my_id;
30
31 /*
32 * Much of this is taken directly from the kernel (mostly vsprintf.c),
33 * with a few modifications here and there.
34 */
35
36 #define KERN_SOH_ASCII '\001'
37
38 typedef unsigned char u8;
39 typedef signed short s16;
40
41 #define SIGN 1 /* unsigned/signed, must be 1 */
42 #define LEFT 2 /* left justified */
43 #define PLUS 4 /* show plus */
44 #define SPACE 8 /* space if plus */
45 #define ZEROPAD 16 /* pad with zero, must be 16 == '0' - ' ' */
46 #define SMALL 32 /* use lowercase in hex (must be 32 == 0x20) */
47 #define SPECIAL 64 /* prefix hex with "0x", octal with "0" */
48
49 enum format_type {
50 FORMAT_TYPE_NONE, /* Just a string part */
51 FORMAT_TYPE_WIDTH,
52 FORMAT_TYPE_PRECISION,
53 FORMAT_TYPE_CHAR,
54 FORMAT_TYPE_STR,
55 FORMAT_TYPE_PTR,
56 FORMAT_TYPE_PERCENT_CHAR,
57 FORMAT_TYPE_INVALID,
58 FORMAT_TYPE_LONG_LONG,
59 FORMAT_TYPE_ULONG,
60 FORMAT_TYPE_LONG,
61 FORMAT_TYPE_UBYTE,
62 FORMAT_TYPE_BYTE,
63 FORMAT_TYPE_USHORT,
64 FORMAT_TYPE_SHORT,
65 FORMAT_TYPE_UINT,
66 FORMAT_TYPE_INT,
67 FORMAT_TYPE_SIZE_T,
68 FORMAT_TYPE_PTRDIFF,
69 FORMAT_TYPE_NRCHARS, /* Reintroduced for this checker */
70 FORMAT_TYPE_FLOAT, /* for various floating point formatters */
71 };
72
73 struct printf_spec {
74 unsigned int type:8; /* format_type enum */
75 signed int field_width:24; /* width of output field */
76 unsigned int flags:8; /* flags to number() */
77 unsigned int base:8; /* number base, 8, 10 or 16 only */
78 signed int precision:16; /* # of digits/chars */
79 } __packed;
80 #define FIELD_WIDTH_MAX ((1 << 23) - 1)
81 #define PRECISION_MAX ((1 << 15) - 1)
82 extern char __check_printf_spec[1-2*(sizeof(struct printf_spec) != 8)];
83
84 static int
85 skip_atoi(const char **s)
86 {
87 int i = 0;
88
89 while (isdigit(**s))
90 i = i*10 + *((*s)++) - '0';
91
92 return i;
93 }
94
95 static int
96 format_decode(const char *fmt, struct printf_spec *spec)
97 {
98 const char *start = fmt;
99 char qualifier;
100
101 /* we finished early by reading the field width */
102 if (spec->type == FORMAT_TYPE_WIDTH) {
103 if (spec->field_width < 0) {
104 spec->field_width = -spec->field_width;
105 spec->flags |= LEFT;
106 }
107 spec->type = FORMAT_TYPE_NONE;
108 goto precision;
109 }
110
111 /* we finished early by reading the precision */
112 if (spec->type == FORMAT_TYPE_PRECISION) {
113 if (spec->precision < 0)
114 spec->precision = 0;
115
116 spec->type = FORMAT_TYPE_NONE;
117 goto qualifier;
118 }
119
120 /* By default */
121 spec->type = FORMAT_TYPE_NONE;
122
123 for (; *fmt ; ++fmt) {
124 if (*fmt == '%')
125 break;
126 }
127
128 /* Return the current non-format string */
129 if (fmt != start || !*fmt)
130 return fmt - start;
131
132 /* Process flags */
133 spec->flags = 0;
134
135 while (1) { /* this also skips first '%' */
136 bool found = true;
137
138 ++fmt;
139
140 switch (*fmt) {
141 case '-': spec->flags |= LEFT; break;
142 case '+': spec->flags |= PLUS; break;
143 case ' ': spec->flags |= SPACE; break;
144 case '#': spec->flags |= SPECIAL; break;
145 case '0': spec->flags |= ZEROPAD; break;
146 default: found = false;
147 }
148
149 if (!found)
150 break;
151 }
152
153 /* get field width */
154 spec->field_width = -1;
155
156 if (isdigit(*fmt))
157 spec->field_width = skip_atoi(&fmt);
158 else if (*fmt == '*') {
159 /* it's the next argument */
160 spec->type = FORMAT_TYPE_WIDTH;
161 return ++fmt - start;
162 }
163
164 precision:
165 /* get the precision */
166 spec->precision = -1;
167 if (*fmt == '.') {
168 ++fmt;
169 if (isdigit(*fmt)) {
170 spec->precision = skip_atoi(&fmt);
171 if (spec->precision < 0)
172 spec->precision = 0;
173 } else if (*fmt == '*') {
174 /* it's the next argument */
175 spec->type = FORMAT_TYPE_PRECISION;
176 return ++fmt - start;
177 }
178 }
179
180 qualifier:
181 /* get the conversion qualifier */
182 qualifier = 0;
183 if (*fmt == 'h' || _tolower(*fmt) == 'l' ||
184 _tolower(*fmt) == 'z' || *fmt == 't') {
185 qualifier = *fmt++;
186 if (qualifier == *fmt) {
187 if (qualifier == 'l') {
188 qualifier = 'L';
189 ++fmt;
190 } else if (qualifier == 'h') {
191 qualifier = 'H';
192 ++fmt;
193 } else {
194 sm_warning("invalid repeated qualifier '%c'", *fmt);
195 }
196 }
197 }
198
199 /* default base */
200 spec->base = 10;
201 switch (*fmt) {
202 case 'c':
203 if (qualifier)
204 sm_warning("qualifier '%c' ignored for %%c specifier", qualifier);
205
206 spec->type = FORMAT_TYPE_CHAR;
207 return ++fmt - start;
208
209 case 's':
210 if (qualifier)
211 sm_warning("qualifier '%c' ignored for %%s specifier", qualifier);
212
213 spec->type = FORMAT_TYPE_STR;
214 return ++fmt - start;
215
216 case 'p':
217 spec->type = FORMAT_TYPE_PTR;
218 return ++fmt - start;
219
220 case '%':
221 spec->type = FORMAT_TYPE_PERCENT_CHAR;
222 return ++fmt - start;
223
224 /* integer number formats - set up the flags and "break" */
225 case 'o':
226 spec->base = 8;
227 break;
228
229 case 'x':
230 spec->flags |= SMALL;
231
232 case 'X':
233 spec->base = 16;
234 break;
235
236 case 'd':
237 case 'i':
238 spec->flags |= SIGN;
239 case 'u':
240 break;
241
242 case 'n':
243 spec->type = FORMAT_TYPE_NRCHARS;
244 return ++fmt - start;
245
246 case 'a': case 'A':
247 case 'e': case 'E':
248 case 'f': case 'F':
249 case 'g': case 'G':
250 spec->type = FORMAT_TYPE_FLOAT;
251 return ++fmt - start;
252
253 default:
254 spec->type = FORMAT_TYPE_INVALID;
255 /* Unlike the kernel code, we 'consume' the invalid
256 * character so that it can get included in the
257 * report. After that, we bail out. */
258 return ++fmt - start;
259 }
260
261 if (qualifier == 'L')
262 spec->type = FORMAT_TYPE_LONG_LONG;
263 else if (qualifier == 'l') {
264 if (spec->flags & SIGN)
265 spec->type = FORMAT_TYPE_LONG;
266 else
267 spec->type = FORMAT_TYPE_ULONG;
268 } else if (_tolower(qualifier) == 'z') {
269 spec->type = FORMAT_TYPE_SIZE_T;
270 } else if (qualifier == 't') {
271 spec->type = FORMAT_TYPE_PTRDIFF;
272 } else if (qualifier == 'H') {
273 if (spec->flags & SIGN)
274 spec->type = FORMAT_TYPE_BYTE;
275 else
276 spec->type = FORMAT_TYPE_UBYTE;
277 } else if (qualifier == 'h') {
278 if (spec->flags & SIGN)
279 spec->type = FORMAT_TYPE_SHORT;
280 else
281 spec->type = FORMAT_TYPE_USHORT;
282 } else {
283 if (spec->flags & SIGN)
284 spec->type = FORMAT_TYPE_INT;
285 else
286 spec->type = FORMAT_TYPE_UINT;
287 }
288
289 return ++fmt - start;
290 }
291
292 static int is_struct_tag(struct symbol *type, const char *tag)
293 {
294 return type->type == SYM_STRUCT && type->ident && !strcmp(type->ident->name, tag);
295 }
296
297 static int has_struct_tag(struct symbol *type, const char *tag)
298 {
299 struct symbol *tmp;
300
301 if (type->type == SYM_STRUCT)
302 return is_struct_tag(type, tag);
303 if (type->type == SYM_UNION) {
304 FOR_EACH_PTR(type->symbol_list, tmp) {
305 tmp = get_real_base_type(tmp);
306 if (tmp && is_struct_tag(tmp, tag))
307 return 1;
308 } END_FOR_EACH_PTR(tmp);
309 }
310 return 0;
311 }
312
313 static int is_char_type(struct symbol *type)
314 {
315 return type == &uchar_ctype || type == &char_ctype || type == &schar_ctype;
316 }
317
318 /*
319 * I have absolutely no idea if this is how one is supposed to get the
320 * symbol representing a typedef, but it seems to work.
