lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 9 Jul 2019 14:14:48 +0200
From:   Markus Elfring <Markus.Elfring@....de>
To:     Wen Yang <wen.yang99@....com.cn>,
        Julia Lawall <julia.lawall@...6.fr>,
        Coccinelle <cocci@...teme.lip6.fr>
Cc:     Allison Randal <allison@...utok.net>,
        Armijn Hemel <armijn@...ldur.nl>,
        Cheng Shengyu <cheng.shengyu@....com.cn>,
        "David S. Miller" <davem@...emloft.net>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Herbert Xu <herbert@...dor.apana.org.au>,
        Thomas Gleixner <tglx@...utronix.de>,
        Xue Zhihong <xue.zhihong@....com.cn>,
        Yi Wang <wang.yi59@....com.cn>, linux-crypto@...r.kernel.org,
        LKML <linux-kernel@...r.kernel.org>
Subject: Re: Coccinelle: Checking the deletion of duplicate of_node_put()
 calls with SmPL

> 110:	ierr_out:

> 111:		of_node_put(trng);  ---> double released here

> ...


>
> This issue was detected by using the Coccinelle software.

Such a detection of a questionable source code place can be nice and helpful.

I constructed another script variant for the semantic patch language.

@deletion@
expression x;
identifier target;
@@
 of_node_put(x);
 if (...)
    goto target;
 ... when any
 target:
-of_node_put(x);


I observe then that this adjustment approach can generate the desired patch
for a source code extract.

elfring@...ne:~/Projekte/Coccinelle/Probe> spatch ../janitor/delete_duplicate_of_node_put1.cocci crypto4xx_trng-excerpt1.c

…
-	of_node_put(trng);

…


But I wonder at the moment why it does not work (as expected) for the original
complete source file.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/crypto/amcc/crypto4xx_trng.c?id=5ad18b2e60b75c7297a998dea702451d33a052ed#n71
https://elixir.bootlin.com/linux/v5.2/source/drivers/crypto/amcc/crypto4xx_trng.c#L71

I am curious on further software development ideas.

Regards,
Markus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