diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2010-10-29 03:18:59 +0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2010-10-29 03:18:59 +0400 |
| commit | e596c79050eafea89cf9fe26b7a807643a2a9904 (patch) | |
| tree | 36a0c9b0d4cb149c2c5098be2257639631e5d6c6 /scripts/coccinelle/free/kfree.cocci | |
| parent | 51399a391940e676877c7a791138081f13a0bab7 (diff) | |
| parent | 9231d9e02a1f92b52bbb1e4474bfd1903835a993 (diff) | |
| download | linux-e596c79050eafea89cf9fe26b7a807643a2a9904.tar.xz | |
Merge branch 'misc' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild-2.6
* 'misc' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild-2.6: (39 commits)
Revert "namespace: add source file location exceptions"
Coccinelle: Add contextual message
Coccinelle: Fix documentation
Coccinelle: Find doubled arguments to boolean or bit operators.
Coccinelle: Find nested lock+irqsave functions that use the same flags variables.
namespace: add source file location exceptions
scripts/extract-ikconfig: add support for bzip2, lzma and lzo
kbuild: check return value of asprintf()
scripts/namespace.pl: improve to get more correct results
scripts/namespace.pl: some bug fixes
scripts/namespace.pl: update file exclusion list
scripts/namespace.pl: fix wrong source path
Coccinelle: Use the -no_show_diff option for org and report mode
Coccinelle: Add a new mode named 'chain'
Coccinelle: Use new comment format to explain kfree.cocci
Coccinelle: Improve user information with a new kind of comment
Coccinelle: Update documentation
MAINTAINERS: Coccinelle: Update email address
Documentation/kbuild: modules.txt cleanup
Documentation/kbuild: major edit of modules.txt sections 5-8
...
Diffstat (limited to 'scripts/coccinelle/free/kfree.cocci')
| -rw-r--r-- | scripts/coccinelle/free/kfree.cocci | 117 |
1 files changed, 117 insertions, 0 deletions
diff --git a/scripts/coccinelle/free/kfree.cocci b/scripts/coccinelle/free/kfree.cocci new file mode 100644 index 000000000000..f9f79d9245ee --- /dev/null +++ b/scripts/coccinelle/free/kfree.cocci @@ -0,0 +1,117 @@ +/// Find a use after free. +//# Values of variables may imply that some +//# execution paths are not possible, resulting in false positives. +//# Another source of false positives are macros such as +//# SCTP_DBG_OBJCNT_DEC that do not actually evaluate their argument +/// +// Confidence: Moderate +// Copyright: (C) 2010 Nicolas Palix, DIKU. GPLv2. +// Copyright: (C) 2010 Julia Lawall, DIKU. GPLv2. +// Copyright: (C) 2010 Gilles Muller, INRIA/LiP6. GPLv2. +// URL: http://coccinelle.lip6.fr/ +// Comments: +// Options: -no_includes -include_headers + +virtual org +virtual report + +@free@ +expression E; +position p1; +@@ + +kfree@p1(E) + +@print expression@ +constant char *c; +expression free.E,E2; +type T; +position p; +identifier f; +@@ + +( + f(...,c,...,(T)E@p,...) +| + E@p == E2 +| + E@p != E2 +| + !E@p +| + E@p || ... +) + +@sz@ +expression free.E; +position p; +@@ + + sizeof(<+...E@p...+>) + +@loop exists@ +expression E; +identifier l; +position ok; +@@ + +while (1) { ... + kfree@ok(E) + ... when != break; + when != goto l; + when forall +} + +@r exists@ +expression free.E, subE<=free.E, E2; +expression E1; +iterator iter; +statement S; +position free.p1!=loop.ok,p2!={print.p,sz.p}; +@@ + +kfree@p1(E,...) +... +( + iter(...,subE,...) S // no use +| + list_remove_head(E1,subE,...) +| + subE = E2 +| + subE++ +| + ++subE +| + --subE +| + subE-- +| + &subE +| + BUG(...) +| + BUG_ON(...) +| + return_VALUE(...) +| + return_ACPI_STATUS(...) +| + E@p2 // bad use +) + +@script:python depends on org@ +p1 << free.p1; +p2 << r.p2; +@@ + +cocci.print_main("kfree",p1) +cocci.print_secs("ref",p2) + +@script:python depends on report@ +p1 << free.p1; +p2 << r.p2; +@@ + +msg = "reference preceded by free on line %s" % (p1[0].line) +coccilib.report.print_report(p2[0],msg) |