321 */
322 struct typedef_lookup {
323 const char *name;
324 struct symbol *sym;
325 int failed;
326 };
327
328 static struct symbol *_typedef_lookup(const char *name)
329 {
330 struct ident *id;
331 struct symbol *node;
332
333 id = built_in_ident(name);
334 if (!id)
335 return NULL;
336 node = lookup_symbol(id, NS_TYPEDEF);
337 if (!node || node->type != SYM_NODE)
338 return NULL;
339 return get_real_base_type(node);
340 }
341
342 static void typedef_lookup(struct typedef_lookup *tl)
343 {
344 if (tl->sym || tl->failed)
345 return;
346 tl->sym = _typedef_lookup(tl->name);
347 if (!tl->sym) {
348 sm_perror(" could not find typedef '%s'", tl->name);
349 tl->failed = 1;
350 }
351 }
352
353
354 static void ip4(const char *fmt, struct symbol *type, struct symbol *basetype, int vaidx)
355 {
356 enum { ENDIAN_BIG, ENDIAN_LITTLE, ENDIAN_HOST } endian = ENDIAN_BIG;
357
358 assert(fmt[0] == 'i' || fmt[0] == 'I');
359 assert(fmt[1] == '4');
360
361 if (isalnum(fmt[2])) {
362 switch (fmt[2]) {
363 case 'h':
364 endian = ENDIAN_HOST;
365 break;
366 case 'l':
367 endian = ENDIAN_LITTLE;
368 break;
369 case 'n':
370 case 'b':
371 endian = ENDIAN_BIG;
372 break;
373 default:
374 sm_warning("'%%p%c4' can only be followed by one of [hnbl], not '%c'", fmt[0], fmt[2]);
375 }
376 if (isalnum(fmt[3]))
377 sm_warning("'%%p%c4' can only be followed by precisely one of [hnbl]", fmt[0]);
378 }
379
380
381 if (type->ctype.modifiers & MOD_NODEREF)
382 sm_error("passing __user pointer to '%%p%c4'", fmt[0]);
383
384 /*
385 * If we have a pointer to char/u8/s8, we expect the caller to
386 * handle endianness; I don't think there's anything we can
387 * do. I'd like to check that if we're passed a pointer to a
388 * __bitwise u32 (most likely a __be32), we should have endian
389 * == ENDIAN_BIG. But I can't figure out how to get that
390 * information (it also seems to require ensuring certain
391 * macros are defined). But struct in_addr certainly consists
392 * of only a single __be32, so in that case we can do a check.
393 */
394 if (is_char_type(basetype))
395 return;
396
397 if (is_struct_tag(basetype, "in_addr") && endian != ENDIAN_BIG)
398 sm_warning("passing struct in_addr* to '%%p%c4%c', is the endianness ok?", fmt[0], fmt[2]);
399
400 /* ... */
401 }
402
403 static void ip6(const char *fmt, struct symbol *type, struct symbol *basetype, int vaidx)
404 {
405 assert(fmt[0] == 'i' || fmt[0] == 'I');
406 assert(fmt[1] == '6');
407
408 if (isalnum(fmt[2])) {
409 if (fmt[2] != 'c')
410 sm_warning("'%%p%c6' can only be followed by c", fmt[0]);
411 else if (fmt[0] == 'i')
412 sm_warning("'%%pi6' does not allow flag c");
413 if (isalnum(fmt[3]))
414 sm_warning("'%%p%c6%c' cannot be followed by other alphanumerics", fmt[0], fmt[2]);
415 }
416
417 if (type->ctype.modifiers & MOD_NODEREF)
418 sm_error("passing __user pointer to '%%p%c6'", fmt[0]);
419 }
420
421 static void ipS(const char *fmt, struct symbol *type, struct symbol *basetype, int vaidx)
422 {
423 const char *f;
424
425 assert(tolower(fmt[0]) == 'i');
426 assert(fmt[1] == 'S');
427
428 for (f = fmt+2; isalnum(*f); ++f) {
429 /* It's probably too anal checking for duplicate flags. */
430 if (!strchr("pfschnbl", *f))
431 sm_warning("'%%p%cS' cannot be followed by '%c'", fmt[0], *f);
432 }
433
434 /*
435 * XXX: Should we also allow passing a pointer to a union, one
436 * member of which is a struct sockaddr? It may be slightly
437 * cleaner actually passing &u.raw instead of just &u, though
438 * the generated code is of course exactly the same. For now,
439 * we do accept struct sockaddr_in and struct sockaddr_in6,
440 * since those are easy to handle and rather harmless.
441 */
442 if (!has_struct_tag(basetype, "sockaddr") &&
443 !has_struct_tag(basetype, "sockaddr_in") &&
444 !has_struct_tag(basetype, "sockaddr_in6") &&
445 !has_struct_tag(basetype, "__kernel_sockaddr_storage"))
446 sm_error("'%%p%cS' expects argument of type struct sockaddr *, "
447 "argument %d has type '%s'", fmt[0], vaidx, type_to_str(type));
448 }
449
450 static void hex_string(const char *fmt, struct symbol *type, struct symbol *basetype, int vaidx)
451 {
452 assert(fmt[0] == 'h');
453 if (isalnum(fmt[1])) {
454 if (!strchr("CDN", fmt[1]))
455 sm_warning("'%%ph' cannot be followed by '%c'", fmt[1]);
456 if (isalnum(fmt[2]))
457 sm_warning("'%%ph' can be followed by at most one of [CDN], and no other alphanumerics");
458 }
459 if (type->ctype.modifiers & MOD_NODEREF)
460 sm_error("passing __user pointer to %%ph");
461 }
462
463 static void escaped_string(const char *fmt, struct symbol *type, struct symbol *basetype, int vaidx)
464 {
465 assert(fmt[0] == 'E');
466 while (isalnum(*++fmt)) {
467 if (!strchr("achnops", *fmt))
468 sm_warning("%%pE can only be followed by a combination of [achnops]");
469 }
470 if (type->ctype.modifiers & MOD_NODEREF)
471 sm_error("passing __user pointer to %%pE");
472 }
473
474 static void resource_string(const char *fmt, struct symbol *type, struct symbol *basetype, int vaidx)
475 {
476 assert(tolower(fmt[0]) == 'r');
477 if (!is_struct_tag(basetype, "resource")) {
478 sm_error("'%%p%c' expects argument of type struct resource *, "
479 "but argument %d has type '%s'", fmt[0], vaidx, type_to_str(type));
480 }
481 if (isalnum(fmt[1]))
482 sm_warning("'%%p%c' cannot be followed by '%c'", fmt[0], fmt[1]);
483 }
484
485 static void mac_address_string(const char *fmt, struct symbol *type, struct symbol *basetype, int vaidx)
486 {
487 assert(tolower(fmt[0]) == 'm');
488 if (isalnum(fmt[1])) {
489 if (!(fmt[1] == 'F' || fmt[1] == 'R'))
490 sm_warning("'%%p%c' cannot be followed by '%c'", fmt[0], fmt[1]);
491 if (fmt[0] == 'm' && fmt[1] == 'F')
492 sm_warning("it is pointless to pass flag F to %%pm");
493 if (isalnum(fmt[2]))
494 sm_warning("'%%p%c%c' cannot be followed by other alphanumeric", fmt[0], fmt[1]);
495 }
496 /* Technically, bdaddr_t is a typedef for an anonymous struct, but this still seems to work. */
497 if (!is_char_type(basetype) && !is_struct_tag(basetype, "bdaddr_t") && basetype != &void_ctype) {
498 sm_warning("'%%p%c' expects argument of type u8 * or bdaddr_t *, argument %d has type '%s'",
499 fmt[0], vaidx, type_to_str(type));
500 }
501 if (type->ctype.modifiers & MOD_NODEREF)
502 sm_error("passing __user pointer to '%%p%c'", fmt[0]);
503 }
504
505 static void dentry_file(const char *fmt, struct symbol *type, struct symbol *basetype, int vaidx)
506 {
507 const char *tag;
508
509 assert(tolower(fmt[0]) == 'd');
510 tag = fmt[0] == 'd' ? "dentry" : "file";
511
512 if (isalnum(fmt[1])) {
513 if (!strchr("234", fmt[1]))
514 sm_warning("'%%p%c' can only be followed by one of [234]", fmt[0]);
515 if (isalnum(fmt[2]))
516 sm_warning("'%%p%c%c' cannot be followed by '%c'", fmt[0], fmt[1], fmt[2]);
517 }
518
519 if (!is_struct_tag(basetype, tag))
520 sm_error("'%%p%c' expects argument of type struct '%s*', argument %d has type '%s'",
