Commit Graph

20 Commits

Author SHA1 Message Date
Wen Yang 7265f5b726 coccinelle: put_device: reduce false positives
Don't complain about a return when this function returns "&pdev->dev".

Fixes: da9cfb87a4 ("coccinelle: semantic code search for missing put_device()")
Reported-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Wen Yang <wen.yang99@zte.com.cn>
Acked-by: Julia Lawall <julia.lawall@lip6.fr>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
2019-03-28 23:45:59 +09:00
Wen Yang da9cfb87a4 coccinelle: semantic code search for missing put_device()
The of_find_device_by_node() takes a reference to the underlying device
structure, we should release that reference.
The implementation of this semantic code search is:
In a function, for a local variable returned by calling
of_find_device_by_node(),
a, if it is released by a function such as
   put_device()/of_dev_put()/platform_device_put() after the last use,
   it is considered that there is no reference leak;
b, if it is passed back to the caller via
   dev_get_drvdata()/platform_get_drvdata()/get_device(), etc., the
   reference will be released in other functions, and the current function
   also considers that there is no reference leak;
c, for the rest of the situation, the current function should release the
   reference by calling put_device, this code search will report the
   corresponding error message.

By using this semantic code search, we have found some object reference leaks,
such as:
commit 11907e9d35 ("ASoC: fsl-asoc-card: fix object reference leaks in
fsl_asoc_card_probe")
commit a12085d139 ("mtd: rawnand: atmel: fix possible object reference leak")
commit 11493f2685 ("mtd: rawnand: jz4780: fix possible object reference leak")

There are still dozens of reference leaks in the current kernel code.

Further, for the case of b, the object returned to other functions may also
have a reference leak, we will continue to develop other cocci scripts to
further check the reference leak.

Signed-off-by: Wen Yang <wen.yang99@zte.com.cn>
Reviewed-by: Julia Lawall <Julia.Lawall@lip6.fr>
Reviewed-by: Markus Elfring <Markus.Elfring@web.de>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
2019-03-17 12:55:45 +09:00
Julia Lawall e856f3a7d7 coccinelle: devm_free: reduce false positives
Some files use both a non-devm allocation and a devm_allocation.  Don't
complain about a free when the same function contains a non-devm
allocation.

Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
2018-02-07 23:53:09 +09:00
Himanshu Jha 3e47599fd6 Coccinelle: ifnullfree: Trim the warning reported in report mode
Remove the unncessary part of the warning reported, in the report
mode, so that a single warning produced does not exceed more than line
and hence improve readability of the warnings produced in the subsequent
reports to a file.

Signed-off-by: Himanshu Jha <himanshujha199640@gmail.com>
Acked-by: Julia Lawall <julia.lawall@lip6.fr>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
2018-01-16 23:39:55 +09:00
Yann Droneaud b7b2ee41f3 coccinelle: catch krealloc() on devm_*() allocated memory
krealloc() must not be used against devm_*() allocated
memory regions:

- if a bigger memory is to be allocated, krealloc() and
  __krealloc() could return a different pointer than the
  one given to them, creating a memory region which is not
  managed, thus it will not be automatically released on
  device removal.

- if a bigger memory is to be allocated, krealloc() could
  kfree() the managed memory region which is passed to it.
  The old pointer is left registered as a resource for the
  device. On device removal, this dangling pointer will be
  used and an unrelated memory region could be released.

- if the requested size is equal to 0, krealloc() can also
  just behave like kfree(). Here too, the old pointer is
  kept associated with the device. On device removal, this
  invalid pointer will be used and an unrelated memory
  region could be released.

For all these reasons, krealloc() must not be used on a
pointer returned by devm_*() functions.

Cc: Tejun Heo <tj@kernel.org>
Cc: Pekka Enberg <penberg@cs.helsinki.fi>
Acked-by: Julia Lawall <julia.lawall@lip6.fr>
Signed-off-by: Yann Droneaud <ydroneaud@opteya.com>
Signed-off-by: Michal Marek <mmarek@suse.com>
2016-06-21 11:43:32 +02:00
Yann Droneaud a720c0644d coccinelle: recognize more devm_* memory allocation functions
Updates free/devm_free.cocci to recognize functions added by:

- commit 64c862a839 ('devres: add kernel standard devm_k.alloc functions')
- commit e31108cad3 ('devres: introduce API "devm_kstrdup"')
- commit 3046365bb4 ('devres: introduce API "devm_kmemdup')
- commit 43339bed70 ('devres: Add devm_get_free_pages API')
- commit 75f2a4ead5 ('devres: Add devm_kasprintf and devm_kvasprintf API')

See also Documentation/driver-model/devres.txt

Cc: Joe Perches <joe@perches.com>
Cc: Manish Badarkhe <badarkhe.manish@gmail.com>
Cc: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Cc: Eli Billauer <eli.billauer@gmail.com>
Cc: Himangi Saraogi <himangi774@gmail.com>
Cc: Geert Uytterhoeven <geert+renesas@glider.be>
Cc: Wolfram Sang <w.sang@pengutronix.de>
Cc: Daniel Thompson <daniel.thompson@linaro.org>
Acked-by: Julia Lawall <julia.lawall@lip6.fr>
Signed-off-by: Yann Droneaud <ydroneaud@opteya.com>
Signed-off-by: Michal Marek <mmarek@suse.com>
2016-06-21 11:43:32 +02:00
Yann Droneaud 6dd9379e8f coccinelle: also catch kzfree() issues
Since commit 3ef0e5ba46 ('slab: introduce kzfree()'),
kfree() is no more the only function to be considered:
kzfree() should be recognized too.

