Author: Julia Lawall <julia@diku.dk> Data allocated with devm_ioremap or devm_ioremap_nocache should not be freed using iounmap, because doing so causes a dangling pointer, and a subsequent double free. The semantic match that finds this problem is as follows: (http://coccinelle.lip6.fr/) // @r@ expression x; @@ ( x = devm_ioremap(…) | x = devm_ioremap_nocache(…) ) @@ expression …
Dec 23 2011
arch/powerpc/sysdev/fsl_rmu.c: introduce missing kfree
Author: Julia Lawall <julia@diku.dk> rmu needs to be freed before leaving the function in an error case. A simplified version of the semantic match that finds the problem is as follows: (http://coccinelle.lip6.fr) // @r exists@ local idexpression x; statement S; identifier f1; position p1,p2; expression *ptr != NULL; @@ x@p1 = \(kmalloc\|kzalloc\|kcalloc\)(…); … if (x …
Dec 23 2011
ARM: OMAP2+: arch/arm/mach-omap2/devices.c: introduce missing kfree
Author: Julia Lawall <julia@diku.dk> pdata needs to be freed before leaving the function in an error case. A simplified version of the semantic match that finds the problem is as follows: (http://coccinelle.lip6.fr) // @r exists@ local idexpression x; statement S; identifier f1; position p1,p2; expression *ptr != NULL; @@ x@p1 = \(kmalloc\|kzalloc\|kcalloc\)(…); … if (x …
Dec 23 2011
drivers/usb/host/isp1760-if.c: introduce missing kfree
Author: Julia Lawall <julia@diku.dk> drvdata needds to be freed before leaving the function in an error case. A simplified version of the semantic match that finds the problem is as follows: (http://coccinelle.lip6.fr) // @r exists@ local idexpression x; statement S; identifier f1; position p1,p2; expression *ptr != NULL; @@ x@p1 = \(kmalloc\|kzalloc\|kcalloc\)(…); … if (x …
Dec 23 2011
xen-gntalloc: introduce missing kfree
Author: Julia Lawall <julia@diku.dk> Error handling code following a kmalloc should free the allocated data. Out_unlock is used on both success and failure, so free vm_priv before jumping to that label. A simplified version of the semantic match that finds the problem is as follows: (http://coccinelle.lip6.fr) // @r exists@ local idexpression x; statement S; identifier …
Dec 23 2011
drivers/usb/dwc3/dwc3-pci.c: introduce missing kfree
Author: Julia Lawall <julia@diku.dk> Glue needs to be freed on exiting the function in an error case. Furthermore, pci, which is the first argument to the probe function should not be freed before leaveing the function, as it is reused at the call site. So the free of pci is changed to free glue instead. …
Dec 23 2011
net/rfkill/rfkill-gpio.c: introduce missing kfree
Author: Julia Lawall <julia@diku.dk> Error handling code following a kmalloc should free the allocated data. The label fail_alloc already does this for rfkill. A simplified version of the semantic match that finds the problem is as follows: (http://coccinelle.lip6.fr) // @r exists@ local idexpression x; statement S; identifier f1; position p1,p2; expression *ptr != NULL; @@ …
Dec 23 2011
mfd: Introduce missing kfree in 88pm860x probe routine
Author: Julia Lawall <julia@diku.dk> Error handling code following a kzalloc should free the allocated data. At this point, chip has been allocated and some fields have been initialized, but it has not been stored anywhere, so it should be freed before leaving the function. A simplified version of the semantic match that finds the problem …
Dec 23 2011
[media] drivers/staging/media/as102/as102_usb_drv.c: shift position of allocation code
Author: Julia Lawall <julia@diku.dk> The conditional after the kzalloc says that the tested expression should never be true, but if it were, the allocated data would have to be freed. This change just moves the allocation below the test, to avoid any possibility of the problem. A simplified version of the semantic match that finds …
Dec 23 2011
[media] drivers/media/video/davinci/vpbe.c: introduce missing kfree
Author: Julia Lawall <julia@diku.dk> vpbe_dev needs to be freed before leaving the function in an error case. A simplified version of the semantic match that finds the problem is as follows: (http://coccinelle.lip6.fr) // @r exists@ local idexpression x; statement S; identifier f1; position p1,p2; expression *ptr != NULL; @@ x@p1 = \(kmalloc\|kzalloc\|kcalloc\)(…); … if (x …