521 fmt[0], tag, vaidx, type_to_str(type));
522 }
523
524 static void time_and_date(const char *fmt, struct symbol *type, struct symbol *basetype, int vaidx)
525 {
526 assert(tolower(fmt[0]) == 't');
527
528 if (fmt[1] == 'R' && !is_struct_tag(basetype, "rtc_time"))
529 sm_error("'%%ptR' expects argument of type struct 'rtc_time', argument %d has type '%s'",
530 vaidx, type_to_str(type));
531 }
532
533 static void check_clock(const char *fmt, struct symbol *type, struct symbol *basetype, int vaidx)
534 {
535 assert(fmt[0] == 'C');
536 if (isalnum(fmt[1])) {
537 if (!strchr("nr", fmt[1]))
538 sm_warning("'%%pC' can only be followed by one of [nr]");
539 if (isalnum(fmt[2]))
540 sm_warning("'%%pC%c' cannot be followed by '%c'", fmt[1], fmt[2]);
541 }
542 if (!is_struct_tag(basetype, "clk"))
543 sm_error("'%%pC' expects argument of type 'struct clk*', argument %d has type '%s'",
544 vaidx, type_to_str(type));
545 }
546
547 static void va_format(const char *fmt, struct symbol *type, struct symbol *basetype, int vaidx)
548 {
549 assert(fmt[0] == 'V');
550 if (isalnum(fmt[1]))
551 sm_warning("%%pV cannot be followed by any alphanumerics");
552 if (!is_struct_tag(basetype, "va_format"))
553 sm_error("%%pV expects argument of type struct va_format*, argument %d has type '%s'", vaidx, type_to_str(type));
554 }
555
556 static void netdev_feature(const char *fmt, struct symbol *type, struct symbol *basetype, int vaidx)
557 {
558 static struct typedef_lookup netdev = { .name = "netdev_features_t" };
559
560 assert(fmt[0] == 'N');
561 if (fmt[1] != 'F') {
562 sm_error("%%pN must be followed by 'F'");
563 return;
564 }
565 if (isalnum(fmt[2]))
566 sm_warning("%%pNF cannot be followed by '%c'", fmt[2]);
567
568 typedef_lookup(&netdev);
569 if (!netdev.sym)
570 return;
571 if (basetype != netdev.sym)
572 sm_error("%%pNF expects argument of type netdev_features_t*, argument %d has type '%s'",
573 vaidx, type_to_str(type));
574
575 }
576 static void address_val(const char *fmt, struct symbol *type, struct symbol *basetype, int vaidx)
577 {
578 static struct typedef_lookup dma = { .name = "dma_addr_t" };
579 static struct typedef_lookup phys = { .name = "phys_addr_t" };
580 struct typedef_lookup *which = &phys;
581 const char *suf = "";
582 assert(fmt[0] == 'a');
583
584 if (isalnum(fmt[1])) {
585 switch (fmt[1]) {
586 case 'd':
587 which = &dma;
588 suf = "d";
589 break;
590 case 'p':
591 suf = "p";
592 break;
593 default:
594 sm_error("'%%pa' can only be followed by one of [dp]");
595 }
596 if (isalnum(fmt[2]))
597 sm_error("'%%pa%c' cannot be followed by '%c'", fmt[1], fmt[2]);
598 }
599
600 typedef_lookup(which);
601 if (!which->sym)
602 return;
603 if (basetype != which->sym) {
604 sm_error("'%%pa%s' expects argument of type '%s*', argument %d has type '%s'",
605 suf, which->name, vaidx, type_to_str(type));
606 }
607 }
608
609 static void block_device(const char *fmt, struct symbol *type, struct symbol *basetype, int vaidx)
610 {
611 const char *tag = "block_device";
612
613 assert(fmt[0] == 'g');
614 if (isalnum(fmt[1])) {
615 sm_warning("%%pg cannot be followed by '%c'", fmt[1]);
616 }
617 if (!is_struct_tag(basetype, tag))
618 sm_error("'%%p%c' expects argument of type struct '%s*', argument %d has type '%s'",
619 fmt[0], tag, vaidx, type_to_str(type));
620 }
621
622 static void flag_string(const char *fmt, struct symbol *type, struct symbol *basetype, int vaidx)
623 {
624 static struct typedef_lookup gfp = { .name = "gfp_t" };
625
626 assert(fmt[0] == 'G');
627 if (!isalnum(fmt[1])) {
628 sm_error("%%pG must be followed by one of [gpv]");
629 return;
630 }
631 switch (fmt[1]) {
632 case 'p':
633 case 'v':
634 if (basetype != &ulong_ctype)
635 sm_error("'%%pG%c' expects argument of type 'unsigned long *', argument %d has type '%s'",
636 fmt[1], vaidx, type_to_str(type));
637 break;
638 case 'g':
639 typedef_lookup(&gfp);
640 if (basetype != gfp.sym)
641 sm_error("'%%pGg' expects argument of type 'gfp_t *', argument %d has type '%s'",
642 vaidx, type_to_str(type));
643 break;
644 default:
645 sm_error("'%%pG' must be followed by one of [gpv]");
646 }
647 }
648
649 static void device_node_string(const char *fmt, struct symbol *type, struct symbol *basetype, int vaidx)
650 {
651 if (fmt[1] != 'F') {
652 sm_error("%%pO can only be followed by 'F'");
653 return;
654 }
655 if (!is_struct_tag(basetype, "device_node"))
656 sm_error("'%%pOF' expects argument of type 'struct device_node*', argument %d has type '%s'",
657 vaidx, type_to_str(type));
658 }
659
660 static void
661 pointer(const char *fmt, struct expression *arg, int vaidx)
662 {
663 struct symbol *type, *basetype;
664
665 type = get_type(arg);
666 if (!type) {
667 sm_warning("could not determine type of argument %d", vaidx);
668 return;
669 }
670 if (!is_ptr_type(type)) {
671 sm_error("%%p expects pointer argument, but argument %d has type '%s'",
672 vaidx, type_to_str(type));
673 return;
674 }
675 /* Just plain %p, nothing to check. */
676 if (!isalnum(*fmt))
677 return;
678
679 basetype = get_real_base_type(type);
680 if (is_void_type(basetype))
681 return;
682 /*
683 * Passing a pointer-to-array is harmless, but most likely one
684 * meant to pass pointer-to-first-element. If basetype is
685 * array type, we issue a notice and "dereference" the types
686 * once more.
687 */
688 if (basetype->type == SYM_ARRAY) {
689 spam("note: passing pointer-to-array; is the address-of redundant?");
690 type = basetype;
691 basetype = get_real_base_type(type);
692 }
693
694 /*
695 * We pass both the type and the basetype to the helpers. If,
696 * for example, the pointer is really a decayed array which is
697 * passed to %pI4, we might want to check that it is in fact
698 * an array of four bytes. But most are probably only
699 * interested in whether the basetype makes sense. Also, the
700 * pointer may carry some annotation such as __user which
701 * might be worth checking in the handlers which actually
702 * dereference the pointer.
703 */
704
705 switch (*fmt) {
706 case 'b':
707 case 'F':
708 case 'f':
709 case 'S':
710 case 's':
711 case 'B':
712 /* Can we do anything sensible? Check that the arg is a function pointer, for example? */
713 break;
714
715 case 'R':
716 case 'r':
717 resource_string(fmt, type, basetype, vaidx);
718 break;
719 case 'M':
720 case 'm':
721 mac_address_string(fmt, type, basetype, vaidx);
722 break;
723 case 'I':
724 case 'i':
725 switch (fmt[1]) {
726 case '4':
727 ip4(fmt, type, basetype, vaidx);
728 break;
729 case '6':
730 ip6(fmt, type, basetype, vaidx);
731 break;
732 case 'S':
733 ipS(fmt, type, basetype, vaidx);
734 break;
735 default:
736 sm_warning("'%%p%c' must be followed by one of [46S]", fmt[0]);
737 break;
738 }
739 break;
740 /*
741 * %pE and %ph can handle any valid pointer. We still check
742 * whether all the subsequent alphanumerics are valid for the
743 * particular %pX conversion.
