0001 // SPDX-License-Identifier: GPL-2.0-only
0002 ///
0003 /// Check that kvmalloc'ed memory is freed by kfree functions,
0004 /// vmalloc'ed by vfree functions and kvmalloc'ed by kvfree
0005 /// functions.
0006 ///
0007 // Confidence: High
0008 // Copyright: (C) 2020 Denis Efremov ISPRAS
0009 // Options: --no-includes --include-headers
0010 //
0011
0012 virtual patch
0013 virtual report
0014 virtual org
0015 virtual context
0016
0017 @alloc@
0018 expression E, E1;
0019 position kok, vok;
0020 @@
0021
0022 (
0023 if (...) {
0024 ...
0025 E = \(kmalloc\|kzalloc\|krealloc\|kcalloc\|
0026 kmalloc_node\|kzalloc_node\|kmalloc_array\|
0027 kmalloc_array_node\|kcalloc_node\)(...)@kok
0028 ...
0029 } else {
0030 ...
0031 E = \(vmalloc\|vzalloc\|vmalloc_user\|vmalloc_node\|
0032 vzalloc_node\|vmalloc_exec\|vmalloc_32\|
0033 vmalloc_32_user\|__vmalloc\|__vmalloc_node_range\|
0034 __vmalloc_node\)(...)@vok
0035 ...
0036 }
0037 |
0038 E = \(kmalloc\|kzalloc\|krealloc\|kcalloc\|kmalloc_node\|kzalloc_node\|
0039 kmalloc_array\|kmalloc_array_node\|kcalloc_node\)(...)@kok
0040 ... when != E = E1
0041 when any
0042 if (E == NULL) {
0043 ...
0044 E = \(vmalloc\|vzalloc\|vmalloc_user\|vmalloc_node\|
0045 vzalloc_node\|vmalloc_exec\|vmalloc_32\|
0046 vmalloc_32_user\|__vmalloc\|__vmalloc_node_range\|
0047 __vmalloc_node\)(...)@vok
0048 ...
0049 }
0050 )
0051
0052 @free@
0053 expression E;
0054 position fok;
0055 @@
0056
0057 E = \(kvmalloc\|kvzalloc\|kvcalloc\|kvzalloc_node\|kvmalloc_node\|
0058 kvmalloc_array\)(...)
0059 ...
0060 kvfree(E)@fok
0061
0062 @vfree depends on !patch@
0063 expression E;
0064 position a != alloc.kok;
0065 position f != free.fok;
0066 @@
0067
0068 * E = \(kmalloc\|kzalloc\|krealloc\|kcalloc\|kmalloc_node\|
0069 * kzalloc_node\|kmalloc_array\|kmalloc_array_node\|
0070 * kcalloc_node\)(...)@a
0071 ... when != if (...) { ... E = \(vmalloc\|vzalloc\|vmalloc_user\|vmalloc_node\|vzalloc_node\|vmalloc_exec\|vmalloc_32\|vmalloc_32_user\|__vmalloc\|__vmalloc_node_range\|__vmalloc_node\)(...); ... }
0072 when != is_vmalloc_addr(E)
0073 when any
0074 * \(vfree\|vfree_atomic\|kvfree\)(E)@f
0075
0076 @depends on patch exists@
0077 expression E;
0078 position a != alloc.kok;
0079 position f != free.fok;
0080 @@
0081
0082 E = \(kmalloc\|kzalloc\|krealloc\|kcalloc\|kmalloc_node\|
0083 kzalloc_node\|kmalloc_array\|kmalloc_array_node\|
0084 kcalloc_node\)(...)@a
0085 ... when != if (...) { ... E = \(vmalloc\|vzalloc\|vmalloc_user\|vmalloc_node\|vzalloc_node\|vmalloc_exec\|vmalloc_32\|vmalloc_32_user\|__vmalloc\|__vmalloc_node_range\|__vmalloc_node\)(...); ... }
0086 when != is_vmalloc_addr(E)
0087 when any
0088 - \(vfree\|vfree_atomic\|kvfree\)(E)@f
0089 + kfree(E)
0090
0091 @kfree depends on !patch@
0092 expression E;
0093 position a != alloc.vok;
0094 position f != free.fok;
0095 @@
0096
0097 * E = \(vmalloc\|vzalloc\|vmalloc_user\|vmalloc_node\|vzalloc_node\|
0098 * vmalloc_exec\|vmalloc_32\|vmalloc_32_user\|__vmalloc\|
0099 * __vmalloc_node_range\|__vmalloc_node\)(...)@a
0100 ... when != is_vmalloc_addr(E)
0101 when any
0102 * \(kfree\|kfree_sensitive\|kvfree\)(E)@f
0103
0104 @depends on patch exists@
0105 expression E;
0106 position a != alloc.vok;
0107 position f != free.fok;
0108 @@
0109
0110 E = \(vmalloc\|vzalloc\|vmalloc_user\|vmalloc_node\|vzalloc_node\|
0111 vmalloc_exec\|vmalloc_32\|vmalloc_32_user\|__vmalloc\|
0112 __vmalloc_node_range\|__vmalloc_node\)(...)@a
0113 ... when != is_vmalloc_addr(E)
0114 when any
0115 - \(kfree\|kvfree\)(E)@f
0116 + vfree(E)
0117
0118 @kvfree depends on !patch@
0119 expression E;
0120 position a, f;
0121 @@
0122
0123 * E = \(kvmalloc\|kvzalloc\|kvcalloc\|kvzalloc_node\|kvmalloc_node\|
0124 * kvmalloc_array\)(...)@a
0125 ... when != is_vmalloc_addr(E)
0126 when any
0127 * \(kfree\|kfree_sensitive\|vfree\|vfree_atomic\)(E)@f
0128
0129 @depends on patch exists@
0130 expression E;
0131 @@
0132
0133 E = \(kvmalloc\|kvzalloc\|kvcalloc\|kvzalloc_node\|kvmalloc_node\|
0134 kvmalloc_array\)(...)
