From: Julia Lawall <[email protected]>
Check that the result of kmalloc is not NULL before passing it to other
functions.
In the first two cases, the new code returns -ENOMEM, which seems
compatible with what is done for similar functions for other architectures.
In the last two cases, the new code fails silently, ie just returns,
because the function has void return type.
The semantic match that finds this problem is as follows:
(http://www.emn.fr/x-info/coccinelle/)
// <smpl>
@@
expression *x;
identifier f;
constant char *C;
@@
x = \(kmalloc\|kcalloc\|kzalloc\)(...);
... when != x == NULL
when != x != NULL
when != (x || ...)
(
kfree(x)
|
f(...,C,...,x,...)
|
*f(...,x,...)
|
*x->f
)
// </smpl>
Signed-off-by: Julia Lawall <[email protected]>
---
arch/blackfin/mach-common/smp.c | 8 ++++++++
1 files changed, 8 insertions(+), 0 deletions(-)
diff --git a/arch/blackfin/mach-common/smp.c b/arch/blackfin/mach-common/smp.c
index 6184005..10dd298 100644
--- a/arch/blackfin/mach-common/smp.c
+++ b/arch/blackfin/mach-common/smp.c
@@ -211,6 +211,8 @@ int smp_call_function(void (*func)(void *info), void *info, int wait)
return 0;
msg = kmalloc(sizeof(*msg), GFP_ATOMIC);
+ if (!msg)
+ return -ENOMEM;
INIT_LIST_HEAD(&msg->list);
msg->call_struct.func = func;
msg->call_struct.info = info;
@@ -252,6 +254,8 @@ int smp_call_function_single(int cpuid, void (*func) (void *info), void *info,
cpu_set(cpu, callmap);
msg = kmalloc(sizeof(*msg), GFP_ATOMIC);
+ if (!msg)
+ return -ENOMEM;
INIT_LIST_HEAD(&msg->list);
msg->call_struct.func = func;
msg->call_struct.info = info;
@@ -287,6 +291,8 @@ void smp_send_reschedule(int cpu)
return;
msg = kmalloc(sizeof(*msg), GFP_ATOMIC);
+ if (!msg)
+ return;
memset(msg, 0, sizeof(msg));
INIT_LIST_HEAD(&msg->list);
msg->type = BFIN_IPI_RESCHEDULE;
@@ -314,6 +320,8 @@ void smp_send_stop(void)
return;
msg = kmalloc(sizeof(*msg), GFP_ATOMIC);
+ if (!msg)
+ return;
memset(msg, 0, sizeof(msg));
INIT_LIST_HEAD(&msg->list);
msg->type = BFIN_IPI_CPU_STOP;
Thanks.
Applied.
Sonic
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of
Julia Lawall
Sent: Monday, July 13, 2009 4:55 PM
To: [email protected]; [email protected];
[email protected]; [email protected]
Subject: [Uclinux-dist-devel] [PATCH] arch/blackfin: Add kmalloc NULL
tests
From: Julia Lawall <[email protected]>
Check that the result of kmalloc is not NULL before passing it to other
functions.
In the first two cases, the new code returns -ENOMEM, which seems
compatible with what is done for similar functions for other
architectures.
In the last two cases, the new code fails silently, ie just returns,
because the function has void return type.
The semantic match that finds this problem is as follows:
(http://www.emn.fr/x-info/coccinelle/)
// <smpl>
@@
expression *x;
identifier f;
constant char *C;
@@
x = \(kmalloc\|kcalloc\|kzalloc\)(...);
... when != x == NULL
when != x != NULL
when != (x || ...)
(
kfree(x)
|
f(...,C,...,x,...)
|
*f(...,x,...)
|
*x->f
)
// </smpl>
Signed-off-by: Julia Lawall <[email protected]>
---
arch/blackfin/mach-common/smp.c | 8 ++++++++
1 files changed, 8 insertions(+), 0 deletions(-)
diff --git a/arch/blackfin/mach-common/smp.c
b/arch/blackfin/mach-common/smp.c index 6184005..10dd298 100644
--- a/arch/blackfin/mach-common/smp.c
+++ b/arch/blackfin/mach-common/smp.c
@@ -211,6 +211,8 @@ int smp_call_function(void (*func)(void *info), void
*info, int wait)
return 0;
msg = kmalloc(sizeof(*msg), GFP_ATOMIC);
+ if (!msg)
+ return -ENOMEM;
INIT_LIST_HEAD(&msg->list);
msg->call_struct.func = func;
msg->call_struct.info = info;
@@ -252,6 +254,8 @@ int smp_call_function_single(int cpuid, void (*func)
(void *info), void *info,
cpu_set(cpu, callmap);
msg = kmalloc(sizeof(*msg), GFP_ATOMIC);
+ if (!msg)
+ return -ENOMEM;
INIT_LIST_HEAD(&msg->list);
msg->call_struct.func = func;
msg->call_struct.info = info;
@@ -287,6 +291,8 @@ void smp_send_reschedule(int cpu)
return;
msg = kmalloc(sizeof(*msg), GFP_ATOMIC);
+ if (!msg)
+ return;
memset(msg, 0, sizeof(msg));
INIT_LIST_HEAD(&msg->list);
msg->type = BFIN_IPI_RESCHEDULE;
@@ -314,6 +320,8 @@ void smp_send_stop(void)
return;
msg = kmalloc(sizeof(*msg), GFP_ATOMIC);
+ if (!msg)
+ return;
memset(msg, 0, sizeof(msg));
INIT_LIST_HEAD(&msg->list);
msg->type = BFIN_IPI_CPU_STOP;
_______________________________________________
Uclinux-dist-devel mailing list
[email protected]
https://blackfin.uclinux.org/mailman/listinfo/uclinux-dist-devel