744 */
745 case 'E':
746 escaped_string(fmt, type, basetype, vaidx);
747 break;
748 case 'h':
749 hex_string(fmt, type, basetype, vaidx);
750 break;
751 case 'U': /* TODO */
752 break;
753 case 'V':
754 va_format(fmt, type, basetype, vaidx);
755 break;
756 case 'K': /* TODO */
757 break;
758 case 'N':
759 netdev_feature(fmt, type, basetype, vaidx);
760 break;
761 case 'a':
762 address_val(fmt, type, basetype, vaidx);
763 break;
764 case 'D':
765 case 'd':
766 dentry_file(fmt, type, basetype, vaidx);
767 break;
768 case 't':
769 time_and_date(fmt, type, basetype, vaidx);
770 break;
771 case 'C':
772 check_clock(fmt, type, basetype, vaidx);
773 break;
774 case 'g':
775 block_device(fmt, type, basetype, vaidx);
776 break;
777 case 'G':
778 flag_string(fmt, type, basetype, vaidx);
779 break;
780 case 'O':
781 device_node_string(fmt, type, basetype, vaidx);
782 break;
783 case 'x':
784 /* 'x' is for an unhashed pointer */
785 break;
786 default:
787 sm_error("unrecognized %%p extension '%c', treated as normal %%p", *fmt);
788 }
789 }
790
791 /*
792 * A common error is to pass a "char" or "signed char" to %02x (or
793 * %.2X or some other variant). This can actually be a security
794 * problem, because a lot of code expects this to produce exactly two
795 * characters of output. Unfortunately this also produces false
796 * positives, since we're sometimes in arch-specific code on an arch
797 * where char is always unsigned.
798 */
799 static void
800 hexbyte(const char *fmt, int fmt_len, struct expression *arg, int vaidx, struct printf_spec spec)
801 {
802 struct symbol *type;
803
804 /*
805 * For now, just check the most common and obvious, which is
806 * roughly %[.0]2[xX].
807 */
808 if (spec.field_width != 2 && spec.precision != 2)
809 return;
810 if (spec.base != 16)
811 return;
812
813 type = get_type(arg);
814 if (!type) {
815 sm_warning("could not determine type of argument %d", vaidx);
816 return;
817 }
818 if (type == &char_ctype || type == &schar_ctype)
819 sm_warning("argument %d to %.*s specifier has type '%s'",
820 vaidx, fmt_len, fmt, type_to_str(type));
821 }
822
823 static int
824 check_format_string(const char *fmt, const char *caller)
825 {
826 const char *f;
827
828 for (f = fmt; *f; ++f) {
829 unsigned char c = *f;
830 switch (c) {
831 case KERN_SOH_ASCII:
832 /*
833 * This typically arises from bad conversion
834 * to pr_*, e.g. pr_warn(KERN_WARNING "something").
835 */
836 if (f != fmt)
837 sm_warning("KERN_* level not at start of string");
838 /*
839 * In a very few cases, the level is actually
840 * computed and passed via %c, as in KERN_SOH
841 * "%c...". printk explicitly supports
842 * this.
843 */
844 if (!(('0' <= f[1] && f[1] <= '7') ||
845 f[1] == 'd' || /* KERN_DEFAULT */
846 f[1] == 'c' || /* KERN_CONT */
847 (f[1] == '%' && f[2] == 'c')))
848 sm_warning("invalid KERN_* level: KERN_SOH_ASCII followed by '\\x%02x'", (unsigned char)f[1]);
849 break;
850 case '\t':
851 case '\n':
852 case '\r':
853 case 0x20 ... 0x7e:
854 break;
855 case 0x80 ... 0xff:
856 sm_warning("format string contains non-ascii character '\\x%02x'", c);
857 break;
858 case 0x08:
859 if (f == fmt)
860 break;
861 /* fall through */
862 default:
863 sm_warning("format string contains unusual character '\\x%02x'", c);
864 break;
865 }
866 }
867
868 f = strstr(fmt, caller);
869 if (f && strstr(f+1, caller))
870 sm_warning("format string contains name of enclosing function '%s' twice", caller);
871
872 return f != NULL;
873 }
874
875 static int arg_is___func__(struct expression *arg)
876 {
877 if (arg->type != EXPR_SYMBOL)
878 return 0;
879 return !strcmp(arg->symbol_name->name, "__func__") ||
880 !strcmp(arg->symbol_name->name, "__FUNCTION__") ||
881 !strcmp(arg->symbol_name->name, "__PRETTY_FUNCTION__");
882 }
883 static int arg_contains_caller(struct expression *arg, const char *caller)
884 {
885 if (arg->type != EXPR_STRING)
886 return 0;
887 return strstr(arg->string->data, caller) != NULL;
888 }
889
890 static int is_array_of_const_char(struct symbol *sym)
891 {
892 struct symbol *base = sym->ctype.base_type;
893 if (base->type != SYM_ARRAY)
894 return 0;
895 if (!(base->ctype.modifiers & MOD_CONST))
896 return 0;
897 if (!is_char_type(base->ctype.base_type)) {
898 spam("weird: format argument is array of const '%s'", type_to_str(base->ctype.base_type));
899 return 0;
900 }
901 return 1;
902 }
903
904 static int is_const_pointer_to_const_char(struct symbol *sym)
905 {
906 struct symbol *base = sym->ctype.base_type;
907 if (!(sym->ctype.modifiers & MOD_CONST))
908 return 0;
909 if (base->type != SYM_PTR)
910 return 0;
911 if (!(base->ctype.modifiers & MOD_CONST))
912 return 0;
913 if (!is_char_type(base->ctype.base_type)) {
914 spam("weird: format argument is pointer to const '%s'", type_to_str(base->ctype.base_type));
915 return 0;
916 }
917 return 1;
918 }
919
920 static int unknown_format(struct expression *expr)
921 {
922 struct state_list *slist;
923
924 slist = get_strings(expr);
925 if (!slist)
926 return 1;
927 if (slist_has_state(slist, &undefined))
928 return 1;
929 free_slist(&slist);
930 return 0;
931 }
932
933 static bool has_hex_prefix(const char *orig_fmt, const char *old_fmt)
934 {
935 return old_fmt >= orig_fmt + 2 &&
936 old_fmt[-2] == '0' && _tolower(old_fmt[-1]) == 'x';
937 }
938
939 static bool is_integer_specifier(int type)
940 {
941 switch (type) {
942 case FORMAT_TYPE_LONG_LONG:
943 case FORMAT_TYPE_ULONG:
944 case FORMAT_TYPE_LONG:
945 case FORMAT_TYPE_UBYTE:
946 case FORMAT_TYPE_BYTE:
947 case FORMAT_TYPE_USHORT:
948 case FORMAT_TYPE_SHORT:
949 case FORMAT_TYPE_UINT:
950 case FORMAT_TYPE_INT:
951 case FORMAT_TYPE_SIZE_T:
952 case FORMAT_TYPE_PTRDIFF:
953 return true;
954 default:
955 return false;
956 }
957 }
958
959 static int
960 is_cast_expr(struct expression *expr)
961 {
962 if (!expr)
963 return 0;
964
965 switch (expr->type) {
966 case EXPR_CAST:
967 case EXPR_FORCE_CAST:
968 /* not EXPR_IMPLIED_CAST for our purposes */
969 return 1;
970 default:
971 return 0;
972 }
973 }
974
975 static void
976 check_cast_from_pointer(const char *fmt, int len, struct expression *arg, int va_idx)
977 {
978 /*
979 * This can easily be fooled by passing 0+(long)ptr or doing
980 * "long local_var = (long)ptr" and passing local_var to
981 * %lx. Tough.
982 */
983 if (!is_cast_expr(arg))
984 return;
985 while (is_cast_expr(arg))
986 arg = arg->cast_expression;
987 if (is_ptr_type(get_final_type(arg)))
988 sm_warning("argument %d to %.*s specifier is cast from pointer",
989 va_idx, len, fmt);
990 }
991
992 static void
993 do_check_printf_call(const char *caller, const char *name, struct expression *callexpr, struct expression *fmtexpr, int vaidx)
994 {
995 struct printf_spec spec = {0};
996 const char *fmt, *orig_fmt;
997 int caller_in_fmt;
998
999 fmtexpr = strip_parens(fmtexpr);
1000 if (fmtexpr->type == EXPR_CONDITIONAL) {
1001 do_check_printf_call(caller, name, callexpr, fmtexpr->cond_true ? : fmtexpr->conditional, vaidx);
1002 do_check_printf_call(caller, name, callexpr, fmtexpr->cond_false, vaidx);
1003 return;
1004 }
1005 if (fmtexpr->type == EXPR_SYMBOL) {
1006 /*
1007 * If the symbol has an initializer, we can handle
1008 *
1009 * const char foo[] = "abc"; and
1010 * const char * const foo = "abc";
1011 *
1012 * We simply replace fmtexpr with the initializer
1013 * expression. If foo is not one of the above, or if
1014 * the initializer expression is somehow not a string
1015 * literal, fmtexpr->type != EXPR_STRING will trigger
1016 * below and we'll spam+return.
