16 Commits

Author SHA1 Message Date
Yann Droneaud
b7b2ee41f3 coccinelle: catch krealloc() on devm_*() allocated memory
krealloc() must not be used against devm_*() allocated
memory regions:

- if a bigger memory is to be allocated, krealloc() and
  __krealloc() could return a different pointer than the
  one given to them, creating a memory region which is not
  managed, thus it will not be automatically released on
  device removal.

- if a bigger memory is to be allocated, krealloc() could
  kfree() the managed memory region which is passed to it.
  The old pointer is left registered as a resource for the
  device. On device removal, this dangling pointer will be
  used and an unrelated memory region could be released.

- if the requested size is equal to 0, krealloc() can also
  just behave like kfree(). Here too, the old pointer is
  kept associated with the device. On device removal, this
  invalid pointer will be used and an unrelated memory
  region could be released.

For all these reasons, krealloc() must not be used on a
pointer returned by devm_*() functions.

Cc: Tejun Heo <tj@kernel.org>
Cc: Pekka Enberg <penberg@cs.helsinki.fi>
Acked-by: Julia Lawall <julia.lawall@lip6.fr>
Signed-off-by: Yann Droneaud <ydroneaud@opteya.com>
Signed-off-by: Michal Marek <mmarek@suse.com>
2016-06-21 11:43:32 +02:00
Yann Droneaud
a720c0644d coccinelle: recognize more devm_* memory allocation functions
Updates free/devm_free.cocci to recognize functions added by:

- commit 64c862a839a8 ('devres: add kernel standard devm_k.alloc functions')
- commit e31108cad3de ('devres: introduce API "devm_kstrdup"')
- commit 3046365bb470 ('devres: introduce API "devm_kmemdup')
- commit 43339bed7010 ('devres: Add devm_get_free_pages API')
- commit 75f2a4ead5d5 ('devres: Add devm_kasprintf and devm_kvasprintf API')

See also Documentation/driver-model/devres.txt

Cc: Joe Perches <joe@perches.com>
Cc: Manish Badarkhe <badarkhe.manish@gmail.com>
Cc: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Cc: Eli Billauer <eli.billauer@gmail.com>
Cc: Himangi Saraogi <himangi774@gmail.com>
Cc: Geert Uytterhoeven <geert+renesas@glider.be>
Cc: Wolfram Sang <w.sang@pengutronix.de>
Cc: Daniel Thompson <daniel.thompson@linaro.org>
Acked-by: Julia Lawall <julia.lawall@lip6.fr>
Signed-off-by: Yann Droneaud <ydroneaud@opteya.com>
Signed-off-by: Michal Marek <mmarek@suse.com>
2016-06-21 11:43:32 +02:00
Yann Droneaud
6dd9379e8f coccinelle: also catch kzfree() issues
Since commit 3ef0e5ba4673 ('slab: introduce kzfree()'),
kfree() is no more the only function to be considered:
kzfree() should be recognized too.

In particular, kzfree() must not be called on memory
allocated through devm_*() functions.

Cc: Johannes Weiner <hannes@cmpxchg.org>
Acked-by: Julia Lawall <julia.lawall@lip6.fr>
Signed-off-by: Yann Droneaud <ydroneaud@opteya.com>
Signed-off-by: Michal Marek <mmarek@suse.com>
2016-06-21 11:43:32 +02:00
Julia Lawall
4743775c6d coccinelle: ifnullfree: handle various destroy functions
Extend ifnullfree to the various destroy functions that were recently
extended to tolerate NULL arguments.

Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Michal Marek <mmarek@suse.cz>
2015-10-26 22:41:18 +01:00
Julia Lawall
ca047e715c coccinelle: ifnullfree: various cleanups
Adjust tests to compare against NULL, to match cases that explicitly make
that comparison.

Remove removal and re-addition of freeing functions.

Add position variable on usb_free_urb in the non-patch case.

Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Michal Marek <mmarek@suse.cz>
2015-10-26 22:41:13 +01:00
Fabian Frederick
45715f33d4 scripts/coccinelle/free/ifnullfree.cocci: add copyright information
All coccinelle scripts have a copyright in the header.

Signed-off-by: Fabian Frederick <fabf@skynet.be>
Suggested-by: Julia Lawall <Julia.Lawall@lip6.fr>
Acked-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-08-08 15:57:27 -07:00
Fabian Frederick
791dfeb495 scripts/coccinelle/free: add NULL test before freeing functions
Warns or generates patch for NULL check before the following functions:

kfree
usb_free_urb
debugfs_remove
debugfs_remove_recursive

Signed-off-by: Fabian Frederick <fabf@skynet.be>
Acked-by: Julia Lawall <Julia.Lawall@lip6.fr>
Cc: Gilles Muller <Gilles.Muller@lip6.fr>
Cc: Joe Perches <joe@perches.com>
Cc: Markus Elfring <elfring@users.sourceforge.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-08-08 15:57:26 -07:00
Nicolas Palix
93f1446849 Coccinelle: Update the options used to the new option scheme
spatch has changed its option scheme.
E.g., --no_show_diff is now --no-show-diff

This patch updates:
 - scripts/coccicheck
 - Semantic patches under scripts/coccinelle/

Signed-off-by: Nicolas Palix <nicolas.palix@imag.fr>
Signed-off-by: Michal Marek <mmarek@suse.cz>
2013-07-03 22:58:13 +02:00
strnape1@fel.cvut.cz
f7b1671137 scripts: Coccinelle script for pci_free_consistent()
Created coccinelle script for reporting missing pci_free_consistent() calls.

Signed-off-by: Petr Strnad <strnape1@fel.cvut.cz>
Signed-off-by: Nicolas Palix <nicolas.palix@imag.fr>
Signed-off-by: Michal Marek <mmarek@suse.cz>
2013-07-03 15:50:38 +02:00
Julia Lawall
61cb48c3f9 scripts/coccinelle: check for field address argument to kfree
The argument to kfree should not be the address of a structure field.

Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Michal Marek <mmarek@suse.cz>
2013-06-14 15:33:08 +02:00
Julia Lawall
cd0207a7bf coccinelle: semantic patch for missing iounmap
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Michal Marek <mmarek@suse.cz>
2012-02-25 00:07:11 +01:00
Julia Lawall
53302c1dfa coccinelle: semantic patch for missing clk_put
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Michal Marek <mmarek@suse.cz>
2012-02-25 00:07:11 +01:00
Julia Lawall
29a36d4dec scripts/coccinelle: improve the coverage of some semantic patches
This patch ensures that all semantic patches in the scripts/coccinelle
directory provide the report option.  Report messages that include line
numbers now have the line number preceded by "line" for easier subsequent
processing.

Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Michal Marek <mmarek@suse.cz>
2012-01-15 00:05:46 +01:00
Julia Lawall
fb3f8af4ff coccinelle: semantic patches related to devm_ functions (part 2)
devm_ functions allocate memory that is to remain allocated until the
device is detached.  This patch checks for freeing of such memory using
standard memory freeing functions.

Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Michal Marek <mmarek@suse.cz>
2012-01-14 22:40:04 +01:00
Nicolas Palix
e90f659021 Coccinelle: Use new comment format to explain kfree.cocci
Use new comment format to separate proposed commit message
and information about generated false positives

Signed-off-by: Nicolas Palix <npalix.work@gmail.com>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Michal Marek <mmarek@suse.cz>
2010-10-13 14:26:06 +02:00
Nicolas Palix
43ba21b57a Coccinelle: Add free/kfree.cocci
Find a use after free.  Values of variables may imply that some
execution paths are not possible, resulting in false positives.
Another source of false positives are macros such as
SCTP_DBG_OBJCNT_DEC that do not actually evaluate their argument

Signed-off-by: Nicolas Palix <npalix@diku.dk>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Michal Marek <mmarek@suse.cz>
2010-08-31 11:37:53 +02:00