| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1550039015-5587-1-git-send-email-wen.yang99@zte.com.cn>
Date: Wed, 13 Feb 2019 14:23:35 +0800
From: Wen Yang <wen.yang99@....com.cn>
To: Julia.Lawall@...6.fr
Cc: Gilles.Muller@...6.fr, nicolas.palix@...g.fr,
michal.lkml@...kovi.net, Markus.Elfring@....de,
xue.zhihong@....com.cn, wang.yi59@....com.cn,
Wen Yang <wen.yang99@....com.cn>,
Wen Yang <yellowriver2010@...mail.com>, cocci@...teme.lip6.fr,
linux-kernel@...r.kernel.org
Subject: [PATCH v3] coccinelle: semantic patch for missing put_device()
The of_find_device_by_node() takes a reference to the underlying device
structure, we should release that reference.
By using this semantic patch, we have found some object reference leaks,
such as:
commit 11907e9d3533 ("ASoC: fsl-asoc-card: fix object reference leaks in
fsl_asoc_card_probe")
commit a12085d13997 ("mtd: rawnand: atmel: fix possible object reference leak")
commit 11493f26856a ("mtd: rawnand: jz4780: fix possible object reference leak")
There are still dozens of reference leaks in the current kernel code.
Signed-off-by: Wen Yang <wen.yang99@....com.cn>
Reviewed-by: Julia Lawall <Julia.Lawall@...6.fr>
Reviewed-by: Markus Elfring <Markus.Elfring@....de>
Cc: Julia Lawall <Julia.Lawall@...6.fr>
Cc: Gilles Muller <Gilles.Muller@...6.fr>
Cc: Nicolas Palix <nicolas.palix@...g.fr>
Cc: Michal Marek <michal.lkml@...kovi.net>
Cc: Markus Elfring <Markus.Elfring@....de>
Cc: Wen Yang <yellowriver2010@...mail.com>
Cc: cocci@...teme.lip6.fr
Cc: linux-kernel@...r.kernel.org
---
v3->v2:
- reduction of a bit of redundant C code within SmPL search specifications.
- consider the message construction without using the extra Python variable “msg”
v2->v1:
- put exists after search, and then drop the when exists below.
- should not use the same e as in the when's below.
- Make a new type metavariable and use it to put a cast on the result of
platform_get_drvdata.
scripts/coccinelle/free/put_device.cocci | 52 ++++++++++++++++++++++++++++++++
1 file changed, 52 insertions(+)
create mode 100644 scripts/coccinelle/free/put_device.cocci
diff --git a/scripts/coccinelle/free/put_device.cocci b/scripts/coccinelle/free/put_device.cocci
new file mode 100644
index 0000000..9a94b8d
--- /dev/null
+++ b/scripts/coccinelle/free/put_device.cocci
@@ -0,0 +1,52 @@
+/// Find missing put_device for every of_find_device_by_node.
+///
+// Confidence: Moderate
+// Copyright: (C) 2018-2019 Wen Yang, ZTE. GPLv2.
+// Comments:
+// Options: --no-includes --include-headers
+
+virtual report
+virtual org
+
+@...rch exists@
+local idexpression id;
+expression x,e,e1,e2,e3,e4;
+position p1,p2;
+type T,T1,T2,T3;
+@@
+
+id = of_find_device_by_node@p1(x)
+... when != e = id
+if (id == NULL || ...) { ... return ...; }
+... when != put_device(&id->dev)
+ when != platform_device_put(id)
+ when != of_dev_put(id)
+ when != if (id) { ... put_device(&id->dev) ... }
+ when != e1 = (T)id
+ when != e2 = &id->dev
+ when != e3 = get_device(&id->dev)
+ when != e4 = (T1)platform_get_drvdata(id)
+(
+
+ return
+( id
+| (T2)dev_get_drvdata(&id->dev)
+| (T3)platform_get_drvdata(id)
+);
+| return@p2 ...;
+)
+
+@...ipt:python depends on report@
+p1 << search.p1;
+p2 << search.p2;
+@@
+
+coccilib.report.print_report(p2[0], "ERROR: missing put_device; of_find_device_by_node on line " + p1[0].line + " and return without releasing.")
+
+@...ipt:python depends on org@
+p1 << search.p1;
+p2 << search.p2;
+@@
+
+cocci.print_main("of_find_device_by_node", p1)
+cocci.print_secs("needed put_device", p2)
--
2.9.5
Powered by blists - more mailing lists