1017 */
1018 struct symbol *sym = fmtexpr->symbol;
1019 if (sym && sym->initializer &&
1020 (is_array_of_const_char(sym) ||
1021 is_const_pointer_to_const_char(sym))) {
1022 fmtexpr = strip_parens(sym->initializer);
1023 }
1024 }
1025
1026 if (fmtexpr->type != EXPR_STRING) {
1027 if (!unknown_format(fmtexpr))
1028 return;
1029 /*
1030 * Since we're now handling both ?: and static const
1031 * char[] arguments, we don't get as much noise. It's
1032 * still spammy, though.
1033 */
1034 spam("warn: call of '%s' with non-constant format argument", name);
1035 return;
1036 }
1037
1038 orig_fmt = fmt = fmtexpr->string->data;
1039 caller_in_fmt = check_format_string(fmt, caller);
1040
1041 while (*fmt) {
1042 const char *old_fmt = fmt;
1043 int read = format_decode(fmt, &spec);
1044 struct expression *arg;
1045
1046 fmt += read;
1047 if (spec.type == FORMAT_TYPE_NONE ||
1048 spec.type == FORMAT_TYPE_PERCENT_CHAR)
1049 continue;
1050
1051 /*
1052 * vaidx is currently the correct 0-based index for
1053 * get_argument_from_call_expr. We post-increment it
1054 * here so that it is the correct 1-based index for
1055 * all the handlers below. This of course requires
1056 * that we handle all FORMAT_TYPE_* things not taking
1057 * an argument above.
1058 */
1059 arg = get_argument_from_call_expr(callexpr->args, vaidx++);
1060
1061 if (spec.flags & SPECIAL && has_hex_prefix(orig_fmt, old_fmt))
1062 sm_warning("'%.2s' prefix is redundant when # flag is used", old_fmt-2);
1063 if (is_integer_specifier(spec.type)) {
1064 if (spec.base != 16 && has_hex_prefix(orig_fmt, old_fmt))
1065 sm_warning("'%.2s' prefix is confusing together with '%.*s' specifier",
1066 old_fmt-2, (int)(fmt-old_fmt), old_fmt);
1067
1068 check_cast_from_pointer(old_fmt, read, arg, vaidx);
1069 }
1070
1071 switch (spec.type) {
1072 /* case FORMAT_TYPE_NONE: */
1073 /* case FORMAT_TYPE_PERCENT_CHAR: */
1074 /* break; */
1075
1076 case FORMAT_TYPE_INVALID:
1077 sm_error("format specifier '%.*s' invalid", read, old_fmt);
1078 return;
1079
1080 case FORMAT_TYPE_FLOAT:
1081 sm_error("no floats in the kernel; invalid format specifier '%.*s'", read, old_fmt);
1082 return;
1083
1084 case FORMAT_TYPE_NRCHARS:
1085 sm_error("%%n not supported in kernel");
1086 return;
1087
1088 case FORMAT_TYPE_WIDTH:
1089 case FORMAT_TYPE_PRECISION:
1090 /* check int argument */
1091 break;
1092
1093 case FORMAT_TYPE_STR:
1094 /*
1095 * If the format string already contains the
1096 * function name, it probably doesn't make
1097 * sense to pass __func__ as well (or rather
1098 * vice versa: If pr_fmt(fmt) has been defined
1099 * to '"%s: " fmt, __func__', it doesn't make
1100 * sense to use a format string containing the
1101 * function name).
1102 *
1103 * This produces a lot of hits. They are not
1104 * false positives, but it is easier to handle
1105 * the things which don't occur that often
1106 * first, so we use spam().
1107 */
1108 if (caller_in_fmt) {
1109 if (arg_is___func__(arg))
1110 spam("warn: passing __func__ while the format string already contains the name of the function '%s'",
1111 caller);
1112 else if (arg_contains_caller(arg, caller))
1113 sm_warning("passing string constant '%s' containing '%s' which is already part of the format string",
1114 arg->string->data, caller);
1115 }
1116 break;
1117
1118 case FORMAT_TYPE_PTR:
1119 /* This is the most important part: Checking %p extensions. */
1120 pointer(fmt, arg, vaidx);
1121 while (isalnum(*fmt))
1122 fmt++;
1123 break;
1124
1125 case FORMAT_TYPE_CHAR:
1126
1127 case FORMAT_TYPE_UBYTE:
1128 case FORMAT_TYPE_BYTE:
1129 case FORMAT_TYPE_USHORT:
1130 case FORMAT_TYPE_SHORT:
1131 case FORMAT_TYPE_INT:
1132 /* argument should have integer type of width <= sizeof(int) */
1133 break;
1134
1135 case FORMAT_TYPE_UINT:
1136 hexbyte(old_fmt, fmt-old_fmt, arg, vaidx, spec);
1137 case FORMAT_TYPE_LONG:
1138 case FORMAT_TYPE_ULONG:
1139 case FORMAT_TYPE_LONG_LONG:
1140 case FORMAT_TYPE_PTRDIFF:
1141 case FORMAT_TYPE_SIZE_T:
1142 break;
1143 }
1144
1145
1146 }
1147
1148 if (get_argument_from_call_expr(callexpr->args, vaidx))
1149 sm_warning("excess argument passed to '%s'", name);
1150
1151
1152 }
1153
1154 static void
1155 check_printf_call(const char *name, struct expression *callexpr, void *_info)
1156 {
1157 /*
1158 * Note: attribute(printf) uses 1-based indexing, but
1159 * get_argument_from_call_expr() uses 0-based indexing.
1160 */
1161 int info = PTR_INT(_info);
1162 int fmtidx = (info & 0xff) - 1;
1163 int vaidx = ((info >> 8) & 0xff) - 1;
1164 struct expression *fmtexpr;
1165 const char *caller = get_function();
1166
1167 if (!caller)
1168 return;
1169
1170 /*
1171 * Calling a v*printf function with a literal format arg is
1172 * extremely rare, so we don't bother doing the only checking
1173 * we could do, namely checking that the format string is
1174 * valid.
1175 */
1176 if (vaidx < 0)
1177 return;
1178
1179 /*
1180 * For the things we use the name of the calling function for,
1181 * it is more appropriate to skip a potential SyS_ prefix; the
1182 * same goes for leading underscores.
