From: Yann Droneaud <ydroneaud@opteya.com> To: Julia Lawall <Julia.Lawall@lip6.fr>, Gilles Muller <Gilles.Muller@lip6.fr>, Nicolas Palix <nicolas.palix@imag.fr>, Michal Marek <mmarek@suse.com> Cc: Tejun Heo <tj@kernel.org>, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, cocci@systeme.lip6.fr, linux-kernel@vger.kernel.org, Yann Droneaud <ydroneaud@opteya.com>, Johannes Weiner <hannes@cmpxchg.org> Subject: [PATCH v2 1/3] coccinelle: also catch kzfree() issues Date: Mon, 23 May 2016 17:07:19 +0200 [thread overview] Message-ID: <d3466c47b1c5bbf9a7c4cb69a78d392327748669.1464013817.git.ydroneaud@opteya.com> (raw) In-Reply-To: <cover.1464013817.git.ydroneaud@opteya.com> In-Reply-To: <cover.1464013817.git.ydroneaud@opteya.com> Since commit 3ef0e5ba4673 ('slab: introduce kzfree()'), kfree() is no more the only function to be considered: kzfree() should be recognized too. In particular, kzfree() must not be called on memory allocated through devm_*() functions. Cc: Johannes Weiner <hannes@cmpxchg.org> Signed-off-by: Yann Droneaud <ydroneaud@opteya.com> --- scripts/coccinelle/free/devm_free.cocci | 2 ++ scripts/coccinelle/free/ifnullfree.cocci | 4 +++- scripts/coccinelle/free/kfree.cocci | 18 +++++++++++++++--- scripts/coccinelle/free/kfreeaddr.cocci | 6 +++++- 4 files changed, 25 insertions(+), 5 deletions(-) diff --git a/scripts/coccinelle/free/devm_free.cocci b/scripts/coccinelle/free/devm_free.cocci index 3d9349012bb3..83c03adec1c5 100644 --- a/scripts/coccinelle/free/devm_free.cocci +++ b/scripts/coccinelle/free/devm_free.cocci @@ -48,6 +48,8 @@ position p; ( * kfree@p(x) | +* kzfree@p(x) +| * free_irq@p(x) | * iounmap@p(x) diff --git a/scripts/coccinelle/free/ifnullfree.cocci b/scripts/coccinelle/free/ifnullfree.cocci index 52bd235286fa..14a4cd98e83b 100644 --- a/scripts/coccinelle/free/ifnullfree.cocci +++ b/scripts/coccinelle/free/ifnullfree.cocci @@ -20,6 +20,8 @@ expression E; ( kfree(E); | + kzfree(E); +| debugfs_remove(E); | debugfs_remove_recursive(E); @@ -39,7 +41,7 @@ position p; @@ * if (E != NULL) -* \(kfree@p\|debugfs_remove@p\|debugfs_remove_recursive@p\| +* \(kfree@p\|kzfree@p\|debugfs_remove@p\|debugfs_remove_recursive@p\| * usb_free_urb@p\|kmem_cache_destroy@p\|mempool_destroy@p\| * dma_pool_destroy@p\)(E); diff --git a/scripts/coccinelle/free/kfree.cocci b/scripts/coccinelle/free/kfree.cocci index 577b78056990..ac438da4fd7b 100644 --- a/scripts/coccinelle/free/kfree.cocci +++ b/scripts/coccinelle/free/kfree.cocci @@ -20,7 +20,11 @@ expression E; position p1; @@ -kfree@p1(E) +( +* kfree@p1(E) +| +* kzfree@p1(E) +) @print expression@ constant char [] c; @@ -60,7 +64,11 @@ position ok; @@ while (1) { ... - kfree@ok(E) +( +* kfree@ok(E) +| +* kzfree@ok(E) +) ... when != break; when != goto l; when forall @@ -74,7 +82,11 @@ statement S; position free.p1!=loop.ok,p2!={print.p,sz.p}; @@ -kfree@p1(E,...) +( +* kfree@p1(E,...) +| +* kzfree@p1(E,...) +) ... ( iter(...,subE,...) S // no use diff --git a/scripts/coccinelle/free/kfreeaddr.cocci b/scripts/coccinelle/free/kfreeaddr.cocci index ce8aacc314cb..d46063b1db8b 100644 --- a/scripts/coccinelle/free/kfreeaddr.cocci +++ b/scripts/coccinelle/free/kfreeaddr.cocci @@ -16,7 +16,11 @@ identifier f; position p; @@ +( * kfree@p(&e->f) +| +* kzfree@p(&e->f) +) @script:python depends on org@ p << r.p; @@ -28,5 +32,5 @@ cocci.print_main("kfree",p) p << r.p; @@ -msg = "ERROR: kfree of structure field" +msg = "ERROR: invalid free of structure field" coccilib.report.print_report(p[0],msg) -- 2.7.4
WARNING: multiple messages have this Message-ID (diff)
