Use kmemdup_user rather than duplicating its implementation
This is a little bit restricted to reduce false positives
Signed-off-by: Nicolas Palix <npalix@diku.dk>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Michal Marek <mmarek@suse.cz>
Use kmemdup rather than duplicating its implementation
Signed-off-by: Nicolas Palix <npalix@diku.dk>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Michal Marek <mmarek@suse.cz>
Use kstrdup rather than duplicating its implementation
Signed-off-by: Nicolas Palix <npalix@diku.dk>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Michal Marek <mmarek@suse.cz>
Find a use after free. Values of variables may imply that some
execution paths are not possible, resulting in false positives.
Another source of false positives are macros such as
SCTP_DBG_OBJCNT_DEC that do not actually evaluate their argument
Signed-off-by: Nicolas Palix <npalix@diku.dk>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Michal Marek <mmarek@suse.cz>
list_for_each_entry uses its first argument to get from one element of
the list to the next, so it is usually not a good idea to reassign it.
The first rule finds such a reassignment and the second rule checks
that there is a path from the reassignment back to the top of the loop.
Signed-off-by: Nicolas Palix <npalix@diku.dk>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Michal Marek <mmarek@suse.cz>
Many iterators have the property that the first argument is always bound
to a real list element, never NULL. False positives arise for some
iterators that do not have this property, or in cases when the loop
cursor is reassigned. The latter should only happen when the matched
code is on the way to a loop exit (break, goto, or return).
Signed-off-by: Nicolas Palix <npalix@diku.dk>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Michal Marek <mmarek@suse.cz>
for_each_node iterators only exit normally when the loop cursor is
NULL, so there is no point to call of_node_put on the final value.
Signed-off-by: Nicolas Palix <npalix@diku.dk>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Michal Marek <mmarek@suse.cz>
Find missing unlocks. This semantic match considers the specific case
where the unlock is missing from an if branch, and there is a lock
before the if and an unlock after the if. False positives are due to
cases where the if branch represents a case where the function is
supposed to exit with the lock held, or where there is some preceding
function call that releases the lock.
Signed-off-by: Nicolas Palix <npalix@diku.dk>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Michal Marek <mmarek@suse.cz>
Find double locks. False positives may occur when some paths cannot
occur at execution, due to the values of variables, and when there is
an intervening function call that releases the lock.
Signed-off-by: Nicolas Palix <npalix@diku.dk>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Michal Marek <mmarek@suse.cz>
Find functions that refer to GFP_KERNEL but are called with locks held.
The proposed change of converting the GFP_KERNEL is not necessarily the
correct one. It may be desired to unlock the lock, or to not call the
function under the lock in the first place.
Signed-off-by: Nicolas Palix <npalix@diku.dk>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Michal Marek <mmarek@suse.cz>
deref_null.cocci is moved to the 'null' directory
which contains other null related rules.
Signed-off-by: Nicolas Palix <npalix@diku.dk>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Michal Marek <mmarek@suse.cz>
This semantic patch looks for kmalloc etc that are not followed by a
NULL check. It only gives a report in the case where there is some
error handling code later in the function, which may be helpful
in determining what the error handling code for the call to kmalloc etc
should be.
Signed-off-by: Nicolas Palix <npalix@diku.dk>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Michal Marek <mmarek@suse.cz>
The various basic memory allocation functions don't return ERR_PTR
Signed-off-by: Nicolas Palix <npalix@diku.dk>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Michal Marek <mmarek@suse.cz>
This patch makes it possible to use the Coccinelle checker with the C
variable of the build system. To check only newly edited code, the
following command may be used:
'make C={1,2} CHECK="scripts/coccicheck"'
This runs every semantic patch in scripts/coccinelle by default. The
COCCI variable may additionally be used to only apply a single
semantic patch.
Signed-off-by: Nicolas Palix <npalix@diku.dk>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Michal Marek <mmarek@suse.cz>
Add a Coccinelle file to identify the dereferences of NULL variables
This semantic patch identifies when a variable is known to be NULL
after a test, but it is still dereferenced later.
Signed-off-by: Nicolas Palix <npalix@diku.dk>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Michal Marek <mmarek@suse.cz>
Add a Coccinelle file to use the ERR_CAST function
Before the release 2.6.25, one had to use ERR_PTR(PTR_ERR(...)) to
convert the pointer type of an error. Since then, the function
ERR_CAST has been available for that purpose.
Signed-off-by: Nicolas Palix <npalix@diku.dk>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Michal Marek <mmarek@suse.cz>
This semantic patch replaces explicit computations
of resource size by a call to resource_size.
Signed-off-by: Nicolas Palix <npalix@diku.dk>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Michal Marek <mmarek@suse.cz>
This semantic patch replaces a pair of calls to kmalloc and memset
by a single call to kzalloc.
It only looks for simple cases to avoid false positives.
Signed-off-by: Nicolas Palix <npalix@diku.dk>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Michal Marek <mmarek@suse.cz>
The purpose of this semantic patch is to remove
useless casts, as mentioned in the Linux documentation.
See Chapter 14 in Documentation/CodingStyle for more information.
Signed-off-by: Nicolas Palix <npalix@diku.dk>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Michal Marek <mmarek@suse.cz>
A 'coccicheck' target is added. It can be called with four different
modes. Each one generates a different kind of output, i.e. context,
patch, org, report, according to the corresponding mode to be
activated.
The new target calls the 'coccicheck' front-end in the 'scripts'
directory with the MODE argument. Every SmPL file in the
subdirectories of 'scripts/coccinelle' is then given to the front-end
and applied to the entire source tree.
The four modes behave as follows:
'report' generates a list in the following format:
file:line:column-column: message
'patch' proposes a fix, when possible.
'context' highlights lines of interest and their context in a
diff-like style. Lines of interest are indicated with '-'.
'org' generates a report in the Org mode format of Emacs.
Signed-off-by: Nicolas Palix <npalix@diku.dk>
Signed-off-by: Julia Lawall <julia@diku.dk>
Acked-by: Sam Ravnborg <sam@ravnborg.org>
Acked-by: Joerg Roedel <joerg.roedel@amd.com>
Signed-off-by: Michal Marek <mmarek@suse.cz>
Remove bashisms to make scripts/decodecode work with other shells.
Signed-off-by: Rabin Vincent <rabin@rab.in>
Reviewed-by: WANG Cong <xiyou.wangcong@gmail.com>
Signed-off-by: Michal Marek <mmarek@suse.cz>
Quite a few Kconfig symbols contain lowercase letters. The current
checkkconfigsymbols.sh code only contains A-Z in the regexp it uses to
find config symbols in source code, so it comes up with the wrong symbol
to look for in Kconfig files and then generates false positives when it
doesn't find that wrong symbol. For example checking drivers/net
generates a false positive for MAC89 because the the actual config
option is MAC89x0.
Fix this by also adding a-z to the regexp.
Signed-off-by: Roland Dreier <rolandd@cisco.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Michal Marek <mmarek@suse.cz>