1183 */
1184 if (!strncmp(caller, "SyS_", 4))
1185 caller += 4;
1186 while (*caller == '_')
1187 ++caller;
1188
1189 /* Lack of format argument is a bug. */
1190 fmtexpr = get_argument_from_call_expr(callexpr->args, fmtidx);
1191 if (!fmtexpr) {
1192 sm_error("call of '%s' with no format argument", name);
1193 return;
1194 }
1195
1196 do_check_printf_call(caller, name, callexpr, fmtexpr, vaidx);
1197 }
1198
1199
1200 void check_kernel_printf(int id)
1201 {
1202 if (option_project != PROJ_KERNEL)
1203 return;
1204
1205 my_id = id;
1206
1207 #define printf_hook(func, fmt, first_to_check) \
1208 add_function_hook(#func, check_printf_call, INT_PTR(fmt + (first_to_check << 8)))
1209
1210 /* Extracted using stupid perl script. */
1211
1212 #if 0
1213 printf_hook(srm_printk, 1, 2); /* arch/alpha/include/asm/console.h */
1214 printf_hook(die_if_kernel, 1, 2); /* arch/frv/include/asm/bug.h */
1215 printf_hook(ia64_mca_printk, 1, 2); /* arch/ia64/include/asm/mca.h */
1216 printf_hook(nfprint, 1, 2); /* arch/m68k/include/asm/natfeat.h */
1217 printf_hook(gdbstub_printk, 1, 2); /* arch/mn10300/include/asm/gdb-stub.h */
1218 printf_hook(DBG, 1, 2); /* arch/powerpc/boot/ps3.c */
1219 printf_hook(printf, 1, 2); /* arch/powerpc/boot/stdio.h */
1220 printf_hook(udbg_printf, 1, 2); /* arch/powerpc/include/asm/udbg.h */
1221 printf_hook(__debug_sprintf_event, 3, 4); /* arch/s390/include/asm/debug.h */
1222 printf_hook(__debug_sprintf_exception, 3, 4); /* arch/s390/include/asm/debug.h */
1223 printf_hook(prom_printf, 1, 2); /* arch/sparc/include/asm/oplib_32.h */
1224
1225 printf_hook(fail, 1, 2); /* arch/x86/vdso/vdso2c.c */
1226 #endif
1227
1228 printf_hook(_ldm_printk, 3, 4); /* block/partitions/ldm.c */
1229 printf_hook(rbd_warn, 2, 3); /* drivers/block/rbd.c */
1230 printf_hook(fw_err, 2, 3); /* drivers/firewire/core.h */
1231 printf_hook(fw_notice, 2, 3); /* drivers/firewire/core.h */
1232 printf_hook(i915_error_printf, 2, 3); /* drivers/gpu/drm/i915/i915_drv.h */
1233 printf_hook(i915_handle_error, 3, 4); /* drivers/gpu/drm/i915/i915_drv.h */
1234 printf_hook(nv_printk_, 3, 4); /* drivers/gpu/drm/nouveau/core/include/core/printk.h */
1235 printf_hook(host1x_debug_output, 2, 3); /* drivers/gpu/host1x/debug.h */
1236 printf_hook(callc_debug, 2, 3); /* drivers/isdn/hisax/callc.c */
1237 printf_hook(link_debug, 3, 4); /* drivers/isdn/hisax/callc.c */
1238 printf_hook(HiSax_putstatus, 3, 4); /* drivers/isdn/hisax/hisax.h */
1239 printf_hook(VHiSax_putstatus, 3, 0); /* drivers/isdn/hisax/hisax.h */
1240 printf_hook(debugl1, 2, 3); /* drivers/isdn/hisax/isdnl1.h */
1241 printf_hook(l3m_debug, 2, 3); /* drivers/isdn/hisax/isdnl3.c */
1242 printf_hook(dout_debug, 2, 3); /* drivers/isdn/hisax/st5481_d.c */
1243 printf_hook(l1m_debug, 2, 3); /* drivers/isdn/hisax/st5481_d.c */
1244 printf_hook(bch_cache_set_error, 2, 3); /* drivers/md/bcache/bcache.h */
1245 printf_hook(_tda_printk, 4, 5); /* drivers/media/tuners/tda18271-priv.h */
1246 printf_hook(i40evf_debug_d, 3, 4); /* drivers/net/ethernet/intel/i40evf/i40e_osdep.h */
1247 printf_hook(en_print, 3, 4); /* drivers/net/ethernet/mellanox/mlx4/mlx4_en.h */
1248 printf_hook(_ath_dbg, 3, 4); /* drivers/net/wireless/ath/ath.h */
1249 printf_hook(ath_printk, 3, 4); /* drivers/net/wireless/ath/ath.h */
1250 printf_hook(ath10k_dbg, 3, 4); /* drivers/net/wireless/ath/ath10k/debug.h */
1251 printf_hook(ath10k_err, 2, 3); /* drivers/net/wireless/ath/ath10k/debug.h */
1252 printf_hook(ath10k_info, 2, 3); /* drivers/net/wireless/ath/ath10k/debug.h */
1253 printf_hook(ath10k_warn, 2, 3); /* drivers/net/wireless/ath/ath10k/debug.h */
1254 printf_hook(_ath5k_printk, 3, 4); /* drivers/net/wireless/ath/ath5k/ath5k.h */
1255 printf_hook(ATH5K_DBG, 3, 4); /* drivers/net/wireless/ath/ath5k/debug.h */
1256 printf_hook(ATH5K_DBG_UNLIMIT, 3, 4); /* drivers/net/wireless/ath/ath5k/debug.h */
1257 printf_hook(ath6kl_printk, 2, 3); /* drivers/net/wireless/ath/ath6kl/common.h */
1258 printf_hook(ath6kl_err, 1, 2); /* drivers/net/wireless/ath/ath6kl/debug.h */
1259 printf_hook(ath6kl_info, 1, 2); /* drivers/net/wireless/ath/ath6kl/debug.h */
1260 printf_hook(ath6kl_warn, 1, 2); /* drivers/net/wireless/ath/ath6kl/debug.h */
1261 printf_hook(wil_dbg_trace, 2, 3); /* drivers/net/wireless/ath/wil6210/wil6210.h */
1262 printf_hook(wil_err, 2, 3); /* drivers/net/wireless/ath/wil6210/wil6210.h */
1263 printf_hook(wil_err_ratelimited, 2, 3); /* drivers/net/wireless/ath/wil6210/wil6210.h */
1264 printf_hook(wil_info, 2, 3); /* drivers/net/wireless/ath/wil6210/wil6210.h */
1265 printf_hook(b43dbg, 2, 3); /* drivers/net/wireless/b43/b43.h */
1266 printf_hook(b43err, 2, 3); /* drivers/net/wireless/b43/b43.h */
1267 printf_hook(b43info, 2, 3); /* drivers/net/wireless/b43/b43.h */
1268 printf_hook(b43warn, 2, 3); /* drivers/net/wireless/b43/b43.h */
1269 printf_hook(b43legacydbg, 2, 3); /* drivers/net/wireless/b43legacy/b43legacy.h */
1270 printf_hook(b43legacyerr, 2, 3); /* drivers/net/wireless/b43legacy/b43legacy.h */
1271 printf_hook(b43legacyinfo, 2, 3); /* drivers/net/wireless/b43legacy/b43legacy.h */
1272 printf_hook(b43legacywarn, 2, 3); /* drivers/net/wireless/b43legacy/b43legacy.h */
1273 printf_hook(__brcmf_dbg, 3, 4); /* drivers/net/wireless/brcm80211/brcmfmac/debug.h */
1274 printf_hook(__brcmf_err, 2, 3); /* drivers/net/wireless/brcm80211/brcmfmac/debug.h */
1275 printf_hook(__brcms_crit, 2, 3); /* drivers/net/wireless/brcm80211/brcmsmac/debug.h */
1276 printf_hook(__brcms_dbg, 4, 5); /* drivers/net/wireless/brcm80211/brcmsmac/debug.h */
1277 printf_hook(__brcms_err, 2, 3); /* drivers/net/wireless/brcm80211/brcmsmac/debug.h */
1278 printf_hook(__brcms_info, 2, 3); /* drivers/net/wireless/brcm80211/brcmsmac/debug.h */
1279 printf_hook(__brcms_warn, 2, 3); /* drivers/net/wireless/brcm80211/brcmsmac/debug.h */
1280 printf_hook(brcmu_dbg_hex_dump, 3, 4); /* drivers/net/wireless/brcm80211/include/brcmu_utils.h */
1281 printf_hook(__iwl_crit, 2, 3); /* drivers/net/wireless/iwlwifi/iwl-debug.h */
1282 printf_hook(__iwl_dbg, 5, 6); /* drivers/net/wireless/iwlwifi/iwl-debug.h */
1283 printf_hook(__iwl_err, 4, 5); /* drivers/net/wireless/iwlwifi/iwl-debug.h */
1284 printf_hook(__iwl_info, 2, 3); /* drivers/net/wireless/iwlwifi/iwl-debug.h */
1285 printf_hook(__iwl_warn, 2, 3); /* drivers/net/wireless/iwlwifi/iwl-debug.h */
1286 printf_hook(rsi_dbg, 2, 3); /* drivers/net/wireless/rsi/rsi_main.h */
1287 printf_hook(RTPRINT, 4, 5); /* drivers/net/wireless/rtlwifi/debug.h */
