All of lore.kernel.org
 help / color / mirror / Atom feed
* cocci script for detecting alloc_apertures mem leak
@ 2018-02-01 16:29 ` Mathieu Malaterre
  0 siblings, 0 replies; 4+ messages in thread
From: Mathieu Malaterre @ 2018-02-01 16:29 UTC (permalink / raw)
  To: Julia Lawall, Gilles Muller, Nicolas Palix, Michal Marek, cocci,
	linux-kernel

Hi cocci gurus,

I am wondering if coccinelle can handle detection of kzalloc mem leak
(within alloc_apertures call) ? Typically:

$ cat drivers/video/fbdev/vesafb.c
static int vesafb_probe(struct platform_device *dev)
[...]
  info->apertures = alloc_apertures(1);

but then:

static void vesafb_destroy(struct fb_info *info)
{
  struct vesafb_par *par = info->par;

  fb_dealloc_cmap(&info->cmap);
  arch_phys_wc_del(par->wc_cookie);
  if (info->screen_base)
    iounmap(info->screen_base);
  release_mem_region(info->apertures->ranges[0].base,
info->apertures->ranges[0].size);
}

For reference:

$ cat include/linux/fb.h
static inline struct apertures_struct *alloc_apertures(unsigned int max_num) {
  struct apertures_struct *a = kzalloc(sizeof(struct apertures_struct)
    + max_num * sizeof(struct aperture), GFP_KERNEL);


Thanks for comments,

^ permalink raw reply	[flat|nested] 4+ messages in thread
* [Cocci] cocci script for detecting alloc_apertures mem leak
@ 2018-02-01 16:29 ` Mathieu Malaterre
  0 siblings, 0 replies; 4+ messages in thread
From: Mathieu Malaterre @ 2018-02-01 16:29 UTC (permalink / raw)
  To: cocci

Hi cocci gurus,

I am wondering if coccinelle can handle detection of kzalloc mem leak
(within alloc_apertures call) ? Typically:

$ cat drivers/video/fbdev/vesafb.c
static int vesafb_probe(struct platform_device *dev)
[...]
  info->apertures = alloc_apertures(1);

but then:

static void vesafb_destroy(struct fb_info *info)
{
  struct vesafb_par *par = info->par;

  fb_dealloc_cmap(&info->cmap);
  arch_phys_wc_del(par->wc_cookie);
  if (info->screen_base)
    iounmap(info->screen_base);
  release_mem_region(info->apertures->ranges[0].base,
info->apertures->ranges[0].size);
}

For reference:

$ cat include/linux/fb.h
static inline struct apertures_struct *alloc_apertures(unsigned int max_num) {
  struct apertures_struct *a = kzalloc(sizeof(struct apertures_struct)
    + max_num * sizeof(struct aperture), GFP_KERNEL);


Thanks for comments,

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: cocci script for detecting alloc_apertures mem leak
  2018-02-01 16:29 ` [Cocci] " Mathieu Malaterre
@ 2018-02-01 19:54   ` Julia Lawall
  -1 siblings, 0 replies; 4+ messages in thread
From: Julia Lawall @ 2018-02-01 19:54 UTC (permalink / raw)
  To: Mathieu Malaterre
  Cc: Gilles Muller, Nicolas Palix, Michal Marek, cocci, linux-kernel



On Thu, 1 Feb 2018, Mathieu Malaterre wrote:

> Hi cocci gurus,
>
> I am wondering if coccinelle can handle detection of kzalloc mem leak
> (within alloc_apertures call) ? Typically:
>
> $ cat drivers/video/fbdev/vesafb.c
> static int vesafb_probe(struct platform_device *dev)
> [...]
>   info->apertures = alloc_apertures(1);
>
> but then:
>
> static void vesafb_destroy(struct fb_info *info)
> {
>   struct vesafb_par *par = info->par;
>
>   fb_dealloc_cmap(&info->cmap);
>   arch_phys_wc_del(par->wc_cookie);
>   if (info->screen_base)
>     iounmap(info->screen_base);
>   release_mem_region(info->apertures->ranges[0].base,
> info->apertures->ranges[0].size);
> }
>
> For reference:
>
> $ cat include/linux/fb.h
> static inline struct apertures_struct *alloc_apertures(unsigned int max_num) {
>   struct apertures_struct *a = kzalloc(sizeof(struct apertures_struct)
>     + max_num * sizeof(struct aperture), GFP_KERNEL);

