~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/scripts/coccinelle/free/devm_free.cocci

Version: ~ [ linux-6.11.5 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.58 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.114 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.169 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.228 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.284 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.322 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~ 
  1 // SPDX-License-Identifier: GPL-2.0-only
  2 /// Find uses of standard freeing functons on values allocated using devm_
  3 /// functions.  Values allocated using the devm_functions are freed when
  4 /// the device is detached, and thus the use of the standard freeing
  5 /// function would cause a double free.
  6 /// See Documentation/driver-api/driver-model/devres.rst for more information.
  7 ///
  8 /// A difficulty of detecting this problem is that the standard freeing
  9 /// function might be called from a different function than the one
 10 /// containing the allocation function.  It is thus necessary to make the
 11 /// connection between the allocation function and the freeing function.
 12 /// Here this is done using the specific argument text, which is prone to
 13 /// false positives.  There is no rule for the request_region and
 14 /// request_mem_region variants because this heuristic seems to be a bit
 15 /// less reliable in these cases.
 16 ///
 17 // Confidence: Moderate
 18 // Copyright: (C) 2011 Julia Lawall, INRIA/LIP6.
 19 // Copyright: (C) 2011 Gilles Muller, INRIA/LiP6.
 20 // URL: https://coccinelle.gitlabpages.inria.fr/website
 21 // Comments:
 22 // Options: --no-includes --include-headers
 23 
 24 virtual org
 25 virtual report
 26 virtual context
 27 
 28 @r depends on context || org || report@
 29 expression x;
 30 @@
 31 
 32 (
 33  x = devm_kmalloc(...)
 34 |
 35  x = devm_kvasprintf(...)
 36 |
 37  x = devm_kasprintf(...)
 38 |
 39  x = devm_kzalloc(...)
 40 |
 41  x = devm_kmalloc_array(...)
 42 |
 43  x = devm_kcalloc(...)
 44 |
 45  x = devm_kstrdup(...)
 46 |
 47  x = devm_kmemdup(...)
 48 |
 49  x = devm_get_free_pages(...)
 50 |
 51  x = devm_request_irq(...)
 52 |
 53  x = devm_ioremap(...)
 54 |
 55  x = devm_ioport_map(...)
 56 )
 57 
 58 @safe depends on context || org || report exists@
 59 expression x;
 60 position p;
 61 @@
 62 
 63 (
 64  x = kmalloc(...)
 65 |
 66  x = kvasprintf(...)
 67 |
 68  x = kasprintf(...)
 69 |
 70  x = kzalloc(...)
 71 |
 72  x = kmalloc_array(...)
 73 |
 74  x = kcalloc(...)
 75 |
 76  x = kstrdup(...)
 77 |
 78  x = kmemdup(...)
 79 |
 80  x = get_free_pages(...)
 81 |
 82  x = request_irq(...)
 83 |
 84  x = ioremap(...)
 85 |
 86  x = ioport_map(...)
 87 )
 88 ...
 89 (
 90  kfree@p(x)
 91 |
 92  kfree_sensitive@p(x)
 93 |
 94  krealloc@p(x, ...)
 95 |
 96  free_pages@p(x, ...)
 97 |
 98  free_page@p(x)
 99 |
100  free_irq@p(x)
101 |
102  iounmap@p(x)
103 |
104  ioport_unmap@p(x)
105 )
106 
107 @pb@
108 expression r.x;
109 position p != safe.p;
110 @@
111 
112 (
113 * kfree@p(x)
114 |
115 * kfree_sensitive@p(x)
116 |
117 * krealloc@p(x, ...)
118 |
119 * free_pages@p(x, ...)
120 |
121 * free_page@p(x)
122 |
123 * free_irq@p(x)
124 |
125 * iounmap@p(x)
126 |
127 * ioport_unmap@p(x)
128 )
129 
130 @script:python depends on org@
131 p << pb.p;
132 @@
133 
134 msg="WARNING: invalid free of devm_ allocated data"
135 coccilib.org.print_todo(p[0], msg)
136 
137 @script:python depends on report@
138 p << pb.p;
139 @@
140 
141 msg="WARNING: invalid free of devm_ allocated data"
142 coccilib.report.print_report(p[0], msg)
143
~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~
kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php