From: ydroneaud@opteya.com (Yann Droneaud) To: cocci@systeme.lip6.fr Subject: [Cocci] [PATCH v2 1/3] coccinelle: also catch kzfree() issues Date: Mon, 23 May 2016 17:07:19 +0200 [thread overview] Message-ID: <d3466c47b1c5bbf9a7c4cb69a78d392327748669.1464013817.git.ydroneaud@opteya.com> (raw) In-Reply-To: <cover.1464013817.git.ydroneaud@opteya.com> Since commit 3ef0e5ba4673 ('slab: introduce kzfree()'), kfree() is no more the only function to be considered: kzfree() should be recognized too. In particular, kzfree() must not be called on memory allocated through devm_*() functions. Cc: Johannes Weiner <hannes@cmpxchg.org> Signed-off-by: Yann Droneaud <ydroneaud@opteya.com> --- scripts/coccinelle/free/devm_free.cocci | 2 ++ scripts/coccinelle/free/ifnullfree.cocci | 4 +++- scripts/coccinelle/free/kfree.cocci | 18 +++++++++++++++--- scripts/coccinelle/free/kfreeaddr.cocci | 6 +++++- 4 files changed, 25 insertions(+), 5 deletions(-) diff --git a/scripts/coccinelle/free/devm_free.cocci b/scripts/coccinelle/free/devm_free.cocci index 3d9349012bb3..83c03adec1c5 100644 --- a/scripts/coccinelle/free/devm_free.cocci +++ b/scripts/coccinelle/free/devm_free.cocci @@ -48,6 +48,8 @@ position p; ( * kfree at p(x) | +* kzfree at p(x) +| * free_irq at p(x) | * iounmap at p(x) diff --git a/scripts/coccinelle/free/ifnullfree.cocci b/scripts/coccinelle/free/ifnullfree.cocci index 52bd235286fa..14a4cd98e83b 100644 --- a/scripts/coccinelle/free/ifnullfree.cocci +++ b/scripts/coccinelle/free/ifnullfree.cocci @@ -20,6 +20,8 @@ expression E; ( kfree(E); | + kzfree(E); +| debugfs_remove(E); | debugfs_remove_recursive(E); @@ -39,7 +41,7 @@ position p; @@ * if (E != NULL) -* \(kfree at p\|debugfs_remove at p\|debugfs_remove_recursive at p\| +* \(kfree at p\|kzfree at p\|debugfs_remove at p\|debugfs_remove_recursive at p\| * usb_free_urb at p\|kmem_cache_destroy at p\|mempool_destroy at p\| * dma_pool_destroy at p\)(E); diff --git a/scripts/coccinelle/free/kfree.cocci b/scripts/coccinelle/free/kfree.cocci index 577b78056990..ac438da4fd7b 100644 --- a/scripts/coccinelle/free/kfree.cocci +++ b/scripts/coccinelle/free/kfree.cocci @@ -20,7 +20,11 @@ expression E; position p1; @@ -kfree at p1(E) +( +* kfree at p1(E) +| +* kzfree at p1(E) +) @print expression@ constant char [] c; @@ -60,7 +64,11 @@ position ok; @@ while (1) { ... - kfree at ok(E) +( +* kfree at ok(E) +| +* kzfree at ok(E) +) ... when != break; when != goto l; when forall @@ -74,7 +82,11 @@ statement S; position free.p1!=loop.ok,p2!={print.p,sz.p}; @@ -kfree at p1(E,...) +( +* kfree at p1(E,...) +| +* kzfree at p1(E,...) +) ... ( iter(...,subE,...) S // no use diff --git a/scripts/coccinelle/free/kfreeaddr.cocci b/scripts/coccinelle/free/kfreeaddr.cocci index ce8aacc314cb..d46063b1db8b 100644 --- a/scripts/coccinelle/free/kfreeaddr.cocci +++ b/scripts/coccinelle/free/kfreeaddr.cocci @@ -16,7 +16,11 @@ identifier f; position p; @@ +( * kfree at p(&e->f) +| +* kzfree at p(&e->f) +) @script:python depends on org@ p << r.p; @@ -28,5 +32,5 @@ cocci.print_main("kfree",p) p << r.p; @@ -msg = "ERROR: kfree of structure field" +msg = "ERROR: invalid free of structure field" coccilib.report.print_report(p[0],msg) -- 2.7.4
next prev parent reply other threads:[~2016-05-23 15:51 UTC|newest] Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top 2016-05-23 15:07 [PATCH v2 0/3] coccinelle: catchup on memory allocation functions Yann Droneaud 2016-05-23 15:07 ` [Cocci] " Yann Droneaud 2016-05-23 15:07 ` Yann Droneaud [this message] 2016-05-23 15:07 ` [Cocci] [PATCH v2 1/3] coccinelle: also catch kzfree() issues Yann Droneaud 2016-05-23 15:18 ` Julia Lawall 2016-05-23 15:18 ` [Cocci] " Julia Lawall 2016-06-20 13:24 ` Michal Marek 2016-06-20 13:24 ` [Cocci] " Michal Marek 2016-06-20 20:21 ` Julia Lawall 2016-06-20 20:21 ` [Cocci] " Julia Lawall 2016-06-21 9:43 ` Michal Marek 2016-06-21 9:43 ` [Cocci] " Michal Marek 2016-06-21 11:14 ` Yann Droneaud 2016-06-21 11:14 ` [Cocci] " Yann Droneaud 2016-06-21 11:17 ` Julia Lawall 2016-06-21 11:17 ` [Cocci] " Julia Lawall 2016-05-23 15:07 ` [PATCH v2 2/3] coccinelle: recognize more devm_* memory allocation functions Yann Droneaud 2016-05-23 15:07 ` [Cocci] " Yann Droneaud 2016-05-23 15:07 ` [PATCH v2 3/3] coccinelle: catch krealloc() on devm_*() allocated memory Yann Droneaud 2016-05-23 15:07 ` [Cocci] " Yann Droneaud
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=d3466c47b1c5bbf9a7c4cb69a78d392327748669.1464013817.git.ydroneaud@opteya.com \ --to=ydroneaud@opteya.com \ --cc=Gilles.Muller@lip6.fr \ --cc=Julia.Lawall@lip6.fr \ --cc=cocci@systeme.lip6.fr \ --cc=gregkh@linuxfoundation.org \ --cc=hannes@cmpxchg.org \ --cc=linux-kernel@vger.kernel.org \ --cc=mmarek@suse.com \ --cc=nicolas.palix@imag.fr \ --cc=tj@kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.