* [KJ] [PATCH] [KERNEL] check kmalloc return value + error path leak
@ 2007-03-18 23:18 Amit Choudhary
2007-03-19 4:33 ` Amit Choudhary
0 siblings, 1 reply; 2+ messages in thread
From: Amit Choudhary @ 2007-03-18 23:18 UTC (permalink / raw)
To: kernel-janitors
[-- Attachment #1: Type: text/plain, Size: 14187 bytes --]
Hi All,
I have conlcuded going through the entire kernel and looking for places where kmalloc return value was not checked. In the process, I also found some error path leaks. It was heartening to see that the return value of kmalloc was checked everywhere in the kernel except at some 30 odd places. There might be a couple of places that I might have missed.
But I believe that many error path leaks still exist in the system.
There are 8 files remaining where kmalloc return value is not checked. I did not have compilers for these architectures so I didn't fix them. Also, I believe some of these are non-issues as it looks like they happen very early in the boot cycle, and if no memory is available at that time, then the system is not going to work anyway.
I am listing the files here and also attaching the relevant misbehaving code so that someone working on that platform can fix these.
I had written a perl program to check whether the return value of kmalloc is being checked or not. I am attaching that program too. I do not think it is perfect but am just attaching it, in case someone finds it useful. I had used some manual effort too.
The name of the attached perl file is findkmalloc.pl (http://www.geocities.com/amit2030/findkmalloc.pl.txt).
The name of the attached offending files code is check_kmalloc.txt. I am also including the code in the body of this mail.
The offending files (no check for kmalloc return values + error path leaks where they check) are:
--------------------------------------
arch/powerpc/kernel/ibmebus.c
arch/ppc/8260_io/fcc_enet.c
arch/cris/arch-v32/mm/intmem.c
drivers/net/sb1250-mac.c
drivers/atm/he.c
drivers/s390/scsi/zfcp_aux.c
arch/powerpc/platforms/iseries/iommu.c
arch/ppc/syslib/ppc85xx_rio.c
--------------------------------------
--
drivers/s390/scsi/zfcp_aux.c- */
drivers/s390/scsi/zfcp_aux.c-static int
drivers/s390/scsi/zfcp_aux.c-zfcp_allocate_low_mem_buffers(struct zfcp_adapter *adapter)
drivers/s390/scsi/zfcp_aux.c-{
drivers/s390/scsi/zfcp_aux.c- adapter->pool.fsf_req_erp =
drivers/s390/scsi/zfcp_aux.c: mempool_create_kmalloc_pool(ZFCP_POOL_FSF_REQ_ERP_NR,
drivers/s390/scsi/zfcp_aux.c- sizeof(struct zfcp_fsf_req_pool_element));
drivers/s390/scsi/zfcp_aux.c- if (!adapter->pool.fsf_req_erp)
drivers/s390/scsi/zfcp_aux.c- return -ENOMEM;
drivers/s390/scsi/zfcp_aux.c-
drivers/s390/scsi/zfcp_aux.c- adapter->pool.fsf_req_scsi =
drivers/s390/scsi/zfcp_aux.c: mempool_create_kmalloc_pool(ZFCP_POOL_FSF_REQ_SCSI_NR,
drivers/s390/scsi/zfcp_aux.c- sizeof(struct zfcp_fsf_req_pool_element));
drivers/s390/scsi/zfcp_aux.c- if (!adapter->pool.fsf_req_scsi)
drivers/s390/scsi/zfcp_aux.c- return -ENOMEM;
drivers/s390/scsi/zfcp_aux.c-
drivers/s390/scsi/zfcp_aux.c- adapter->pool.fsf_req_abort =
drivers/s390/scsi/zfcp_aux.c: mempool_create_kmalloc_pool(ZFCP_POOL_FSF_REQ_ABORT_NR,
drivers/s390/scsi/zfcp_aux.c- sizeof(struct zfcp_fsf_req_pool_element));
drivers/s390/scsi/zfcp_aux.c- if (!adapter->pool.fsf_req_abort)
drivers/s390/scsi/zfcp_aux.c- return -ENOMEM;
drivers/s390/scsi/zfcp_aux.c-
drivers/s390/scsi/zfcp_aux.c- adapter->pool.fsf_req_status_read =
