lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sun, 17 Mar 2019 12:54:31 +0900
From:   Masahiro Yamada <yamada.masahiro@...ionext.com>
To:     Wen Yang <wen.yang99@....com.cn>
Cc:     Julia Lawall <Julia.Lawall@...6.fr>,
        Gilles Muller <Gilles.Muller@...6.fr>,
        Nicolas Palix <nicolas.palix@...g.fr>,
        Michal Marek <michal.lkml@...kovi.net>, Markus.Elfring@....de,
        wang.yi59@....com.cn, Wen Yang <yellowriver2010@...mail.com>,
        cheng.shengyu@....com.cn, cocci@...teme.lip6.fr,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v5] coccinelle: semantic code search for missing put_device()

On Sat, Feb 16, 2019 at 12:35 AM Wen Yang <wen.yang99@....com.cn> wrote:
>
> The of_find_device_by_node() takes a reference to the underlying device
> structure, we should release that reference.
> The implementation of this semantic code search is:
> In a function, for a local variable returned by calling
> of_find_device_by_node(),
> a, if it is released by a function such as
>    put_device()/of_dev_put()/platform_device_put() after the last use,
>    it is considered that there is no reference leak;
> b, if it is passed back to the caller via
>    dev_get_drvdata()/platform_get_drvdata()/get_device(), etc., the
>    reference will be released in other functions, and the current function
>    also considers that there is no reference leak;
> c, for the rest of the situation, the current function should release the
>    reference by calling put_device, this code search will report the
>    corresponding error message.
>
> By using this semantic code search, we have found some object reference leaks,
> such as:
> commit 11907e9d3533 ("ASoC: fsl-asoc-card: fix object reference leaks in
> fsl_asoc_card_probe")
> commit a12085d13997 ("mtd: rawnand: atmel: fix possible object reference leak")
> commit 11493f26856a ("mtd: rawnand: jz4780: fix possible object reference leak")
>
> There are still dozens of reference leaks in the current kernel code.
>
> Further, for the case of b, the object returned to other functions may also
> have a reference leak, we will continue to develop other cocci scripts to
> further check the reference leak.
>
> Signed-off-by: Wen Yang <wen.yang99@....com.cn>
> Reviewed-by: Julia Lawall <Julia.Lawall@...6.fr>
> Reviewed-by: Markus Elfring <Markus.Elfring@....de>
> Cc: Julia Lawall <Julia.Lawall@...6.fr>
> Cc: Gilles Muller <Gilles.Muller@...6.fr>
> Cc: Nicolas Palix <nicolas.palix@...g.fr>
> Cc: Michal Marek <michal.lkml@...kovi.net>
> Cc: Markus Elfring <Markus.Elfring@....de>
> Cc: Masahiro Yamada <yamada.masahiro@...ionext.com>
> Cc: Wen Yang <yellowriver2010@...mail.com>
> Cc: cheng.shengyu@....com.cn
> Cc: cocci@...teme.lip6.fr
> Cc: linux-kernel@...r.kernel.org


Applied to linux-kbuild. Thanks.



> ---
> v5->v4:
> - exchange the word “patch” by “code search”
> - add a SPDX identifierfix
> - a split string literal can be unwanted.
> - Change the content of the reported information.
> v4->v3:
> - add Masahiro Yamada
> - omit a blank line
> - split the long message parameter
> - reduce the number of metavariables
> - Describe the implementation of the semantic patch,
>   explain the scenarios it can detect,
>   and further software development considerations.
> v3->v2:
> - reduction of a bit of redundant C code within SmPL search specifications.
> - consider the message construction without using the extra Python variable “msg”
> v2->v1:
> - put exists after search, and then drop the when exists below.
> - should not use the same e as in the when's below.
> - Make a new type metavariable and use it to put a cast on the result of
>   platform_get_drvdata.
>
>  scripts/coccinelle/free/put_device.cocci | 56 ++++++++++++++++++++++++++++++++
>  1 file changed, 56 insertions(+)
>  create mode 100644 scripts/coccinelle/free/put_device.cocci
>
> diff --git a/scripts/coccinelle/free/put_device.cocci b/scripts/coccinelle/free/put_device.cocci
> new file mode 100644
> index 0000000..7395697
> --- /dev/null
> +++ b/scripts/coccinelle/free/put_device.cocci
> @@ -0,0 +1,56 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/// Find missing put_device for every of_find_device_by_node.
> +///
> +// Confidence: Moderate
> +// Copyright: (C) 2018-2019 Wen Yang, ZTE.
> +// Comments:
> +// Options: --no-includes --include-headers
> +
> +virtual report
> +virtual org
> +
> +@...rch exists@
> +local idexpression id;
> +expression x,e,e1;
> +position p1,p2;
> +type T,T1,T2,T3;
> +@@
> +
> +id = of_find_device_by_node@p1(x)
> +... when != e = id
> +if (id == NULL || ...) { ... return ...; }
> +... when != put_device(&id->dev)
> +    when != platform_device_put(id)
> +    when != of_dev_put(id)
> +    when != if (id) { ... put_device(&id->dev) ... }
> +    when != e1 = (T)id
> +    when != e1 = &id->dev
> +    when != e1 = get_device(&id->dev)
> +    when != e1 = (T1)platform_get_drvdata(id)
> +(
> +  return
> +(    id
> +|    (T2)dev_get_drvdata(&id->dev)
> +|    (T3)platform_get_drvdata(id)
> +);
> +| return@p2 ...;
> +)
> +
> +@...ipt:python depends on report@
> +p1 << search.p1;
> +p2 << search.p2;
> +@@
> +
> +coccilib.report.print_report(p2[0], "ERROR: missing put_device; "
> +                             + "call of_find_device_by_node on line "
> +                             + p1[0].line
> +                             + ", but without a corresponding object release "
> +                             + "within this function.")
> +
> +@...ipt:python depends on org@
> +p1 << search.p1;
> +p2 << search.p2;
> +@@
> +
> +cocci.print_main("of_find_device_by_node", p1)
> +cocci.print_secs("needed put_device", p2)
> --
> 2.9.5
>


-- 
Best Regards
Masahiro Yamada

Powered by blists - more mailing lists