From: Julia Lawall <[email protected]>
Error handling code following a kzalloc should free the allocated data.
The semantic match that finds the problem is as follows:
(http://www.emn.fr/x-info/coccinelle/)
// <smpl>
@r exists@
local idexpression x;
statement S;
expression E;
identifier f,f1,l;
position p1,p2;
expression *ptr != NULL;
@@
x@p1 = \(kmalloc\|kzalloc\|kcalloc\)(...);
...
if (x == NULL) S
<... when != x
when != if (...) { <+...x...+> }
(
x->f1 = E
|
(x->f1 == NULL || ...)
|
f(...,x->f1,...)
)
...>
(
return \(0\|<+...x...+>\|ptr\);
|
return@p2 ...;
)
@script:python@
p1 << r.p1;
p2 << r.p2;
@@
print "* file: %s kmalloc %s return %s" % (p1[0].file,p1[0].line,p2[0].line)
// </smpl>
Signed-off-by: Julia Lawall <[email protected]>
---
drivers/net/wireless/iwlwifi/iwl-debugfs.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/drivers/net/wireless/iwlwifi/iwl-debugfs.c b/drivers/net/wireless/iwlwifi/iwl-debugfs.c
index 7707a26..c2106d0 100644
--- a/drivers/net/wireless/iwlwifi/iwl-debugfs.c
+++ b/drivers/net/wireless/iwlwifi/iwl-debugfs.c
@@ -320,6 +320,7 @@ static ssize_t iwl_dbgfs_nvm_read(struct file *file,
ptr = priv->eeprom;
if (!ptr) {
IWL_ERR(priv, "Invalid EEPROM/OTP memory\n");
+ kfree(buf);
return -ENOMEM;
}
pos += scnprintf(buf + pos, buf_size - pos, "NVM Type: %s\n",
On Mon, 3 Aug 2009, Zhu Yi wrote:
> On Sat, 2009-08-01 at 16:54 +0800, Julia Lawall wrote:
> > From: Julia Lawall <[email protected]>
> >
> > Error handling code following a kzalloc should free the allocated data.
> >
> > The semantic match that finds the problem is as follows:
> > (http://www.emn.fr/x-info/coccinelle/)
> >
> > // <smpl>
> > @r exists@
> > local idexpression x;
> > statement S;
> > expression E;
> > identifier f,f1,l;
> > position p1,p2;
> > expression *ptr != NULL;
> > @@
> >
> > x@p1 = \(kmalloc\|kzalloc\|kcalloc\)(...);
> > ...
> > if (x == NULL) S
> > <... when != x
> > when != if (...) { <+...x...+> }
> > (
> > x->f1 = E
> > |
> > (x->f1 == NULL || ...)
> > |
> > f(...,x->f1,...)
> > )
> > ...>
> > (
> > return \(0\|<+...x...+>\|ptr\);
> > |
> > return@p2 ...;
> > )
> >
> > @script:python@
> > p1 << r.p1;
> > p2 << r.p2;
> > @@
> >
> > print "* file: %s kmalloc %s return %s" % (p1[0].file,p1[0].line,p2[0].line)
> > // </smpl>
> >
> > Signed-off-by: Julia Lawall <[email protected]>
> > ---
> > drivers/net/wireless/iwlwifi/iwl-debugfs.c | 1 +
> > 1 files changed, 1 insertions(+), 0 deletions(-)
> >
> > diff --git a/drivers/net/wireless/iwlwifi/iwl-debugfs.c b/drivers/net/wireless/iwlwifi/iwl-debugfs.c
> > index 7707a26..c2106d0 100644
> > --- a/drivers/net/wireless/iwlwifi/iwl-debugfs.c
> > +++ b/drivers/net/wireless/iwlwifi/iwl-debugfs.c
> > @@ -320,6 +320,7 @@ static ssize_t iwl_dbgfs_nvm_read(struct file *file,
> > ptr = priv->eeprom;
> > if (!ptr) {
> > IWL_ERR(priv, "Invalid EEPROM/OTP memory\n");
> > + kfree(buf);
> > return -ENOMEM;
> > }
> > pos += scnprintf(buf + pos, buf_size - pos, "NVM Type: %s\n",
>
> Probably moving !priv->eeprom check prior to buf kzalloc is better.