drivers/s390/scsi/zfcp_aux.c: mempool_create_kmalloc_pool(ZFCP_POOL_STATUS_READ_NR,
drivers/s390/scsi/zfcp_aux.c- sizeof(struct zfcp_fsf_req));
drivers/s390/scsi/zfcp_aux.c- if (!adapter->pool.fsf_req_status_read)
drivers/s390/scsi/zfcp_aux.c- return -ENOMEM;
drivers/s390/scsi/zfcp_aux.c-
drivers/s390/scsi/zfcp_aux.c- adapter->pool.data_status_read =
drivers/s390/scsi/zfcp_aux.c: mempool_create_kmalloc_pool(ZFCP_POOL_STATUS_READ_NR,
drivers/s390/scsi/zfcp_aux.c- sizeof(struct fsf_status_read_buffer));
drivers/s390/scsi/zfcp_aux.c- if (!adapter->pool.data_status_read)
drivers/s390/scsi/zfcp_aux.c- return -ENOMEM;
drivers/s390/scsi/zfcp_aux.c-
drivers/s390/scsi/zfcp_aux.c- adapter->pool.data_gid_pn =
drivers/s390/scsi/zfcp_aux.c: mempool_create_kmalloc_pool(ZFCP_POOL_DATA_GID_PN_NR,
drivers/s390/scsi/zfcp_aux.c- sizeof(struct zfcp_gid_pn_data));
drivers/s390/scsi/zfcp_aux.c- if (!adapter->pool.data_gid_pn)
drivers/s390/scsi/zfcp_aux.c- return -ENOMEM;
drivers/s390/scsi/zfcp_aux.c-
drivers/s390/scsi/zfcp_aux.c- return 0;
--
arch/powerpc/platforms/iseries/iommu.c-void iommu_devnode_init_iSeries(struct device_node *dn)
arch/powerpc/platforms/iseries/iommu.c-{
arch/powerpc/platforms/iseries/iommu.c- struct iommu_table *tbl;
arch/powerpc/platforms/iseries/iommu.c- struct pci_dn *pdn = PCI_DN(dn);
arch/powerpc/platforms/iseries/iommu.c-
arch/powerpc/platforms/iseries/iommu.c: tbl = kmalloc(sizeof(struct iommu_table), GFP_KERNEL);
arch/powerpc/platforms/iseries/iommu.c-
arch/powerpc/platforms/iseries/iommu.c- iommu_table_getparms_iSeries(pdn->busno, pdn->LogicalSlot, 0, tbl);
arch/powerpc/platforms/iseries/iommu.c-
arch/powerpc/platforms/iseries/iommu.c- /* Look for existing tce table */
arch/powerpc/platforms/iseries/iommu.c- pdn->iommu_table = iommu_table_find(tbl);
--
arch/powerpc/platforms/pseries/iommu.c- * space.
arch/powerpc/platforms/pseries/iommu.c- */
arch/powerpc/platforms/pseries/iommu.c- pci->phb->dma_window_size = 0x8000000ul;
arch/powerpc/platforms/pseries/iommu.c- pci->phb->dma_window_base_cur = 0x8000000ul;
arch/powerpc/platforms/pseries/iommu.c-
arch/powerpc/platforms/pseries/iommu.c: tbl = kmalloc(sizeof(struct iommu_table), GFP_KERNEL);
arch/powerpc/platforms/pseries/iommu.c-
arch/powerpc/platforms/pseries/iommu.c- iommu_table_setparms(pci->phb, dn, tbl);
arch/powerpc/platforms/pseries/iommu.c- pci->iommu_table = iommu_init_table(tbl);
arch/powerpc/platforms/pseries/iommu.c-
arch/powerpc/platforms/pseries/iommu.c- /* Divide the rest (1.75GB) among the children */
--
arch/powerpc/platforms/pseries/iommu.c- * Do it now because iommu_table_setparms_lpar needs it.
arch/powerpc/platforms/pseries/iommu.c- */
arch/powerpc/platforms/pseries/iommu.c-
arch/powerpc/platforms/pseries/iommu.c- ppci->bussubno = bus->number;
arch/powerpc/platforms/pseries/iommu.c-
arch/powerpc/platforms/pseries/iommu.c: tbl = (struct iommu_table *)kmalloc(sizeof(struct iommu_table),
arch/powerpc/platforms/pseries/iommu.c- GFP_KERNEL);
arch/powerpc/platforms/pseries/iommu.c-
arch/powerpc/platforms/pseries/iommu.c- iommu_table_setparms_lpar(ppci->phb, pdn, tbl, dma_window);
arch/powerpc/platforms/pseries/iommu.c-
arch/powerpc/platforms/pseries/iommu.c- ppci->iommu_table = iommu_init_table(tbl);
--
arch/powerpc/platforms/pseries/iommu.c- * an iommu table ourselves. The bus setup code should have setup
arch/powerpc/platforms/pseries/iommu.c- * the window sizes already.
