2 * sparse/check_locking.c
4 * Copyright (C) 2009 Dan Carpenter.
6 * Licensed under the Open Software License version 1.1
11 * For this test let's look for functions that return a negative value
12 * with a spinlock held.
14 * One short coming is that it assumes a function isn't supposed
15 * to return negative with a lock held. Perhaps the function was
16 * called with the lock held. A more complicated script could check that.
22 #include "smatch_slist.h"
24 static const char *lock_funcs
[] = {
30 "_spin_lock_irqsave_nested",
37 "_write_lock_irqsave",
44 static const char *unlock_funcs
[] = {
46 "_spin_unlock_irqrestore",
51 "_read_unlock_irqrestore",
55 "_write_unlock_irqrestore",
67 static struct locked_call lock_needed
[] = {
68 {"tty_ldisc_ref_wait", "tty_ldisc_lock"},
77 * merge_func() can go away when we fix the core to just store all the possible
80 * The parameters are passed in alphabetical order with NULL at the beginning
81 * of the alphabet. (s2 is never NULL).
84 static struct smatch_state
*merge_func(const char *name
, struct symbol
*sym
,
85 struct smatch_state
*s1
,
86 struct smatch_state
*s2
)
94 static char *match_lock_func(char *fn_name
, struct expression_list
*args
)
96 struct expression
*lock_expr
;
99 for (i
= 0; lock_funcs
[i
]; i
++) {
100 if (!strcmp(fn_name
, lock_funcs
[i
])) {
101 lock_expr
= get_argument_from_call_expr(args
, 0);
102 return get_variable_from_expr(lock_expr
, NULL
);
105 if (!strcmp(fn_name
, "lock_kernel"))
110 static char *match_unlock_func(char *fn_name
, struct expression_list
*args
)
112 struct expression
*lock_expr
;
115 for (i
= 0; unlock_funcs
[i
]; i
++) {
116 if (!strcmp(fn_name
, unlock_funcs
[i
])) {
117 lock_expr
= get_argument_from_call_expr(args
, 0);
118 return get_variable_from_expr(lock_expr
, NULL
);
121 if (!strcmp(fn_name
, "unlock_kernel"))
126 static void check_locks_needed(const char *fn_name
)
128 struct smatch_state
*state
;
131 for (i
= 0; i
< sizeof(lock_needed
)/sizeof(struct locked_call
); i
++) {
132 if (!strcmp(fn_name
, lock_needed
[i
].function
)) {
133 state
= get_state(lock_needed
[i
].lock
, my_id
, NULL
);
134 if (state
!= &locked
) {
135 smatch_msg("%s called without holding %s lock",
136 lock_needed
[i
].function
,
137 lock_needed
[i
].lock
);
143 static void match_call(struct expression
*expr
)
148 fn_name
= get_variable_from_expr(expr
->fn
, NULL
);
152 if ((lock_name
= match_lock_func(fn_name
, expr
->args
)))
153 set_state(lock_name
, my_id
, NULL
, &locked
);
154 else if ((lock_name
= match_unlock_func(fn_name
, expr
->args
)))
155 set_state(lock_name
, my_id
, NULL
, &unlocked
);
157 check_locks_needed(fn_name
);
158 free_string(fn_name
);
162 static void match_condition(struct expression
*expr
)
164 /* __raw_spin_is_locked */
167 static int possibly_negative(struct expression
*expr
)
171 struct state_list
*slist
;
172 struct sm_state
*tmp
;
174 name
= get_variable_from_expr(expr
, &sym
);
177 slist
= get_possible_states(name
, SMATCH_EXTRA
, sym
);
178 FOR_EACH_PTR(slist
, tmp
) {
181 if (tmp
->state
->data
)
182 value
= *(int *)tmp
->state
->data
;
187 } END_FOR_EACH_PTR(tmp
);
191 static void match_return(struct statement
*stmt
)
194 struct state_list
*slist
;
195 struct sm_state
*tmp
;
197 ret_val
= get_value(stmt
->ret_value
);
201 if (ret_val
== UNDEFINED
) {
202 if (!possibly_negative(stmt
->ret_value
))
206 slist
= get_all_states(my_id
);
207 FOR_EACH_PTR(slist
, tmp
) {
208 if (tmp
->state
!= &unlocked
)
209 smatch_msg("returned negative with %s lock held",
211 } END_FOR_EACH_PTR(tmp
);
214 void register_locking(int id
)
217 add_merge_hook(my_id
, &merge_func
);
218 add_hook(&match_call
, FUNCTION_CALL_HOOK
);
219 add_hook(&match_return
, RETURN_HOOK
);