Commit fb3f8af4ff52faf9b31e6c4e8ca0b0b16332808c
Committed by
Michal Marek
Michal Marek
1 parent
22e0059af3
Exists in
master
and in
6 other branches
coccinelle: semantic patches related to devm_ functions (part 2)
devm_ functions allocate memory that is to remain allocated until the device is detached. This patch checks for freeing of such memory using standard memory freeing functions. Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr> Signed-off-by: Michal Marek <mmarek@suse.cz>
Showing 1 changed file with 71 additions and 0 deletions Side-by-side Diff
scripts/coccinelle/free/devm_free.cocci
| 1 | +/// Find uses of standard freeing functons on values allocated using devm_ | |
| 2 | +/// functions. Values allocated using the devm_functions are freed when | |
| 3 | +/// the device is detached, and thus the use of the standard freeing | |
| 4 | +/// function would cause a double free. | |
| 5 | +/// See Documentation/driver-model/devres.txt for more information. | |
| 6 | +/// | |
| 7 | +/// A difficulty of detecting this problem is that the standard freeing | |
| 8 | +/// function might be called from a different function than the one | |
| 9 | +/// containing the allocation function. It is thus necessary to make the | |
| 10 | +/// connection between the allocation function and the freeing function. | |
| 11 | +/// Here this is done using the specific argument text, which is prone to | |
| 12 | +/// false positives. There is no rule for the request_region and | |
| 13 | +/// request_mem_region variants because this heuristic seems to be a bit | |
| 14 | +/// less reliable in these cases. | |
| 15 | +/// | |
| 16 | +// Confidence: Moderate | |
| 17 | +// Copyright: (C) 2011 Julia Lawall, INRIA/LIP6. GPLv2. | |
| 18 | +// Copyright: (C) 2011 Gilles Muller, INRIA/LiP6. GPLv2. | |
| 19 | +// URL: http://coccinelle.lip6.fr/ | |
| 20 | +// Comments: | |
| 21 | +// Options: -no_includes -include_headers | |
| 22 | + | |
| 23 | +virtual org | |
| 24 | +virtual report | |
| 25 | +virtual context | |
| 26 | + | |
| 27 | +@r depends on context || org || report@ | |
| 28 | +expression x; | |
| 29 | +@@ | |
| 30 | + | |
| 31 | +( | |
| 32 | + x = devm_kzalloc(...) | |
| 33 | +| | |
| 34 | + x = devm_request_irq(...) | |
| 35 | +| | |
| 36 | + x = devm_ioremap(...) | |
| 37 | +| | |
| 38 | + x = devm_ioremap_nocache(...) | |
| 39 | +| | |
| 40 | + x = devm_ioport_map(...) | |
| 41 | +) | |
| 42 | + | |
| 43 | +@pb@ | |
| 44 | +expression r.x; | |
| 45 | +position p; | |
| 46 | +@@ | |
| 47 | + | |
| 48 | +( | |
| 49 | +* kfree@p(x) | |
| 50 | +| | |
| 51 | +* free_irq@p(x) | |
| 52 | +| | |
| 53 | +* iounmap@p(x) | |
| 54 | +| | |
| 55 | +* ioport_unmap@p(x) | |
| 56 | +) | |
| 57 | + | |
| 58 | +@script:python depends on org@ | |
| 59 | +p << pb.p; | |
| 60 | +@@ | |
| 61 | + | |
| 62 | +msg="WARNING: invalid free of devm_ allocated data" | |
| 63 | +coccilib.org.print_todo(p[0], msg) | |
| 64 | + | |
| 65 | +@script:python depends on report@ | |
| 66 | +p << pb.p; | |
| 67 | +@@ | |
| 68 | + | |
| 69 | +msg="WARNING: invalid free of devm_ allocated data" | |
| 70 | +coccilib.report.print_report(p[0], msg) |