arch/powerpc/platforms/pseries/iommu.c- */
arch/powerpc/platforms/pseries/iommu.c- if (!dev->bus->self) {
arch/powerpc/platforms/pseries/iommu.c- DBG(" --> first child, no bridge. Allocating iommu table.\n");
arch/powerpc/platforms/pseries/iommu.c: tbl = kmalloc(sizeof(struct iommu_table), GFP_KERNEL);
arch/powerpc/platforms/pseries/iommu.c- iommu_table_setparms(PCI_DN(dn)->phb, dn, tbl);
arch/powerpc/platforms/pseries/iommu.c- PCI_DN(mydn)->iommu_table = iommu_init_table(tbl);
arch/powerpc/platforms/pseries/iommu.c-
arch/powerpc/platforms/pseries/iommu.c- return;
arch/powerpc/platforms/pseries/iommu.c- }
--
arch/powerpc/platforms/pseries/iommu.c- pci = PCI_DN(pdn);
arch/powerpc/platforms/pseries/iommu.c- if (!pci->iommu_table) {
arch/powerpc/platforms/pseries/iommu.c- /* iommu_table_setparms_lpar needs bussubno. */
arch/powerpc/platforms/pseries/iommu.c- pci->bussubno = pci->phb->bus->number;
arch/powerpc/platforms/pseries/iommu.c-
arch/powerpc/platforms/pseries/iommu.c: tbl = (struct iommu_table *)kmalloc(sizeof(struct iommu_table),
arch/powerpc/platforms/pseries/iommu.c- GFP_KERNEL);
arch/powerpc/platforms/pseries/iommu.c-
arch/powerpc/platforms/pseries/iommu.c- iommu_table_setparms_lpar(pci->phb, pdn, tbl, dma_window);
arch/powerpc/platforms/pseries/iommu.c-
arch/powerpc/platforms/pseries/iommu.c- pci->iommu_table = iommu_init_table(tbl);
--
arch/ppc/syslib/ppc85xx_rio.c-void mpc85xx_rio_setup(int law_start, int law_size)
arch/ppc/syslib/ppc85xx_rio.c-{
arch/ppc/syslib/ppc85xx_rio.c- struct rio_ops *ops;
arch/ppc/syslib/ppc85xx_rio.c- struct rio_mport *port;
arch/ppc/syslib/ppc85xx_rio.c-
arch/ppc/syslib/ppc85xx_rio.c: ops = kmalloc(sizeof(struct rio_ops), GFP_KERNEL);
arch/ppc/syslib/ppc85xx_rio.c- ops->lcread = mpc85xx_local_config_read;
arch/ppc/syslib/ppc85xx_rio.c- ops->lcwrite = mpc85xx_local_config_write;
arch/ppc/syslib/ppc85xx_rio.c- ops->cread = mpc85xx_rio_config_read;
arch/ppc/syslib/ppc85xx_rio.c- ops->cwrite = mpc85xx_rio_config_write;
arch/ppc/syslib/ppc85xx_rio.c- ops->dsend = mpc85xx_rio_doorbell_send;
arch/ppc/syslib/ppc85xx_rio.c-
arch/ppc/syslib/ppc85xx_rio.c: port = kmalloc(sizeof(struct rio_mport), GFP_KERNEL);
arch/ppc/syslib/ppc85xx_rio.c- port->id = 0;
arch/ppc/syslib/ppc85xx_rio.c- port->index = 0;
arch/ppc/syslib/ppc85xx_rio.c- INIT_LIST_HEAD(&port->dbells);
arch/ppc/syslib/ppc85xx_rio.c- port->iores.start = law_start;
arch/ppc/syslib/ppc85xx_rio.c- port->iores.end = law_start + law_size;
--
arch/powerpc/kernel/ibmebus.c- dma_addr_t *dma_handle,
arch/powerpc/kernel/ibmebus.c- gfp_t flag)
arch/powerpc/kernel/ibmebus.c-{
arch/powerpc/kernel/ibmebus.c- void *mem;
arch/powerpc/kernel/ibmebus.c-
arch/powerpc/kernel/ibmebus.c: mem = kmalloc(size, flag);
arch/powerpc/kernel/ibmebus.c- *dma_handle = (dma_addr_t)mem;
arch/powerpc/kernel/ibmebus.c-
arch/powerpc/kernel/ibmebus.c- return mem;
arch/powerpc/kernel/ibmebus.c-}
arch/powerpc/kernel/ibmebus.c-
--
arch/ppc/8260_io/fcc_enet.c- memset((char *)ep, 0, sizeof(fcc_enet_t));
arch/ppc/8260_io/fcc_enet.c-
arch/ppc/8260_io/fcc_enet.c- /* Allocate space for the buffer descriptors from regular memory.
