Author: Julia Lawall <julia@diku.dk> Use the call to snd_card_free in the error handling code at the end of the function, as in the other error cases. A simplified version of the semantic patch that finds this problem is as follows: (http://coccinelle.lip6.fr/) // @@ expression E,E2; @@ snd_card_free(E) … ( E = E2 | * E …
Apr 02 2010
mtd: maps: Eliminate use after free
Author: Julia Lawall <julia@diku.dk> Moved the debugging message before the call to map_destroy, which frees its argument. The message is also slightly changed to reflect its new position. A simplified version of the semantic patch that finds this problem is as follows: (http://coccinelle.lip6.fr/) // @@ expression E,E2; @@ del_mtd_device(E) … ( E = E2 | …
Apr 02 2010
powerpc/pseries/dlpar: Eliminate use after free
Author: Julia Lawall <julia@diku.dk> dlpar_free_cc_nodes frees its argument, so dlpar_online_cpu should not be called on the same value. Skip over the call to dlpar_online_cpu by jumping directly to out. A simplified version of the semantic patch that finds this problem is as follows: (http://coccinelle.lip6.fr/) // @@ expression E,E2; @@ dlpar_free_cc_nodes(E) … ( E = E2 …
Mar 30 2010
drivers/serial/sunsu.c: Correct use after free
Author: Julia Lawall <julia@diku.dk> The of_iounmap is at the out_unmap label, but at that point up has already been freed. The free cannot be moved to the out_unmap label, because that label is reachable from cases where up should not be freed. So the call to of_iounmap is just duplicated, and the goto converted to …
Mar 29 2010
ring-buffer: Add missing unlock
Author: Julia Lawall <julia@diku.dk> In some error handling cases the lock is not unlocked. The return is converted to a goto, to share the unlock at the end of the function. A simplified version of the semantic patch that finds this problem is as follows: (http://coccinelle.lip6.fr/) // @r exists@ expression E1; identifier f; @@ f …
Mar 29 2010
USB: gadget: s3c-hsotg: Add missing unlock
Author: Julia Lawall <julia@diku.dk> In an error handling case the lock is not unlocked. The return is converted to a goto, to share the unlock at the end of the function. A simplified version of the semantic patch that finds this problem is as follows: (http://coccinelle.lip6.fr/) // @r exists@ expression E1; identifier f; @@ f …
Mar 29 2010
drivers/pcmcia: Add missing local_irq_restore
Author: Julia Lawall <julia@diku.dk> Use local_irq_restore in this error-handling case just like in the one just below. A simplified version of the semantic patch that finds this problem is as follows: (http://coccinelle.lip6.fr/) // @r exists@ expression E1; identifier f; @@ f (…) { } // Signed-off-by: Julia Lawall Signed-off-by: Dominik Brodowski — drivers/pcmcia/db1xxx_ss.c | 4 …
Mar 29 2010
drivers/net: Add missing unlock
Author: Julia Lawall <julia@diku.dk> Unlock the lock before leaving the function. A simplified version of the semantic patch that finds this problem is as follows: (http://coccinelle.lip6.fr/) // @r exists@ expression E1; identifier f; @@ f (…) { } // Signed-off-by: Julia Lawall Signed-off-by: David S. Miller — drivers/net/sgiseeq.c | 4 +++- 1 file changed, 3 …
Mar 29 2010
powerpc/pmac: Add missing unlocks in error path
Author: Julia Lawall <julia@diku.dk> In some error handling cases the lock is not unlocked. A simplified version of the semantic patch that finds this problem is as follows: (http://coccinelle.lip6.fr/) // @r exists@ expression E1; identifier f; @@ f (…) { } // Signed-off-by: Julia Lawall Signed-off-by: Benjamin Herrenschmidt — drivers/macintosh/macio-adb.c | 1 + drivers/macintosh/smu.c | …
Mar 29 2010
powerpc/vio: Add missing unlock in error path
Author: Julia Lawall <julia@diku.dk> Add an unlock before exiting the function. A simplified version of the semantic patch that finds this problem is as follows: (http://coccinelle.lip6.fr/) // @r exists@ expression E1; identifier f; @@ f (…) { } // Signed-off-by: Julia Lawall Acked-by: Stephen Rothwell Signed-off-by: Benjamin Herrenschmidt — arch/powerpc/kernel/vio.c | 4 +++- 1 file …
