Le 11/05/2021 à 11:52, Wei Liu a écrit :
Before commit cdfa835c6e5e, the 'vfree' were done unconditionally
in 'hv_uio_cleanup()'.
So, another way for fixing the potential leak is to modify
'hv_uio_cleanup()' and revert to the previous behavior.
I think this is cleaner.
Agreed
Stephen, you authored cdfa835c6e5e. What do you think?
Christophe, OOI how did you discover these issues?
I use an ugly coccinelle script which tries to spot functions called in
the .remove function of a driver, but which is not in the error handling
path of the .probe
It is way to verbose and gives too much false positive, but I manage to
spot a few things with it.
Here it is, should it be useful for someone, or if anyone want to
improve it.
The idea is:
- find the probe and remove function
- find a function (f1) which is not the first of the remove function
(the first is likely the last in the probe that doesn't need to be
undone in the probe error handling path)
- try to filter with likely false positive pattern
- search in the probe if this function is also called
- if not, then it is a candidate.
CJ
---------------------------------
// Find the probe and remove functions
@platform@
identifier type, p, probefn, removefn;
@@
struct type p = {
.probe = probefn,
.remove = removefn,
};
// In the remove function, find a function that is called
@rem depends on platform@
identifier platform.removefn, firstFct, lastFct;
identifier f1 !~
"(pr_.*|dev_.*|cancel_work.*|cancel_delayed_work.*|tasklet_kill|list_del|.*unregister.*|.*deregister.*|spin_.*|flush_.*|pm_runtime_.*)";
@@
removefn(...) {
(
<+...
firstFct(...);
f1(...);
...+>
|
<+...
fXXX1(...);
lastFct(...);
...+>
)
}
// Check if this function is also called in the probe error path
@prb depends on rem@
identifier platform.probefn, platform.removefn, rem.f1;
@@
probefn(...) {
(
<+...
f1(...);
...+>
|
<+...
removefn(...);
...+>
)
}
// If not, this function is likely missing from the probe error path
@prb3 depends on !prb@
identifier platform.removefn, rem.f1;
@@
*removefn(...) {
<+...
* f1(...);
...+>
}