arch/ppc/8260_io/fcc_enet.c- * Initialize base addresses for the buffer descriptors.
arch/ppc/8260_io/fcc_enet.c- */
arch/ppc/8260_io/fcc_enet.c: cep->rx_bd_base = (cbd_t *)kmalloc(sizeof(cbd_t) * RX_RING_SIZE,
arch/ppc/8260_io/fcc_enet.c- GFP_KERNEL | GFP_DMA);
arch/ppc/8260_io/fcc_enet.c- ep->fen_genfcc.fcc_rbase = __pa(cep->rx_bd_base);
arch/ppc/8260_io/fcc_enet.c: cep->tx_bd_base = (cbd_t *)kmalloc(sizeof(cbd_t) * TX_RING_SIZE,
arch/ppc/8260_io/fcc_enet.c- GFP_KERNEL | GFP_DMA);
arch/ppc/8260_io/fcc_enet.c- ep->fen_genfcc.fcc_tbase = __pa(cep->tx_bd_base);
arch/ppc/8260_io/fcc_enet.c-
arch/ppc/8260_io/fcc_enet.c- cep->dirty_tx = cep->cur_tx = cep->tx_bd_base;
arch/ppc/8260_io/fcc_enet.c- cep->cur_rx = cep->rx_bd_base;
--
arch/cris/arch-v32/mm/intmem.c- if (allocation->status == STATUS_FREE &&
arch/cris/arch-v32/mm/intmem.c- allocation->size >= size + alignment) {
arch/cris/arch-v32/mm/intmem.c- if (allocation->size > size + alignment) {
arch/cris/arch-v32/mm/intmem.c- struct intmem_allocation* alloc =
arch/cris/arch-v32/mm/intmem.c- (struct intmem_allocation*)
arch/cris/arch-v32/mm/intmem.c: kmalloc(sizeof *alloc, GFP_ATOMIC);
arch/cris/arch-v32/mm/intmem.c- alloc->status = STATUS_FREE;
arch/cris/arch-v32/mm/intmem.c- alloc->size = allocation->size - size - alignment;
arch/cris/arch-v32/mm/intmem.c- alloc->offset = allocation->offset + size;
arch/cris/arch-v32/mm/intmem.c- list_add(&alloc->entry, &allocation->entry);
arch/cris/arch-v32/mm/intmem.c-
arch/cris/arch-v32/mm/intmem.c- if (alignment) {
arch/cris/arch-v32/mm/intmem.c- struct intmem_allocation* tmp;
arch/cris/arch-v32/mm/intmem.c- tmp = (struct intmem_allocation*)
arch/cris/arch-v32/mm/intmem.c: kmalloc(sizeof *tmp, GFP_ATOMIC);
arch/cris/arch-v32/mm/intmem.c- tmp->offset = allocation->offset;
arch/cris/arch-v32/mm/intmem.c- tmp->size = alignment;
arch/cris/arch-v32/mm/intmem.c- tmp->status = STATUS_FREE;
arch/cris/arch-v32/mm/intmem.c- allocation->offset += alignment;
arch/cris/arch-v32/mm/intmem.c- list_add_tail(&tmp->entry, &allocation->entry);
--
arch/cris/arch-v32/mm/intmem.c-static void crisv32_intmem_init(void)
arch/cris/arch-v32/mm/intmem.c-{
arch/cris/arch-v32/mm/intmem.c- static int initiated = 0;
arch/cris/arch-v32/mm/intmem.c- if (!initiated) {
arch/cris/arch-v32/mm/intmem.c- struct intmem_allocation* alloc =
arch/cris/arch-v32/mm/intmem.c: (struct intmem_allocation*)kmalloc(sizeof *alloc, GFP_KERNEL);
arch/cris/arch-v32/mm/intmem.c- INIT_LIST_HEAD(&intmem_allocations);
arch/cris/arch-v32/mm/intmem.c- intmem_virtual = ioremap(MEM_INTMEM_START, MEM_INTMEM_SIZE);
arch/cris/arch-v32/mm/intmem.c- initiated = 1;
arch/cris/arch-v32/mm/intmem.c- alloc->size = MEM_INTMEM_SIZE;