1288 printf_hook(RT_ASSERT, 2, 3); /* drivers/net/wireless/rtlwifi/debug.h */
1289 printf_hook(RT_TRACE, 4, 5); /* drivers/net/wireless/rtlwifi/debug.h */
1290 printf_hook(__of_node_dup, 2, 3); /* drivers/of/of_private.h */
1291 printf_hook(BNX2FC_HBA_DBG, 2, 3); /* drivers/scsi/bnx2fc/bnx2fc_debug.h */
1292 printf_hook(BNX2FC_IO_DBG, 2, 3); /* drivers/scsi/bnx2fc/bnx2fc_debug.h */
1293 printf_hook(BNX2FC_TGT_DBG, 2, 3); /* drivers/scsi/bnx2fc/bnx2fc_debug.h */
1294 printf_hook(ql_dbg, 4, 5); /* drivers/scsi/qla2xxx/qla_dbg.h */
1295 printf_hook(ql_dbg_pci, 4, 5); /* drivers/scsi/qla2xxx/qla_dbg.h */
1296 printf_hook(ql_log, 4, 5); /* drivers/scsi/qla2xxx/qla_dbg.h */
1297 printf_hook(ql_log_pci, 4, 5); /* drivers/scsi/qla2xxx/qla_dbg.h */
1298 printf_hook(libcfs_debug_msg, 2, 3); /* drivers/staging/lustre/include/linux/libcfs/libcfs_debug.h */
1299 printf_hook(libcfs_debug_vmsg2, 4, 5); /* drivers/staging/lustre/include/linux/libcfs/libcfs_debug.h */
1300 printf_hook(_ldlm_lock_debug, 3, 4); /* drivers/staging/lustre/lustre/include/lustre_dlm.h */
1301 printf_hook(_debug_req, 3, 4); /* drivers/staging/lustre/lustre/include/lustre_net.h */
1302 printf_hook(iscsi_change_param_sprintf, 2, 3); /* drivers/target/iscsi/iscsi_target_login.c */
1303 printf_hook(dbg, 1, 2); /* drivers/tty/serial/samsung.c */
1304 printf_hook(_usb_stor_dbg, 2, 3); /* drivers/usb/storage/debug.h */
1305 printf_hook(usb_stor_dbg, 2, 3); /* drivers/usb/storage/debug.h */
1306 printf_hook(vringh_bad, 1, 2); /* drivers/vhost/vringh.c */
1307 printf_hook(__adfs_error, 3, 4); /* fs/adfs/adfs.h */
1308 printf_hook(affs_error, 3, 4); /* fs/affs/affs.h */
1309 printf_hook(affs_warning, 3, 4); /* fs/affs/affs.h */
1310 printf_hook(befs_debug, 2, 3); /* fs/befs/befs.h */
1311 printf_hook(befs_error, 2, 3); /* fs/befs/befs.h */
1312 printf_hook(befs_warning, 2, 3); /* fs/befs/befs.h */
1313 printf_hook(__btrfs_panic, 5, 6); /* fs/btrfs/ctree.h */
1314 printf_hook(__btrfs_std_error, 5, 6); /* fs/btrfs/ctree.h */
1315 printf_hook(btrfs_printk, 2, 3); /* fs/btrfs/ctree.h */
1316 printf_hook(cifs_vfs_err, 1, 2); /* fs/cifs/cifs_debug.h */
1317 printf_hook(__ecryptfs_printk, 1, 2); /* fs/ecryptfs/ecryptfs_kernel.h */
1318 printf_hook(ext2_error, 3, 4); /* fs/ext2/ext2.h */
1319 printf_hook(ext2_msg, 3, 4); /* fs/ext2/ext2.h */
1320 printf_hook(ext3_abort, 3, 4); /* fs/ext3/ext3.h */
1321 printf_hook(ext3_error, 3, 4); /* fs/ext3/ext3.h */
1322 printf_hook(ext3_msg, 3, 4); /* fs/ext3/ext3.h */
1323 printf_hook(ext3_warning, 3, 4); /* fs/ext3/ext3.h */
1324 printf_hook(__ext4_abort, 4, 5); /* fs/ext4/ext4.h */
1325 printf_hook(__ext4_error, 4, 5); /* fs/ext4/ext4.h */
1326 printf_hook(__ext4_error_file, 5, 6); /* fs/ext4/ext4.h */
1327 printf_hook(__ext4_error_inode, 5, 6); /* fs/ext4/ext4.h */
1328 printf_hook(__ext4_grp_locked_error, 7, 8); /* fs/ext4/ext4.h */
1329 printf_hook(__ext4_msg, 3, 4); /* fs/ext4/ext4.h */
1330 printf_hook(__ext4_warning, 4, 5); /* fs/ext4/ext4.h */
1331 printf_hook(f2fs_msg, 3, 4); /* fs/f2fs/f2fs.h */
1332 printf_hook(__fat_fs_error, 3, 4); /* fs/fat/fat.h */
1333 printf_hook(fat_msg, 3, 4); /* fs/fat/fat.h */
1334 printf_hook(gfs2_print_dbg, 2, 3); /* fs/gfs2/glock.h */
1335 printf_hook(gfs2_lm_withdraw, 2, 3); /* fs/gfs2/util.h */
1336 printf_hook(hpfs_error, 2, 3); /* fs/hpfs/hpfs_fn.h */
1337 printf_hook(jfs_error, 2, 3); /* fs/jfs/jfs_superblock.h */
1338 printf_hook(nilfs_error, 3, 4); /* fs/nilfs2/nilfs.h */
1339 printf_hook(nilfs_warning, 3, 4); /* fs/nilfs2/nilfs.h */
1340 printf_hook(__ntfs_debug, 4, 5); /* fs/ntfs/debug.h */
1341 printf_hook(__ntfs_error, 3, 4); /* fs/ntfs/debug.h */
1342 printf_hook(__ntfs_warning, 3, 4); /* fs/ntfs/debug.h */
1343 printf_hook(__ocfs2_abort, 3, 4); /* fs/ocfs2/super.h */
1344 printf_hook(__ocfs2_error, 3, 4); /* fs/ocfs2/super.h */
1345 printf_hook(_udf_err, 3, 4); /* fs/udf/udfdecl.h */
1346 printf_hook(_udf_warn, 3, 4); /* fs/udf/udfdecl.h */
1347 printf_hook(ufs_error, 3, 4); /* fs/ufs/ufs.h */
1348 printf_hook(ufs_panic, 3, 4); /* fs/ufs/ufs.h */
1349 printf_hook(ufs_warning, 3, 4); /* fs/ufs/ufs.h */
1350 printf_hook(xfs_alert, 2, 3); /* fs/xfs/xfs_message.h */
1351 printf_hook(xfs_alert_tag, 3, 4); /* fs/xfs/xfs_message.h */
1352 printf_hook(xfs_crit, 2, 3); /* fs/xfs/xfs_message.h */
1353 printf_hook(xfs_debug, 2, 3); /* fs/xfs/xfs_message.h */
1354 printf_hook(xfs_emerg, 2, 3); /* fs/xfs/xfs_message.h */
1355 printf_hook(xfs_err, 2, 3); /* fs/xfs/xfs_message.h */
1356 printf_hook(xfs_info, 2, 3); /* fs/xfs/xfs_message.h */
1357 printf_hook(xfs_notice, 2, 3); /* fs/xfs/xfs_message.h */
1358 printf_hook(xfs_warn, 2, 3); /* fs/xfs/xfs_message.h */
1359 printf_hook(warn_slowpath_fmt, 3, 4); /* include/asm-generic/bug.h */
1360 printf_hook(warn_slowpath_fmt_taint, 4, 5); /* include/asm-generic/bug.h */
1361 printf_hook(drm_err, 1, 2); /* include/drm/drmP.h */
1362 printf_hook(drm_ut_debug_printk, 2, 3); /* include/drm/drmP.h */
1363 printf_hook(__acpi_handle_debug, 3, 4); /* include/linux/acpi.h */
1364 printf_hook(acpi_handle_printk, 3, 4); /* include/linux/acpi.h */
1365 printf_hook(audit_log, 4, 5); /* include/linux/audit.h */
1366 printf_hook(audit_log_format, 2, 3); /* include/linux/audit.h */
1367 printf_hook(bdi_register, 3, 4); /* include/linux/backing-dev.h */
1368 printf_hook(__trace_note_message, 2, 3); /* include/linux/blktrace_api.h */
1369 printf_hook(_dev_info, 2, 3); /* include/linux/device.h */
1370 printf_hook(dev_alert, 2, 3); /* include/linux/device.h */
1371 printf_hook(dev_crit, 2, 3); /* include/linux/device.h */
1372 printf_hook(dev_emerg, 2, 3); /* include/linux/device.h */
1373 printf_hook(dev_err, 2, 3); /* include/linux/device.h */
1374 printf_hook(dev_notice, 2, 3); /* include/linux/device.h */
1375 printf_hook(dev_printk, 3, 4); /* include/linux/device.h */
1376 printf_hook(dev_printk_emit, 3, 4); /* include/linux/device.h */
1377 printf_hook(dev_set_name, 2, 3); /* include/linux/device.h */
1378 printf_hook(dev_vprintk_emit, 3, 0); /* include/linux/device.h */
1379 printf_hook(dev_warn, 2, 3); /* include/linux/device.h */
1380 printf_hook(device_create, 5, 6); /* include/linux/device.h */
1381 printf_hook(device_create_with_groups, 6, 7); /* include/linux/device.h */
1382 printf_hook(devm_kasprintf, 3, 4); /* include/linux/device.h */
1383 printf_hook(__dynamic_dev_dbg, 3, 4); /* include/linux/dynamic_debug.h */
1384 printf_hook(__dynamic_netdev_dbg, 3, 4); /* include/linux/dynamic_debug.h */