You could do something like this:

@nm@
identifier i,j,prb,rem;
@@

struct i j = { .prob = prb, .rem = remove, };

@a exists@
identifier nm.prb;
expression e;
@@

prb(...) { <+... e = alloc_apertures(...) ...+> }

@@
identifier nm.rem;
expression a.e;
@@

*rem(...) {
   ... when != kfree(e)
}

This is assuming that the reference to the alloc_apertures value is made
in the same way in the probe and remove function.  If this is not the
case, you have to figure out how to express some relation between them.

This is also assuming that the kfree is directly in the remove function,
not in some function called by it.  If that hypothesis does not hold, it
might be better to just report any cases where ther is no call to kfree(e)
in the whole file.  For this you could replace the last rule with:

@ok@
expression a.e;
@@

kfree(e);

@depends on !ok@
expression a.e;
@@

* e = alloc_apertures(...)

That would be checking for files that don't free the result os
alloc_apertures anywhere.

If you want to do a full interprocedural analysis, it is possible, but
more complicated.  You could look at coccinelle/demos/iteration.cocci.

julia

^ permalink raw reply	[flat|nested] 4+ messages in thread
* [Cocci] cocci script for detecting alloc_apertures mem leak
@ 2018-02-01 19:54   ` Julia Lawall
  0 siblings, 0 replies; 4+ messages in thread
From: Julia Lawall @ 2018-02-01 19:54 UTC (permalink / raw)
  To: cocci



On Thu, 1 Feb 2018, Mathieu Malaterre wrote:

> Hi cocci gurus,
>
> I am wondering if coccinelle can handle detection of kzalloc mem leak
> (within alloc_apertures call) ? Typically:
>
> $ cat drivers/video/fbdev/vesafb.c
> static int vesafb_probe(struct platform_device *dev)
> [...]
>   info->apertures = alloc_apertures(1);
>
> but then:
>
> static void vesafb_destroy(struct fb_info *info)
> {
>   struct vesafb_par *par = info->par;
>
>   fb_dealloc_cmap(&info->cmap);
>   arch_phys_wc_del(par->wc_cookie);
>   if (info->screen_base)
>     iounmap(info->screen_base);
>   release_mem_region(info->apertures->ranges[0].base,
> info->apertures->ranges[0].size);
> }
>
> For reference:
>
> $ cat include/linux/fb.h
> static inline struct apertures_struct *alloc_apertures(unsigned int max_num) {
>   struct apertures_struct *a = kzalloc(sizeof(struct apertures_struct)
>     + max_num * sizeof(struct aperture), GFP_KERNEL);

You could do something like this:

@nm@
identifier i,j,prb,rem;
@@

struct i j = { .prob = prb, .rem = remove, };

@a exists@
identifier nm.prb;
expression e;
@@

prb(...) { <+... e = alloc_apertures(...) ...+> }

@@
identifier nm.rem;
expression a.e;
@@

*rem(...) {
   ... when != kfree(e)
}

This is assuming that the reference to the alloc_apertures value is made
in the same way in the probe and remove function.  If this is not the
case, you have to figure out how to express some relation between them.

This is also assuming that the kfree is directly in the remove function,
not in some function called by it.  If that hypothesis does not hold, it
might be better to just report any cases where ther is no call to kfree(e)
in the whole file.  For this you could replace the last rule with:

@ok@
expression a.e;
@@

kfree(e);

@depends on !ok@
expression a.e;
@@

* e = alloc_apertures(...)

That would be checking for files that don't free the result os
alloc_apertures anywhere.

If you want to do a full interprocedural analysis, it is possible, but
more complicated.  You could look at coccinelle/demos/iteration.cocci.

julia

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-02-01 19:54 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-02-01 16:29 cocci script for detecting alloc_apertures mem leak Mathieu Malaterre
2018-02-01 16:29 ` [Cocci] " Mathieu Malaterre
2018-02-01 19:54 ` Julia Lawall
2018-02-01 19:54   ` [Cocci] " Julia Lawall

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.