Author: Julia Lawall <julia@diku.dk> GFP_ATOMIC is not needed here, as evidenced by the other two uses of GFP_KERNEL in the same function. The semantic match that finds this problem is as follows: (http://coccinelle.lip6.fr/) // @@ identifier f; @@ *f(…,GFP_ATOMIC,…) … when != spin_unlock(…) when != read_unlock(…) when != write_unlock(…) when != read_unlock_irq(…) when != write_unlock_irq(…) …
Catégorie : Linux
Aug 01 2010
[SCSI] pm8001: introduce missing kfree
Author: Julia Lawall <julia@diku.dk> Error handling code following a kmalloc should free the allocated data. The semantic match that finds the problem is as follows: (http://www.emn.fr/x-info/coccinelle/) // @r exists@ local idexpression x; expression E; identifier f,f1; position p1,p2; @@ x@p1 = \(kmalloc\|kzalloc\|kcalloc\)(…); f1 = E | (x->f1 == NULL || …) | f(…,x->f1,…) ) …> …
Jul 31 2010
net/rose: Use GFP_ATOMIC
Author: Julia Lawall <julia@diku.dk> The other calls to kmalloc in the same function use GFP_ATOMIC, and indeed two locks are held within the body of the function. The semantic match that finds this problem is as follows: (http://coccinelle.lip6.fr/) // @@ identifier f; @@ *f(…,GFP_ATOMIC,…) … when != spin_unlock(…) when != read_unlock(…) when != write_unlock(…) when …
Jul 30 2010
SA1111: Eliminate use after free
Author: Julia Lawall <julia@diku.dk> __sa1111_remove always frees its argument, so the subsequent reference to sachip->saved_state represents a use after free. __sa1111_remove does not appear to use the saved_state field, so the patch simply frees it first. A simplified version of the semantic patch that finds this problem is as follows: (http://coccinelle.lip6.fr/) // @@ expression E,E2; …
Jul 23 2010
qeth: Use memdup_user when user data is immediately copied into the allocated region.
Author: Julia Lawall <julia@diku.dk> The semantic patch that makes this change is as follows: (http://coccinelle.lip6.fr/) // @@ expression from,to,size,flag; position p; identifier l1,l2; @@ – to = \(kmalloc@p\|kzalloc@p\)(size,flag); + to = memdup_user(from,size); if ( – to==NULL + IS_ERR(to) || …) { } – if (copy_from_user(to, from, size) != 0) { – – } // Signed-off-by: …
Jul 21 2010
drivers/block: use memdup_user
Author: Julia Lawall <julia@diku.dk> Use memdup_user when user data is immediately copied into the allocated region. Some checkpatch cleanups in nearby code. The semantic patch that makes this change is as follows: (http://coccinelle.lip6.fr/) // @@ expression from,to,size,flag; position p; identifier l1,l2; @@ – to = \(kmalloc@p\|kzalloc@p\)(size,flag); + to = memdup_user(from,size); if ( – to==NULL + …
Jul 21 2010
V4L/DVB: drivers/video/omap2/displays: add missing mutex_unlock
Author: Julia Lawall <julia@diku.dk> Add a mutex_unlock missing on the error paths. The use of the mutex is balanced elsewhere in the file. The semantic match that finds this problem is as follows: (http://coccinelle.lip6.fr/) // @@ expression E1; @@ * mutex_lock(E1,…); * mutex_unlock(E1,…); // Signed-off-by: Julia Lawall Acked-by: Mike Isely Signed-off-by: Andrew Morton Signed-off-by: Mauro …
Jul 20 2010
arch/um/drivers: remove duplicate structure field initialization
Author: Julia Lawall <julia@diku.dk> There are two initializations of ndo_set_mac_address, one to a local function that is not used otherwise and one to a function that is defined elsewhere. The semantic match that finds this problem is as follows: (http://coccinelle.lip6.fr/) // @r@ identifier I, s, fld; position p0,p; expression E; @@ struct I s =@p0 …
Jul 17 2010
dma: dmatest: fix potential sign bug
Author: Kulikov Vasiliy <segooon@gmail.com> ‘cnt’ is unsigned, so this code may become wrong in future as dmatest_add_threads() can return error code: cnt = dmatest_add_threads(dtc, DMA_MEMCPY); thread_count += cnt > 0 ? cnt : 0; ^^^^^^^ Now it can return only -EINVAL if and only if second argument of dmatest_add_threads() is not one of DMA_MEMCPY, DMA_XOR, …
Jul 17 2010
arm: mach-davinci: check irq2ctlr() result
Author: Kulikov Vasiliy <segooon@gmail.com> If irq2ctlr() fails return IRQ_NONE. Also as it can fail make ‘ctlr’ signed. The semantic patch that finds this problem (many false-positive results): (http://coccinelle.lip6.fr/) // @ r1 @ identifier f; @@ int f(…) { … } @@ identifier r1.f; type T; unsigned T x; @@ *x = f(…) … *x > …