1385 printf_hook(__dynamic_pr_debug, 2, 3); /* include/linux/dynamic_debug.h */
1386 printf_hook(__simple_attr_check_format, 1, 2); /* include/linux/fs.h */
1387 printf_hook(fscache_init_cache, 3, 4); /* include/linux/fscache-cache.h */
1388 printf_hook(gameport_set_phys, 2, 3); /* include/linux/gameport.h */
1389 printf_hook(iio_trigger_alloc, 1, 2); /* include/linux/iio/trigger.h */
1390 printf_hook(__check_printsym_format, 1, 2); /* include/linux/kallsyms.h */
1391 printf_hook(kdb_printf, 1, 2); /* include/linux/kdb.h */
1392 printf_hook(vkdb_printf, 1, 0); /* include/linux/kdb.h */
1393 printf_hook(____trace_printk_check_format, 1, 2); /* include/linux/kernel.h */
1394 printf_hook(__trace_bprintk, 2, 3); /* include/linux/kernel.h */
1395 printf_hook(__trace_printk, 2, 3); /* include/linux/kernel.h */
1396 printf_hook(kasprintf, 2, 3); /* include/linux/kernel.h */
1397 printf_hook(panic, 1, 2); /* include/linux/kernel.h */
1398 printf_hook(scnprintf, 3, 4); /* include/linux/kernel.h */
1399 printf_hook(snprintf, 3, 4); /* include/linux/kernel.h */
1400 printf_hook(sprintf, 2, 3); /* include/linux/kernel.h */
1401 printf_hook(trace_printk, 1, 2); /* include/linux/kernel.h */
1402 printf_hook(vscnprintf, 3, 0); /* include/linux/kernel.h */
1403 printf_hook(vsnprintf, 3, 0); /* include/linux/kernel.h */
1404 printf_hook(vsprintf, 2, 0); /* include/linux/kernel.h */
1405 printf_hook(vmcoreinfo_append_str, 1, 2); /* include/linux/kexec.h */
1406 printf_hook(__request_module, 2, 3); /* include/linux/kmod.h */
1407 printf_hook(add_uevent_var, 2, 3); /* include/linux/kobject.h */
1408 printf_hook(kobject_add, 3, 4); /* include/linux/kobject.h */
1409 printf_hook(kobject_init_and_add, 4, 5); /* include/linux/kobject.h */
1410 printf_hook(kobject_set_name, 2, 3); /* include/linux/kobject.h */
1411 printf_hook(kthread_create_on_node, 4, 5); /* include/linux/kthread.h */
1412 printf_hook(__ata_ehi_push_desc, 2, 3); /* include/linux/libata.h */
1413 printf_hook(ata_dev_printk, 3, 4); /* include/linux/libata.h */
1414 printf_hook(ata_ehi_push_desc, 2, 3); /* include/linux/libata.h */
1415 printf_hook(ata_link_printk, 3, 4); /* include/linux/libata.h */
1416 printf_hook(ata_port_desc, 2, 3); /* include/linux/libata.h */
1417 printf_hook(ata_port_printk, 3, 4); /* include/linux/libata.h */
1418 printf_hook(warn_alloc_failed, 3, 4); /* include/linux/mm.h */
1419 printf_hook(mmiotrace_printk, 1, 2); /* include/linux/mmiotrace.h */
1420 printf_hook(netdev_alert, 2, 3); /* include/linux/netdevice.h */
1421 printf_hook(netdev_crit, 2, 3); /* include/linux/netdevice.h */
1422 printf_hook(netdev_emerg, 2, 3); /* include/linux/netdevice.h */
1423 printf_hook(netdev_err, 2, 3); /* include/linux/netdevice.h */
1424 printf_hook(netdev_info, 2, 3); /* include/linux/netdevice.h */
1425 printf_hook(netdev_notice, 2, 3); /* include/linux/netdevice.h */
1426 printf_hook(netdev_printk, 3, 4); /* include/linux/netdevice.h */
1427 printf_hook(netdev_warn, 2, 3); /* include/linux/netdevice.h */
1428 printf_hook(early_printk, 1, 2); /* include/linux/printk.h */
1429 printf_hook(no_printk, 1, 2); /* include/linux/printk.h */
1430 printf_hook(printk, 1, 2); /* include/linux/printk.h */
1431 printf_hook(printk_deferred, 1, 2); /* include/linux/printk.h */
1432 printf_hook(printk_emit, 5, 6); /* include/linux/printk.h */
1433 printf_hook(vprintk, 1, 0); /* include/linux/printk.h */
1434 printf_hook(vprintk_emit, 5, 0); /* include/linux/printk.h */
1435 printf_hook(__quota_error, 3, 4); /* include/linux/quotaops.h */
1436 printf_hook(seq_buf_printf, 2, 3); /* include/linux/seq_buf.h */
1437 printf_hook(seq_buf_vprintf, 2, 0); /* include/linux/seq_buf.h */
1438 printf_hook(seq_printf, 2, 3); /* include/linux/seq_file.h */
1439 printf_hook(seq_vprintf, 2, 0); /* include/linux/seq_file.h */
1440 printf_hook(bprintf, 3, 4); /* include/linux/string.h */
1441 printf_hook(trace_seq_printf, 2, 3); /* include/linux/trace_seq.h */
1442 printf_hook(trace_seq_vprintf, 2, 0); /* include/linux/trace_seq.h */
1443 printf_hook(__alloc_workqueue_key, 1, 6); /* include/linux/workqueue.h */
1444 printf_hook(set_worker_desc, 1, 2); /* include/linux/workqueue.h */
1445 printf_hook(_p9_debug, 3, 4); /* include/net/9p/9p.h */
1446 printf_hook(bt_err, 1, 2); /* include/net/bluetooth/bluetooth.h */
1447 printf_hook(bt_info, 1, 2); /* include/net/bluetooth/bluetooth.h */
1448 printf_hook(nf_ct_helper_log, 3, 4); /* include/net/netfilter/nf_conntrack_helper.h */
1449 printf_hook(nf_log_buf_add, 2, 3); /* include/net/netfilter/nf_log.h */
1450 printf_hook(nf_log_packet, 8, 9); /* include/net/netfilter/nf_log.h */
1451 printf_hook(SOCK_DEBUG, 2, 3); /* include/net/sock.h */
1452 printf_hook(__snd_printk, 4, 5); /* include/sound/core.h */
1453 printf_hook(_snd_printd, 2, 3); /* include/sound/core.h */
1454 printf_hook(snd_printd, 1, 2); /* include/sound/core.h */
1455 printf_hook(snd_printdd, 1, 2); /* include/sound/core.h */
1456 printf_hook(snd_iprintf, 2, 3); /* include/sound/info.h */
1457 printf_hook(snd_seq_create_kernel_client, 3, 4); /* include/sound/seq_kernel.h */
1458 printf_hook(xen_raw_printk, 1, 2); /* include/xen/hvc-console.h */
1459 printf_hook(xenbus_dev_error, 3, 4); /* include/xen/xenbus.h */
1460 printf_hook(xenbus_dev_fatal, 3, 4); /* include/xen/xenbus.h */
1461 printf_hook(xenbus_printf, 4, 5); /* include/xen/xenbus.h */
1462 printf_hook(xenbus_watch_pathfmt, 4, 5); /* include/xen/xenbus.h */
1463 printf_hook(batadv_fdebug_log, 2, 3); /* net/batman-adv/debugfs.c */
1464 printf_hook(_batadv_dbg, 4, 5); /* net/batman-adv/main.h */
1465 printf_hook(batadv_debug_log, 2, 3); /* net/batman-adv/main.h */
1466 printf_hook(__sdata_dbg, 2, 3); /* net/mac80211/debug.h */
1467 printf_hook(__sdata_err, 1, 2); /* net/mac80211/debug.h */
1468 printf_hook(__sdata_info, 1, 2); /* net/mac80211/debug.h */
1469 printf_hook(__wiphy_dbg, 3, 4); /* net/mac80211/debug.h */
1470 printf_hook(mac80211_format_buffer, 4, 5); /* net/mac80211/debugfs.h */
1471 printf_hook(__rds_conn_error, 2, 3); /* net/rds/rds.h */
1472 printf_hook(rdsdebug, 1, 2); /* net/rds/rds.h */
1473 printf_hook(printl, 1, 2); /* net/sctp/probe.c */
1474 printf_hook(svc_printk, 2, 3); /* net/sunrpc/svc.c */
1475 printf_hook(tomoyo_io_printf, 2, 3); /* security/tomoyo/common.c */
1476 printf_hook(tomoyo_supervisor, 2, 3); /* security/tomoyo/common.h */
1477 printf_hook(tomoyo_write_log, 2, 3); /* security/tomoyo/common.h */
1478 printf_hook(cmp_error, 2, 3); /* sound/firewire/cmp.c */
1479 }