arch/cris/arch-v32/mm/intmem.c- alloc->offset = 0;
--
drivers/net/sb1250-mac.c- /*
drivers/net/sb1250-mac.c- * And context table
drivers/net/sb1250-mac.c- */
drivers/net/sb1250-mac.c-
drivers/net/sb1250-mac.c- d->sbdma_ctxtable = (struct sk_buff **)
drivers/net/sb1250-mac.c: kmalloc(d->sbdma_maxdescr*sizeof(struct sk_buff *), GFP_KERNEL);
drivers/net/sb1250-mac.c-
drivers/net/sb1250-mac.c- memset(d->sbdma_ctxtable,0,d->sbdma_maxdescr*sizeof(struct sk_buff *));
drivers/net/sb1250-mac.c-
drivers/net/sb1250-mac.c-#ifdef CONFIG_SBMAC_COALESCE
drivers/net/sb1250-mac.c- /*
--
drivers/net/sb1250-mac.c- */
drivers/net/sb1250-mac.c-
drivers/net/sb1250-mac.c- d->sbdma_maxdescr = maxdescr;
drivers/net/sb1250-mac.c-
drivers/net/sb1250-mac.c- d->sbdma_dscrtable = (sbdmadscr_t *)
drivers/net/sb1250-mac.c- kmalloc((d->sbdma_maxdescr+1)*sizeof(sbdmadscr_t), GFP_KERNEL);
drivers/net/sb1250-mac.c-
drivers/net/sb1250-mac.c- /*
drivers/net/sb1250-mac.c- * The descriptor table must be aligned to at least 16 bytes or the
drivers/net/sb1250-mac.c- * MAC will corrupt it.
drivers/net/sb1250-mac.c- */
--
drivers/atm/he.c- if (he_dev->rbps_base == NULL) {
drivers/atm/he.c- hprintk("failed to alloc rbps\n");
drivers/atm/he.c- return -ENOMEM;
drivers/atm/he.c- }
drivers/atm/he.c- memset(he_dev->rbps_base, 0, CONFIG_RBPS_SIZE * sizeof(struct he_rbp));
drivers/atm/he.c: he_dev->rbps_virt = kmalloc(CONFIG_RBPS_SIZE * sizeof(struct he_virt), GFP_KERNEL);
drivers/atm/he.c-
drivers/atm/he.c- for (i = 0; i < CONFIG_RBPS_SIZE; ++i) {
drivers/atm/he.c- dma_addr_t dma_handle;
drivers/atm/he.c- void *cpuaddr;
drivers/atm/he.c-
Regards,
Amit
[-- Attachment #2: findkmalloc.pl --]
[-- Type: application/octet-stream, Size: 5276 bytes --]
#!/usr/bin/perl
use Getopt::Long;
#GetOptions(\%opts,"file=s", "sep=s");
#my $infile = $opts{"file"};
#my $sep = $opts{"sep"} || "--";
my $sep = "--";
my $infile = "morepatches";
my $outbug = $infile.".bug";
my $outnobug = $infile.".nobug";
my $out2kmalloc = $infile.".bug.2kmalloc";
print "infile = $infile\n";
print "outbug = $outbug\n";
print "outnobug = $outnobug\n";
print "out2kmalloc = $out2kmalloc\n";
my @array;
my $index = 0;
my $i = 0;
my $num_extra_sep = 0;
my $total_sep = 0;
my $line = "";
my $filename = "";
my $command = "find . -name \"*\\.c\" | xargs grep -w \"kmalloc\\\|kzalloc\" -A 5 -B 5 > $infile";
print "command = $command\n";
system("$command");
open (IN, "<$infile") or die;
open (OUTBUG, ">$outbug") or die;
open (OUTNOBUG, ">$outnobug") or die;
open (OUT2KMALLOC, ">$out2kmalloc") or die;
while ($LINE = <IN>)
{
chomp($LINE);
if ($LINE =~ /^$sep$/) {
$total_sep++;
#print "read separator once\n";
if ($index == 0) {