0135 ... when != is_vmalloc_addr(E)
0136 when any
0137 - \(kfree\|vfree\)(E)
0138 + kvfree(E)
0139
0140 @kvfree_switch depends on !patch@
0141 expression alloc.E;
0142 position f;
0143 @@
0144
0145 ... when != is_vmalloc_addr(E)
0146 when any
0147 * \(kfree\|kfree_sensitive\|vfree\|vfree_atomic\)(E)@f
0148
0149 @depends on patch exists@
0150 expression alloc.E;
0151 position f;
0152 @@
0153
0154 ... when != is_vmalloc_addr(E)
0155 when any
0156 (
0157 - \(kfree\|vfree\)(E)@f
0158 + kvfree(E)
0159 |
0160 - kfree_sensitive(E)@f
0161 + kvfree_sensitive(E)
0162 )
0163
0164 @script: python depends on report@
0165 a << vfree.a;
0166 f << vfree.f;
0167 @@
0168
0169 msg = "WARNING kmalloc is used to allocate this memory at line %s" % (a[0].line)
0170 coccilib.report.print_report(f[0], msg)
0171
0172 @script: python depends on org@
0173 a << vfree.a;
0174 f << vfree.f;
0175 @@
0176
0177 msg = "WARNING kmalloc is used to allocate this memory at line %s" % (a[0].line)
0178 coccilib.org.print_todo(f[0], msg)
0179
0180 @script: python depends on report@
0181 a << kfree.a;
0182 f << kfree.f;
0183 @@
0184
0185 msg = "WARNING vmalloc is used to allocate this memory at line %s" % (a[0].line)
0186 coccilib.report.print_report(f[0], msg)
0187
0188 @script: python depends on org@
0189 a << kfree.a;
0190 f << kfree.f;
0191 @@
0192
0193 msg = "WARNING vmalloc is used to allocate this memory at line %s" % (a[0].line)
0194 coccilib.org.print_todo(f[0], msg)
0195
0196 @script: python depends on report@
0197 a << kvfree.a;
0198 f << kvfree.f;
0199 @@
0200
0201 msg = "WARNING kvmalloc is used to allocate this memory at line %s" % (a[0].line)
0202 coccilib.report.print_report(f[0], msg)
0203
0204 @script: python depends on org@
0205 a << kvfree.a;
0206 f << kvfree.f;
0207 @@
0208
0209 msg = "WARNING kvmalloc is used to allocate this memory at line %s" % (a[0].line)
0210 coccilib.org.print_todo(f[0], msg)
0211
0212 @script: python depends on report@
0213 ka << alloc.kok;
0214 va << alloc.vok;
0215 f << kvfree_switch.f;
0216 @@
0217
0218 msg = "WARNING kmalloc (line %s) && vmalloc (line %s) are used to allocate this memory" % (ka[0].line, va[0].line)
0219 coccilib.report.print_report(f[0], msg)
0220
0221 @script: python depends on org@
0222 ka << alloc.kok;
0223 va << alloc.vok;
0224 f << kvfree_switch.f;
0225 @@
0226
0227 msg = "WARNING kmalloc (line %s) && vmalloc (line %s) are used to allocate this memory" % (ka[0].line, va[0].line)
0228 coccilib.org.print_todo(f[0], msg)
