Author: Julia Lawall <julia@diku.dk> The earlier call to atm_dev_lookup increases the reference count of dev, so decrease it on the way out. The semantic match that finds this problem is as follows: (http://coccinelle.lip6.fr/) // @@ expression x, E; constant C; @@ x = atm_dev_lookup(…); … when != false x != NULL when != true x …
Catégorie : Linux
Nov 10 2010
ALSA: sound/pci/ctxfi/ctpcm.c: Remove potential for use after free
Author: Julia Lawall <julia@diku.dk> In each function, the value apcm is stored in the private_data field of runtime. At the same time the function ct_atc_pcm_free_substream is stored in the private_free field of the same structure. ct_atc_pcm_free_substream dereferences and ultimately frees the value in the private_data field. But each function can exit in an error case …
Nov 03 2010
USB: xhci: Use GFP_ATOMIC under spin_lock
Author: David Sterba <dsterba@suse.cz> coccinelle check scripts/coccinelle/locks/call_kern.cocci found that in drivers/usb/host/xhci.c an allocation with GFP_KERNEL is done with locks held: xhci_resume spin_lock_irq(xhci->lock) xhci_setup_msix kmalloc(GFP_KERNEL) Change it to GFP_ATOMIC. Signed-off-by: David Sterba CC: Sarah Sharp Signed-off-by: Greg Kroah-Hartman — drivers/usb/host/xhci.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff –git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c index …
Nov 03 2010
fs/ocfs2/dlm: Use GFP_ATOMIC under spin_lock
Author: David Sterba <dsterba@suse.cz> coccinelle check scripts/coccinelle/locks/call_kern.cocci found that in fs/ocfs2/dlm/dlmdomain.c an allocation with GFP_KERNEL is done with locks held: dlm_query_region_handler spin_lock(dlm_domain_lock) dlm_match_regions kmalloc(GFP_KERNEL) Change it to GFP_ATOMIC. Signed-off-by: David Sterba CC: Joel Becker CC: Mark Fasheh CC: ocfs2-devel@oss.oracle.com — Exists in v2.6.37-rc1 and current linux-next. Signed-off-by: Joel Becker — fs/ocfs2/dlm/dlmdomain.c | 2 +- 1 …
Oct 29 2010
Btrfs: Use ERR_CAST helpers
Author: Julia Lawall <julia@diku.dk> Use ERR_CAST(x) rather than ERR_PTR(PTR_ERR(x)). The former makes more clear what is the purpose of the operation, which otherwise looks like a no-op. The semantic patch that makes this change is as follows: (http://coccinelle.lip6.fr/) // @@ type T; T x; identifier f; @@ T f (…) { } @@ expression x; …
Oct 29 2010
Btrfs: use memdup_user helpers
Author: Julia Lawall <julia@diku.dk> Use memdup_user when user data is immediately copied into the allocated region. The semantic patch that makes this change is as follows: (http://coccinelle.lip6.fr/) // @@ expression from,to,size,flag; position p; identifier l1,l2; @@ – to = \(kmalloc@p\|kzalloc@p\)(size,flag); + to = memdup_user(from,size); if ( – to==NULL + IS_ERR(to) || …) { } – …
Oct 28 2010
drivers/video/gbefb.c: eliminate memory leak
Author: Julia Lawall <julia@diku.dk> This code is preceded by a call to framebuffer_alloc, which allocates memory, so this memory should be freed before leaving the function in an error case. out_release_framebuffer just frees the frame buffer and returns. A simplified version of the semantic match that finds this problem is: (http://coccinelle.lip6.fr/) // @r exists@ local …
Oct 28 2010
drivers/video/matrox/matroxfb_maven.c: fix unsigned return type
Author: Julia Lawall <julia@diku.dk> The function has an unsigned return type, but returns a negative constant to indicate an error condition. The result of calling the function is only tested by comparison to 0, and thus unsigned is not needed and can be dropped from the return type. A sematic match that finds this problem …
Oct 26 2010
drivers/ata/pata_octeon_cf.c: delete double assignment
Author: Julia Lawall <julia@diku.dk> Delete successive assignments to the same location. A simplified version of the semantic match that finds this problem is as follows: (http://coccinelle.lip6.fr/) // @@ expression i; @@ *i = …; i = …; // Signed-off-by: Julia Lawall Signed-off-by: Jeff Garzik — drivers/ata/pata_octeon_cf.c | 2 — 1 file changed, 2 deletions(-) …
Oct 26 2010
sound/oss/sb_ess.c: delete double assignment
Author: Julia Lawall <julia@diku.dk> Delete successive assignments to the same location. A simplified version of the semantic match that finds this problem is as follows: (http://coccinelle.lip6.fr/) // @@ expression i; @@ *i = …; i = …; // Signed-off-by: Julia Lawall Signed-off-by: Takashi Iwai — sound/oss/sb_ess.c | 1 – 1 file changed, 1 deletion(-) …