#print "read separator twice\n";
$num_extra_sep++;
next; #read separator twice in a row
}
analyze_and_dump_array();
$index = 0;
next;
}
$LINE =~ s/^(\S+[-:])//;
if ($filename eq "") {
$filename = $1;
}
$array[$index] = $LINE;
$index++;
}
if ($index != 0) {
analyze_and_dump_array();
$index = 0;
}
print OUTBUG "$sep\n";
print OUTNOBUG "$sep\n";
print "Extra separators = $num_extra_sep\n";
print "Total separators = $total_sep\n";
sub analyze_and_dump_array
{
my $var = "";
my $foundkmalloc = 0;
for ($i = 0; $i < $index; $i++) {
$line = $array[$i];
#if ($array[$i] =~ /kmalloc|kzalloc/)
if ($line =~ /kmalloc|kzalloc/) {
#if ($ret == 0) {
#print "line = $line\n";
#}
#if (($array[$i] =~ /NULL/i) ||
# ($array[$i] =~ /!/i))
if (($line =~ /NULL/i) ||
($line =~ /!/i)) {
#print "NULL or ! found..dumping to .nobug file: $array[$i]\n";
print OUTNOBUG "$sep\n";
for ($i = 0; $i < $index; $i++) {
print OUTNOBUG "$filename $array[$i]\n";
}
$filename = "";
$foundkmalloc = 0;
return;
}
#$var = $array[$i];
$var = "";
$var = $line;
# We should not worry here as both kmalloc and
# kzalloc will not occur in one line.
$var =~ s/(\S+)\s*=.*kmalloc.*//;
$var =~ s/(\S+)\s*=.*kzalloc.*//;
$var = $1;
$var =~ s/\*//g;
$var =~ s/.*\(//g;
$var =~ s/\)//g;
$var =~ s/\]/\\\]/g;
$var =~ s/\[/\\\[/g;
if ($var eq "") {
#print "var is empty. filename = $filename\n";
$line = "";
$ret = get_one_line($i);
if ($ret == 1) {
$line = $array[$i];
} else {
#$var = $array[$i];
$var = "";
$var = $line;
$var =~ s/(\S+)\s*=.*kmalloc.*//;
$var =~ s/(\S+)\s*=.*kzalloc.*//;
$var = $1;
$var =~ s/\*//g;
$var =~ s/.*\(//g;
$var =~ s/\)//g;
$var =~ s/\]/\\\]/g;
$var =~ s/\[/\\\[/g;
}
}
#print "var = $var\n";
#var still not found, print to nobug file.
if ($var eq "") {
print OUTNOBUG "$sep\n";
for ($i = 0; $i < $index; $i++) {
print OUTNOBUG "$filename $array[$i]\n";
}
$filename = "";
$foundkmalloc = 0;
return;
}
#print "line = $array[$i]\n";
#print "line = $line\n";
#print "var = $var\n";
#print "got kmalloc: line = $array[$i]\n";
#print "got kmalloc: line = $line\n";
#print "got kmalloc: variable = $var\n";
if ($foundkmalloc == 1) {
#print "two kmalloc's..dumping to .bug file\n";
print OUT2KMALLOC "$sep\n";
for ($i = 0; $i < $index; $i++) {
print OUT2KMALLOC "$filename $array[$i]\n";
}
$filename = "";
$foundkmalloc = 0;
return;
}
$foundkmalloc = 1;
next;
}
if ($foundkmalloc == 1) {
#if ($array[$i] =~ /$var/)
#print "line = $line\n";
#print "var = $var\n";
if ($line =~ /$var/) {
#print "variable $var found again..dumping to .nobug file\n";
print OUTNOBUG "$sep\n";
for ($i = 0; $i < $index; $i++) {
print OUTNOBUG "$filename $array[$i]\n";
}
$filename = "";
$foundkmalloc = 0;
return;