OK, I will do that instead.
julia
On Sat, 2009-08-01 at 16:54 +0800, Julia Lawall wrote:
> From: Julia Lawall <[email protected]>
>
> Error handling code following a kzalloc should free the allocated data.
>
> The semantic match that finds the problem is as follows:
> (http://www.emn.fr/x-info/coccinelle/)
>
> // <smpl>
> @r exists@
> local idexpression x;
> statement S;
> expression E;
> identifier f,f1,l;
> position p1,p2;
> expression *ptr != NULL;
> @@
>
> x@p1 = \(kmalloc\|kzalloc\|kcalloc\)(...);
> ...
> if (x == NULL) S
> <... when != x
> when != if (...) { <+...x...+> }
> (
> x->f1 = E
> |
> (x->f1 == NULL || ...)
> |
> f(...,x->f1,...)
> )
> ...>
> (
> return \(0\|<+...x...+>\|ptr\);
> |
> return@p2 ...;
> )
>
> @script:python@
> p1 << r.p1;
> p2 << r.p2;
> @@
>
> print "* file: %s kmalloc %s return %s" % (p1[0].file,p1[0].line,p2[0].line)
> // </smpl>
>
> Signed-off-by: Julia Lawall <[email protected]>
> ---
> drivers/net/wireless/iwlwifi/iwl-debugfs.c | 1 +
> 1 files changed, 1 insertions(+), 0 deletions(-)
>
> diff --git a/drivers/net/wireless/iwlwifi/iwl-debugfs.c b/drivers/net/wireless/iwlwifi/iwl-debugfs.c
> index 7707a26..c2106d0 100644
> --- a/drivers/net/wireless/iwlwifi/iwl-debugfs.c
> +++ b/drivers/net/wireless/iwlwifi/iwl-debugfs.c
> @@ -320,6 +320,7 @@ static ssize_t iwl_dbgfs_nvm_read(struct file *file,
> ptr = priv->eeprom;
> if (!ptr) {
> IWL_ERR(priv, "Invalid EEPROM/OTP memory\n");
> + kfree(buf);
> return -ENOMEM;
> }
> pos += scnprintf(buf + pos, buf_size - pos, "NVM Type: %s\n",
Probably moving !priv->eeprom check prior to buf kzalloc is better.
Thanks,
-yi
From: Julia Lawall <[email protected]>
Move orthogonal error handling code up before a kzalloc, so that it
doesn't have to free the allocated data.
The semantic match that finds the problem is as follows:
(http://www.emn.fr/x-info/coccinelle/)
// <smpl>
@r exists@
local idexpression x;
statement S;
expression E;
identifier f,f1,l;
position p1,p2;
expression *ptr != NULL;
@@
x@p1 = \(kmalloc\|kzalloc\|kcalloc\)(...);
...
if (x == NULL) S
<... when != x
when != if (...) { <+...x...+> }
(
x->f1 = E
|
(x->f1 == NULL || ...)
|
f(...,x->f1,...)
