From: Julia Lawall <[email protected]>
Check that the result of kmalloc is not NULL before passing it to other
functions.
The semantic match that finds this problem is as follows:
(http://www.emn.fr/x-info/coccinelle/)
// <smpl>
@@
expression *x;
identifier f;
constant char *C;
@@
x = \(kmalloc\|kcalloc\|kzalloc\)(...);
... when != x == NULL
when != x != NULL
when != (x || ...)
(
kfree(x)
|
f(...,C,...,x,...)
|
*f(...,x,...)
|
*x->f
)
// </smpl>
Signed-off-by: Julia Lawall <[email protected]>
---
mm/slab.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/mm/slab.c b/mm/slab.c
index 7b5d4de..972e427 100644
--- a/mm/slab.c
+++ b/mm/slab.c
@@ -1502,6 +1502,7 @@ void __init kmem_cache_init(void)
ptr = kmalloc(sizeof(struct arraycache_init), GFP_NOWAIT);
+ BUG_ON(!ptr);
BUG_ON(cpu_cache_get(&cache_cache) != &initarray_cache.cache);
memcpy(ptr, cpu_cache_get(&cache_cache),
sizeof(struct arraycache_init));
@@ -1514,6 +1515,7 @@ void __init kmem_cache_init(void)
ptr = kmalloc(sizeof(struct arraycache_init), GFP_NOWAIT);
+ BUG_ON(!ptr);
BUG_ON(cpu_cache_get(malloc_sizes[INDEX_AC].cs_cachep)
!= &initarray_generic.cache);
memcpy(ptr, cpu_cache_get(malloc_sizes[INDEX_AC].cs_cachep),
Hello Julia,
On Thu, Jul 30, 2009 at 04:10:22PM +0200, Julia Lawall wrote:
> diff --git a/mm/slab.c b/mm/slab.c
> index 7b5d4de..972e427 100644
> --- a/mm/slab.c
> +++ b/mm/slab.c
> @@ -1502,6 +1502,7 @@ void __init kmem_cache_init(void)
>
> ptr = kmalloc(sizeof(struct arraycache_init), GFP_NOWAIT);
>
> + BUG_ON(!ptr);
> BUG_ON(cpu_cache_get(&cache_cache) != &initarray_cache.cache);
> memcpy(ptr, cpu_cache_get(&cache_cache),
> sizeof(struct arraycache_init));
This does not change the end result when the allocation fails: you get
a stacktrace and a kernel panic. Leaving it as is saves a line of
code.
> @@ -1514,6 +1515,7 @@ void __init kmem_cache_init(void)
>
> ptr = kmalloc(sizeof(struct arraycache_init), GFP_NOWAIT);
>
> + BUG_ON(!ptr);
> BUG_ON(cpu_cache_get(malloc_sizes[INDEX_AC].cs_cachep)
> != &initarray_generic.cache);
> memcpy(ptr, cpu_cache_get(malloc_sizes[INDEX_AC].cs_cachep),
Hannes
On Thu, 30 July 2009 17:36:58 +0200, Johannes Weiner wrote:
> On Thu, Jul 30, 2009 at 04:10:22PM +0200, Julia Lawall wrote:
>
> > diff --git a/mm/slab.c b/mm/slab.c
> > index 7b5d4de..972e427 100644
> > --- a/mm/slab.c
> > +++ b/mm/slab.c
> > @@ -1502,6 +1502,7 @@ void __init kmem_cache_init(void)
> >
> > ptr = kmalloc(sizeof(struct arraycache_init), GFP_NOWAIT);
> >
> > + BUG_ON(!ptr);
> > BUG_ON(cpu_cache_get(&cache_cache) != &initarray_cache.cache);
> > memcpy(ptr, cpu_cache_get(&cache_cache),
> > sizeof(struct arraycache_init));
>
> This does not change the end result when the allocation fails: you get
> a stacktrace and a kernel panic. Leaving it as is saves a line of
> code.
According to http://lwn.net/Articles/342420/, there may be a subtle
difference.
Jörn
--
"Error protection by error detection and correction."
-- from a university class
On Thu, Jul 30, 2009 at 08:35:59PM +0200, Jörn Engel wrote:
> On Thu, 30 July 2009 17:36:58 +0200, Johannes Weiner wrote:
> > On Thu, Jul 30, 2009 at 04:10:22PM +0200, Julia Lawall wrote:
> >
> > > diff --git a/mm/slab.c b/mm/slab.c
> > > index 7b5d4de..972e427 100644
> > > --- a/mm/slab.c
> > > +++ b/mm/slab.c
> > > @@ -1502,6 +1502,7 @@ void __init kmem_cache_init(void)
> > >
> > > ptr = kmalloc(sizeof(struct arraycache_init), GFP_NOWAIT);
> > >
> > > + BUG_ON(!ptr);
> > > BUG_ON(cpu_cache_get(&cache_cache) != &initarray_cache.cache);
> > > memcpy(ptr, cpu_cache_get(&cache_cache),
> > > sizeof(struct arraycache_init));
> >
> > This does not change the end result when the allocation fails: you get
> > a stacktrace and a kernel panic. Leaving it as is saves a line of
> > code.
>
> According to http://lwn.net/Articles/342420/, there may be a subtle
> difference.
You will probably have a hard time establishing a userspace mapping
before slab is initializied :)
On Thu, 30 July 2009 21:12:14 +0200, Johannes Weiner wrote:
>
> You will probably have a hard time establishing a userspace mapping
> before slab is initializied :)
Agreed.
Jörn
--
The story so far:
In the beginning the Universe was created. This has made a lot
of people very angry and been widely regarded as a bad move.
-- Douglas Adams