}
}
}
# var not found. dump to bug file if kmalloc|kzalloc found.
#print "variable $var NOT found..dumping to .bug file\n";
if ($foundkmalloc == 1) {
print OUTBUG "$sep\n";
for ($i = 0; $i < $index; $i++) {
print OUTBUG "$filename $array[$i]\n";
}
$filename = "";
}
# kmalloc not found. dump to nobug file. can happen if
# you get a capital KMALLOC. (sometimes, within comments).
if ($foundkmalloc == 0) {
print OUTNOBUG "$sep\n";
for ($i = 0; $i < $index; $i++) {
print OUTNOBUG "$filename $array[$i]\n";
}
$filename = "";
}
$foundkmalloc = 0;
return;
}
sub get_one_line
{
$line = "";
$k = $j = $_[0];
for ($j = $j - 1; $j >= 0; $j--) {
if ($array[$j] =~ /;(.*)/) {
$line = $line.$1;
last;
}
elsif ($array[$j] =~ /{(.*)/) {
$line = $line.$1;
last;
}
elsif ($array[$j] =~ /}(.*)/) {
$line = $line.$1;
last;
}
}
if ($j < 0) {
return 1;
}
for ($j = $j + 1; $j < $index; $j++) {
if ($array[$j] =~ /(.*);/) {
$line = $line.$1;
last;
}
elsif ($array[$j] =~ /(.*)}/) {
$line = $line.$1;
last;
}
elsif ($array[$j] =~ /(.*){/) {
$line = $line.$1;
last;
}
$line = $line.$array[$j];
}
if ($j >= $index) {
return 1;
}
return 0;
#return 1;
}
[-- Attachment #3: check_kmalloc.txt --]
[-- Type: text/plain, Size: 12372 bytes --]
--
arch/powerpc/kernel/ibmebus.c- dma_addr_t *dma_handle,
arch/powerpc/kernel/ibmebus.c- gfp_t flag)
arch/powerpc/kernel/ibmebus.c-{
arch/powerpc/kernel/ibmebus.c- void *mem;
arch/powerpc/kernel/ibmebus.c-
arch/powerpc/kernel/ibmebus.c: mem = kmalloc(size, flag);
arch/powerpc/kernel/ibmebus.c- *dma_handle = (dma_addr_t)mem;
arch/powerpc/kernel/ibmebus.c-
arch/powerpc/kernel/ibmebus.c- return mem;
arch/powerpc/kernel/ibmebus.c-}
arch/powerpc/kernel/ibmebus.c-
--
arch/ppc/8260_io/fcc_enet.c- memset((char *)ep, 0, sizeof(fcc_enet_t));
arch/ppc/8260_io/fcc_enet.c-
arch/ppc/8260_io/fcc_enet.c- /* Allocate space for the buffer descriptors from regular memory.
arch/ppc/8260_io/fcc_enet.c- * Initialize base addresses for the buffer descriptors.
arch/ppc/8260_io/fcc_enet.c- */
arch/ppc/8260_io/fcc_enet.c: cep->rx_bd_base = (cbd_t *)kmalloc(sizeof(cbd_t) * RX_RING_SIZE,
arch/ppc/8260_io/fcc_enet.c- GFP_KERNEL | GFP_DMA);
arch/ppc/8260_io/fcc_enet.c- ep->fen_genfcc.fcc_rbase = __pa(cep->rx_bd_base);
arch/ppc/8260_io/fcc_enet.c: cep->tx_bd_base = (cbd_t *)kmalloc(sizeof(cbd_t) * TX_RING_SIZE,
arch/ppc/8260_io/fcc_enet.c- GFP_KERNEL | GFP_DMA);
arch/ppc/8260_io/fcc_enet.c- ep->fen_genfcc.fcc_tbase = __pa(cep->tx_bd_base);
arch/ppc/8260_io/fcc_enet.c-
arch/ppc/8260_io/fcc_enet.c- cep->dirty_tx = cep->cur_tx = cep->tx_bd_base;
arch/ppc/8260_io/fcc_enet.c- cep->cur_rx = cep->rx_bd_base;
--
arch/cris/arch-v32/mm/intmem.c- if (allocation->status == STATUS_FREE &&
arch/cris/arch-v32/mm/intmem.c- allocation->size >= size + alignment) {
arch/cris/arch-v32/mm/intmem.c- if (allocation->size > size + alignment) {
arch/cris/arch-v32/mm/intmem.c- struct intmem_allocation* alloc =
arch/cris/arch-v32/mm/intmem.c- (struct intmem_allocation*)
arch/cris/arch-v32/mm/intmem.c: kmalloc(sizeof *alloc, GFP_ATOMIC);
