Author: Julia Lawall <julia@diku.dk> Request_mem_region should be used with release_mem_region, not release_resource. The semantic match that finds this problem is as follows: (http://coccinelle.lip6.fr/) // @@ expression x,E; @@ *x = request_mem_region(…) … when != release_mem_region(x) when != x = E * release_resource(x); // Signed-off-by: Julia Lawall Signed-off-by: Wim Van Sebroeck Cc: stable — drivers/watchdog/s3c2410_wdt.c | …
Category: Linux
Feb 21 2011
ARM: 6745/1: kprobes insn decoding fix
Author: Nicolas Pitre <nicolas.pitre@linaro.org> Marcin Slusarz says: > In arch/arm/kernel/kprobes-decode.c there’s a function > arm_kprobe_decode_insn which does: > > } else if ((insn & 0x0e000000) == 0x0c400000) { > … > > This is always false, so code below is dead. > I found this bug by coccinelle (http://coccinelle.lip6.fr/). Reported-by: Marcin Slusarz Signed-off-by: Nicolas Pitre …
Feb 20 2011
staging/et131x: fix et131x_rx_dma_disable halt_status usage
Author: Marcin Slusarz <marcin.slusarz@gmail.com> Commit 1bd751c1abc1029e8a0ae63ef4f19357c735a2a3 (“Staging: et131x: Clean up rxdma_csr”) changed csr from bitfield to u32, but failed to convert 2 uses of halt_status bit. It did: – if (csr.bits.halt_status != 1) + if ((csr & 0x00020000) != 1) which is wrong, because second version is always true. Fix it. This bug was found …
Feb 16 2011
hwrng: omap – Convert release_resource to release_region/release_mem_region
Author: Julia Lawall <julia@diku.dk> Request_region should be used with release_region, not release_resource. The local variable mem, storing the result of request_mem_region, is dropped and instead the pointer res is stored in the drvdata field of the platform device. This information is retrieved in omap_rng_remove to release the region. The drvdata field is not used elsewhere. …
Feb 13 2011
x86/PCI: Convert release_resource to release_region/release_mem_region
Author: Julia Lawall <julia@diku.dk> Request_region should be used with release_region, not release_resource. The local variables region and region2 are dropped and the calls to release_resource are replaced with calls to release_region, using the first two arguments of the corresponding calls to request_region. The semantic match that finds this problem is as follows: (http://coccinelle.lip6.fr/) // @@ …
Feb 13 2011
drivers/char/pcmcia/ipwireless/main.c: Convert release_resource to release_region/release_mem_region
Author: Julia Lawall <julia@diku.dk> Request_region should be used with release_region, not release_resource. This patch contains a number of changes, related to calls to request_region, request_mem_region, and the associated error handling code. 1. For the call to request_region, the variable io_resource storing the result is dropped. The call to release_resource at the end of the function …
Feb 11 2011
drivers/w1/masters/omap_hdq.c: add missing clk_put
Author: Julia Lawall <julia@diku.dk> This code makes two calls to clk_get, then test both return values and fails if either failed. The problem is that in the first inner if, where the first call to clk_get has failed, it don’t know if the second call has failed as well. So it don’t know whether clk_get …
Feb 02 2011
mtd: ts5500_flash: avoid calling map_destroy on NULL
Author: Julia Lawall <julia@diku.dk> map_destroy dereferences its argument. The call is furthermore only reachable when this argument is NULL. Thus the call is dropped. The semantic match that finds this problem is as follows: (http://coccinelle.lip6.fr/) // @@ expression *x; @@ *if (x == NULL) { … * map_destroy(x); … return …; } // Signed-off-by: Julia …
Jan 30 2011
wl12xx: fix use after free
Author: Mathias Krause <minipli@googlemail.com> When DEBUG_SPI is included in the debug log level wl1271_spi_reset() will dump the already freed memory instead of the SPI buffer. This bug was spotted by the semantic patch tool coccinelle using the script found at scripts/coccinelle/free/kfree.cocci. More information about semantic patching is available at http://coccinelle.lip6.fr/ Signed-off-by: Mathias Krause Signed-off-by: John …
Jan 30 2011
[media] V4L: omap1_camera: fix use after free
Author: Mathias Krause <minipli@googlemail.com> Even though clk_put() is a no-op on most architectures it is not for some ARM implementations. To not fail on those, release the clock timer before freeing the surrounding structure. This bug was spotted by the semantic patch tool coccinelle using the script found at scripts/coccinelle/free/kfree.cocci. More information about semantic patching …