)
...>
(
return \(0\|<+...x...+>\|ptr\);
|
return@p2 ...;
)
@script:python@
p1 << r.p1;
p2 << r.p2;
@@
print "* file: %s kmalloc %s return %s" % (p1[0].file,p1[0].line,p2[0].line)
// </smpl>
Signed-off-by: Julia Lawall <[email protected]>
---
drivers/net/wireless/iwlwifi/iwl-debugfs.c | 12 ++++++------
1 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/drivers/net/wireless/iwlwifi/iwl-debugfs.c b/drivers/net/wireless/iwlwifi/iwl-debugfs.c
index 7707a26..6748a3f 100644
--- a/drivers/net/wireless/iwlwifi/iwl-debugfs.c
+++ b/drivers/net/wireless/iwlwifi/iwl-debugfs.c
@@ -310,18 +310,18 @@ static ssize_t iwl_dbgfs_nvm_read(struct file *file,
return -ENODATA;
}
+ ptr = priv->eeprom;
+ if (!ptr) {
+ IWL_ERR(priv, "Invalid EEPROM/OTP memory\n");
+ return -ENOMEM;
+ }
+
/* 4 characters for byte 0xYY */
buf = kzalloc(buf_size, GFP_KERNEL);
if (!buf) {
IWL_ERR(priv, "Can not allocate Buffer\n");
return -ENOMEM;
}
-
- ptr = priv->eeprom;
- if (!ptr) {
- IWL_ERR(priv, "Invalid EEPROM/OTP memory\n");
- return -ENOMEM;
- }
pos += scnprintf(buf + pos, buf_size - pos, "NVM Type: %s\n",
(priv->nvm_device_type == NVM_DEVICE_TYPE_OTP)
? "OTP" : "EEPROM");
On Mon, 2009-08-03 at 17:11 +0800, Julia Lawall wrote:
> From: Julia Lawall <[email protected]>
>
> Move orthogonal error handling code up before a kzalloc, so that it
> doesn't have to free the allocated data.
Acked-by: Zhu Yi <[email protected]>
Thanks,
-yi
> The semantic match that finds the problem is as follows:
> (http://www.emn.fr/x-info/coccinelle/)
>
> // <smpl>
> @r exists@
> local idexpression x;
> statement S;
> expression E;
> identifier f,f1,l;
> position p1,p2;
> expression *ptr != NULL;
> @@
>
> x@p1 = \(kmalloc\|kzalloc\|kcalloc\)(...);
> ...
> if (x == NULL) S
> <... when != x
> when != if (...) { <+...x...+> }
> (
> x->f1 = E
> |
> (x->f1 == NULL || ...)
> |
> f(...,x->f1,...)
> )
> ...>
> (
> return \(0\|<+...x...+>\|ptr\);
> |
> return@p2 ...;
> )
>
> @script:python@
> p1 << r.p1;
> p2 << r.p2;
> @@
>
> print "* file: %s kmalloc %s return %s" % (p1[0].file,p1[0].line,p2[0].line)
> // </smpl>
>
> Signed-off-by: Julia Lawall <[email protected]>
> ---
> drivers/net/wireless/iwlwifi/iwl-debugfs.c | 12 ++++++------
> 1 files changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/net/wireless/iwlwifi/iwl-debugfs.c b/drivers/net/wireless/iwlwifi/iwl-debugfs.c
> index 7707a26..6748a3f 100644
> --- a/drivers/net/wireless/iwlwifi/iwl-debugfs.c
> +++ b/drivers/net/wireless/iwlwifi/iwl-debugfs.c
> @@ -310,18 +310,18 @@ static ssize_t iwl_dbgfs_nvm_read(struct file *file,
> return -ENODATA;
> }
>
> + ptr = priv->eeprom;
> + if (!ptr) {
> + IWL_ERR(priv, "Invalid EEPROM/OTP memory\n");
> + return -ENOMEM;
> + }
> +
> /* 4 characters for byte 0xYY */
> buf = kzalloc(buf_size, GFP_KERNEL);
> if (!buf) {
> IWL_ERR(priv, "Can not allocate Buffer\n");
> return -ENOMEM;
> }
> -
> - ptr = priv->eeprom;
> - if (!ptr) {
> - IWL_ERR(priv, "Invalid EEPROM/OTP memory\n");
> - return -ENOMEM;
> - }
> pos += scnprintf(buf + pos, buf_size - pos, "NVM Type: %s\n",
> (priv->nvm_device_type == NVM_DEVICE_TYPE_OTP)
> ? "OTP" : "EEPROM");