From: Julia Lawall Error handling code following a kmalloc should free the allocated data. The semantic match that finds the problem is as follows: (http://www.emn.fr/x-info/coccinelle/) // @r exists@ local idexpression x; statement S; expression E; identifier f,l; position p1,p2; expression *ptr != NULL; @@ ( if ((x@p1 = \(kmalloc\|kzalloc\|kcalloc\)(...)) == NULL) S | x@p1 = \(kmalloc\|kzalloc\|kcalloc\)(...); .. if (x == NULL) S ) <... when != x when != if (...) { <+...x...+> } x->f = E ..> ( return \(0\|<+...x...+>\|ptr\); | return@p2 ...; ) @script:python@ p1 << r.p1; p2 << r.p2; @@ print "* file: %s kmalloc %s return %s" % (p1[0].file,p1[0].line,p2[0].line) // Signed-off-by: Julia Lawall Signed-off-by: Geert Uytterhoeven --- arch/m68k/mm/kmap.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/arch/m68k/mm/kmap.c +++ b/arch/m68k/mm/kmap.c @@ -66,8 +66,10 @@ static struct vm_struct *get_io_area(uns for (p = &iolist; (tmp = *p) ; p = &tmp->next) { if (size + addr < (unsigned long)tmp->addr) break; - if (addr > KMAP_END-size) + if (addr > KMAP_END-size) { + kfree(area); return NULL; + } addr = tmp->size + (unsigned long)tmp->addr; } area->addr = (void *)addr; -- Gr{oetje,eeting}s, Geert -- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/