search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
db/fixup_kernel.sh: fix clear_user() handling
[smatch.git] / check_freeing_devm.c
blobb77cdd25769faa9333c2a55a180955c8c5346808
1 /*
2 * Copyright (C) 2013 Oracle.
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version 2
7 * of the License, or (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
16 */
17
18 #include "smatch.h"
19
20 STATE(devm);
21
22 static int my_id;
23
24 static void match_assign(const char *fn, struct expression *expr, void *unused)
25 {
26 set_state_expr(my_id, expr->left, &devm);
27 }
28
29 static void match_allocation(struct expression *expr,
30 const char *name, struct symbol *sym,
31 struct allocation_info *info)
32 {
33 /*
34 * Only handle devm_ memory allocator
35 */
36 if (strncmp(info->fn_name, "devm_", 5) == 0)
37 match_assign(name, expr, NULL);
38 }
39
40 /*
41 * This hook deals with things like:
42 * ptr = devm_kmalloc(...);
43 * if (!ptr)
44 * return -ENOMEM;
45 * another_val = ptr; <==
46 */
47 static void match_reassign(struct expression *expr)
48 {
49 struct expression *left, *right;
50
51 if (expr->op != '=')
52 return;
53
54 right = strip_expr(expr->right);
55 if (!get_state_expr(my_id, right))
56 return;
57
58 left = strip_expr(expr->left);
59
60 set_state_expr(my_id, left, &devm);
61 }
62
63 static void match_free_func(const char *fn, struct expression *expr, void *_arg)
64 {
65 struct expression *arg_expr;
66 int arg = PTR_INT(_arg);
67 char *name;
68
69 arg_expr = get_argument_from_call_expr(expr->args, arg);
70 if (!get_state_expr(my_id, arg_expr))
71 return;
72 name = expr_to_str(arg_expr);
73 sm_warning("passing devm_ allocated variable to %s. '%s'", fn, name);
74 free_string(name);
75 }
76
77 static void register_funcs_from_file(void)
78 {
79 struct token *token;
80 const char *func;
81 int arg;
82
83 token = get_tokens_file("kernel.frees_argument");
84 if (!token)
85 return;
86 if (token_type(token) != TOKEN_STREAMBEGIN)
87 return;
88 token = token->next;
89 while (token_type(token) != TOKEN_STREAMEND) {
90 if (token_type(token) != TOKEN_IDENT)
91 return;
92 func = show_ident(token->ident);
93 token = token->next;
94 if (token_type(token) != TOKEN_NUMBER)
95 return;
96 arg = atoi(token->number);
97 add_function_hook(func, &match_free_func, INT_PTR(arg));
98 token = token->next;
99 }
100 clear_token_alloc();
101 }
102
103 void check_freeing_devm(int id)
104 {
105 if (option_project != PROJ_KERNEL)
106 return;
107
108 my_id = id;
109
110 /*
111 * We register all allocation functions, but only devm_ will be handled
112 * in match_allocation()
113 */
114 add_allocation_hook(&match_allocation);
115
116 add_function_assign_hook("devm_kstrdup", &match_assign, NULL);
117 add_function_assign_hook("devm_kasprintf", &match_assign, NULL);
118 add_function_assign_hook("devm_kvasprintf", &match_assign, NULL);
119
120 add_function_hook("kfree", &match_free_func, INT_PTR(0));
121 add_function_hook("krealloc", &match_free_func, INT_PTR(0));
122 register_funcs_from_file();
123
124 add_hook(&match_reassign, ASSIGNMENT_HOOK);
125 }
Static analysis for C