In particular, kzfree() must not be called on memory
allocated through devm_*() functions.

Cc: Johannes Weiner <hannes@cmpxchg.org>
Acked-by: Julia Lawall <julia.lawall@lip6.fr>
Signed-off-by: Yann Droneaud <ydroneaud@opteya.com>
Signed-off-by: Michal Marek <mmarek@suse.com>
2016-06-21 11:43:32 +02:00
Julia Lawall 4743775c6d coccinelle: ifnullfree: handle various destroy functions
Extend ifnullfree to the various destroy functions that were recently
extended to tolerate NULL arguments.

Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Michal Marek <mmarek@suse.cz>
2015-10-26 22:41:18 +01:00
Julia Lawall ca047e715c coccinelle: ifnullfree: various cleanups
Adjust tests to compare against NULL, to match cases that explicitly make
that comparison.

Remove removal and re-addition of freeing functions.

Add position variable on usb_free_urb in the non-patch case.

Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Michal Marek <mmarek@suse.cz>
2015-10-26 22:41:13 +01:00
Fabian Frederick 45715f33d4 scripts/coccinelle/free/ifnullfree.cocci: add copyright information
All coccinelle scripts have a copyright in the header.

Signed-off-by: Fabian Frederick <fabf@skynet.be>
Suggested-by: Julia Lawall <Julia.Lawall@lip6.fr>
Acked-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-08-08 15:57:27 -07:00
Fabian Frederick 791dfeb495 scripts/coccinelle/free: add NULL test before freeing functions
Warns or generates patch for NULL check before the following functions:

kfree
usb_free_urb
debugfs_remove
debugfs_remove_recursive

Signed-off-by: Fabian Frederick <fabf@skynet.be>
Acked-by: Julia Lawall <Julia.Lawall@lip6.fr>
Cc: Gilles Muller <Gilles.Muller@lip6.fr>
Cc: Joe Perches <joe@perches.com>
Cc: Markus Elfring <elfring@users.sourceforge.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-08-08 15:57:26 -07:00
Nicolas Palix 93f1446849 Coccinelle: Update the options used to the new option scheme
spatch has changed its option scheme.
E.g., --no_show_diff is now --no-show-diff

This patch updates:
 - scripts/coccicheck
 - Semantic patches under scripts/coccinelle/

Signed-off-by: Nicolas Palix <nicolas.palix@imag.fr>
Signed-off-by: Michal Marek <mmarek@suse.cz>
2013-07-03 22:58:13 +02:00
strnape1@fel.cvut.cz f7b1671137 scripts: Coccinelle script for pci_free_consistent()
Created coccinelle script for reporting missing pci_free_consistent() calls.

Signed-off-by: Petr Strnad <strnape1@fel.cvut.cz>
Signed-off-by: Nicolas Palix <nicolas.palix@imag.fr>
Signed-off-by: Michal Marek <mmarek@suse.cz>
2013-07-03 15:50:38 +02:00
Julia Lawall 61cb48c3f9 scripts/coccinelle: check for field address argument to kfree
The argument to kfree should not be the address of a structure field.

Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Michal Marek <mmarek@suse.cz>
2013-06-14 15:33:08 +02:00
Julia Lawall cd0207a7bf coccinelle: semantic patch for missing iounmap
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Michal Marek <mmarek@suse.cz>
2012-02-25 00:07:11 +01:00
Julia Lawall 53302c1dfa coccinelle: semantic patch for missing clk_put
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Michal Marek <mmarek@suse.cz>
2012-02-25 00:07:11 +01:00
Julia Lawall 29a36d4dec scripts/coccinelle: improve the coverage of some semantic patches
This patch ensures that all semantic patches in the scripts/coccinelle
directory provide the report option.  Report messages that include line
numbers now have the line number preceded by "line" for easier subsequent
processing.

Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Michal Marek <mmarek@suse.cz>
2012-01-15 00:05:46 +01:00
Julia Lawall fb3f8af4ff coccinelle: semantic patches related to devm_ functions (part 2)
devm_ functions allocate memory that is to remain allocated until the
device is detached.  This patch checks for freeing of such memory using
standard memory freeing functions.

Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Michal Marek <mmarek@suse.cz>
2012-01-14 22:40:04 +01:00
Nicolas Palix e90f659021 Coccinelle: Use new comment format to explain kfree.cocci
Use new comment format to separate proposed commit message
and information about generated false positives

Signed-off-by: Nicolas Palix <npalix.work@gmail.com>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Michal Marek <mmarek@suse.cz>
2010-10-13 14:26:06 +02:00
Nicolas Palix 43ba21b57a Coccinelle: Add free/kfree.cocci
Find a use after free.  Values of variables may imply that some
execution paths are not possible, resulting in false positives.
Another source of false positives are macros such as
SCTP_DBG_OBJCNT_DEC that do not actually evaluate their argument

Signed-off-by: Nicolas Palix <npalix@diku.dk>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Michal Marek <mmarek@suse.cz>
2010-08-31 11:37:53 +02:00