tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

PCI: introduce missing kfree

Error handling code following a kmalloc should free the allocated data.
Since the subsequent code that could provoke an error does not use the
allocated data, the allocation is just moved below it.

The semantic match that finds the problem is as follows:
(http://www.emn.fr/x-info/coccinelle/)

// <smpl>
@r exists@
local idexpression x;
statement S;
expression E;
identifier f,l;
position p1,p2;
expression *ptr != NULL;
@@

(
if ((x@p1 = \(kmalloc\|kzalloc\|kcalloc\)(...)) == NULL) S
|
x@p1 = \(kmalloc\|kzalloc\|kcalloc\)(...);
...
if (x == NULL) S
)
<... when != x
when != if (...) { <+...x...+> }
x->f = E
...>
(
return \(0\|<+...x...+>\|ptr\);
|
return@p2 ...;
)

@script:python@
p1 << r.p1;
p2 << r.p2;
@@

print "* file: %s kmalloc %s return %s" % (p1[0].file,p1[0].line,p2[0].line)
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>
Reviewed-by: Matthew Wilcox <willy@linux.intel.com>
Reviewed-by: Kenji Kaneshige <kaneshige.kenji@jp.fujitsu.com>
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>

authored by

Julia Lawall and committed by
Jesse Barnes 0b3e7388 1c35b8e5

+3 -2
+3 -2
drivers/pci/hotplug/pciehp_acpi.c
··· 79 79 struct slot *slot, *tmp; 80 80 struct pci_dev *pdev = dev->port; 81 81 struct pci_bus *pbus = pdev->subordinate; 82 - if (!(slot = kzalloc(sizeof(*slot), GFP_KERNEL))) 83 - return -ENOMEM; 84 82 /* Note: pciehp_detect_mode != PCIEHP_DETECT_ACPI here */ 85 83 if (pciehp_get_hp_hw_control_from_firmware(pdev)) 86 84 return -ENODEV; 87 85 if (!(pos = pci_find_capability(pdev, PCI_CAP_ID_EXP))) 88 86 return -ENODEV; 89 87 pci_read_config_dword(pdev, pos + PCI_EXP_SLTCAP, &slot_cap); 88 + slot = kzalloc(sizeof(*slot), GFP_KERNEL); 89 + if (!slot) 90 + return -ENOMEM; 90 91 slot->number = slot_cap >> 19; 91 92 list_for_each_entry(tmp, &dummy_slots, slot_list) { 92 93 if (tmp->number == slot->number)