arch/cris/arch-v32/mm/intmem.c- alloc->status = STATUS_FREE;
arch/cris/arch-v32/mm/intmem.c- alloc->size = allocation->size - size - alignment;
arch/cris/arch-v32/mm/intmem.c- alloc->offset = allocation->offset + size;
arch/cris/arch-v32/mm/intmem.c- list_add(&alloc->entry, &allocation->entry);
arch/cris/arch-v32/mm/intmem.c-
arch/cris/arch-v32/mm/intmem.c- if (alignment) {
arch/cris/arch-v32/mm/intmem.c- struct intmem_allocation* tmp;
arch/cris/arch-v32/mm/intmem.c- tmp = (struct intmem_allocation*)
arch/cris/arch-v32/mm/intmem.c: kmalloc(sizeof *tmp, GFP_ATOMIC);
arch/cris/arch-v32/mm/intmem.c- tmp->offset = allocation->offset;
arch/cris/arch-v32/mm/intmem.c- tmp->size = alignment;
arch/cris/arch-v32/mm/intmem.c- tmp->status = STATUS_FREE;
arch/cris/arch-v32/mm/intmem.c- allocation->offset += alignment;
arch/cris/arch-v32/mm/intmem.c- list_add_tail(&tmp->entry, &allocation->entry);
--
arch/cris/arch-v32/mm/intmem.c-static void crisv32_intmem_init(void)
arch/cris/arch-v32/mm/intmem.c-{
arch/cris/arch-v32/mm/intmem.c- static int initiated = 0;
arch/cris/arch-v32/mm/intmem.c- if (!initiated) {
arch/cris/arch-v32/mm/intmem.c- struct intmem_allocation* alloc =
arch/cris/arch-v32/mm/intmem.c: (struct intmem_allocation*)kmalloc(sizeof *alloc, GFP_KERNEL);
arch/cris/arch-v32/mm/intmem.c- INIT_LIST_HEAD(&intmem_allocations);
arch/cris/arch-v32/mm/intmem.c- intmem_virtual = ioremap(MEM_INTMEM_START, MEM_INTMEM_SIZE);
arch/cris/arch-v32/mm/intmem.c- initiated = 1;
arch/cris/arch-v32/mm/intmem.c- alloc->size = MEM_INTMEM_SIZE;
arch/cris/arch-v32/mm/intmem.c- alloc->offset = 0;
--
drivers/net/sb1250-mac.c- /*
drivers/net/sb1250-mac.c- * And context table
drivers/net/sb1250-mac.c- */
drivers/net/sb1250-mac.c-
drivers/net/sb1250-mac.c- d->sbdma_ctxtable = (struct sk_buff **)
drivers/net/sb1250-mac.c: kmalloc(d->sbdma_maxdescr*sizeof(struct sk_buff *), GFP_KERNEL);
drivers/net/sb1250-mac.c-
drivers/net/sb1250-mac.c- memset(d->sbdma_ctxtable,0,d->sbdma_maxdescr*sizeof(struct sk_buff *));
drivers/net/sb1250-mac.c-
drivers/net/sb1250-mac.c-#ifdef CONFIG_SBMAC_COALESCE
drivers/net/sb1250-mac.c- /*
--
drivers/net/sb1250-mac.c- */
drivers/net/sb1250-mac.c-
drivers/net/sb1250-mac.c- d->sbdma_maxdescr = maxdescr;
drivers/net/sb1250-mac.c-
drivers/net/sb1250-mac.c- d->sbdma_dscrtable = (sbdmadscr_t *)
drivers/net/sb1250-mac.c- kmalloc((d->sbdma_maxdescr+1)*sizeof(sbdmadscr_t), GFP_KERNEL);
drivers/net/sb1250-mac.c-
drivers/net/sb1250-mac.c- /*
drivers/net/sb1250-mac.c- * The descriptor table must be aligned to at least 16 bytes or the
drivers/net/sb1250-mac.c- * MAC will corrupt it.
drivers/net/sb1250-mac.c- */
--
drivers/atm/he.c- if (he_dev->rbps_base == NULL) {
drivers/atm/he.c- hprintk("failed to alloc rbps\n");
drivers/atm/he.c- return -ENOMEM;
drivers/atm/he.c- }
drivers/atm/he.c- memset(he_dev->rbps_base, 0, CONFIG_RBPS_SIZE * sizeof(struct he_rbp));
drivers/atm/he.c: he_dev->rbps_virt = kmalloc(CONFIG_RBPS_SIZE * sizeof(struct he_virt), GFP_KERNEL);
drivers/atm/he.c-
drivers/atm/he.c- for (i = 0; i < CONFIG_RBPS_SIZE; ++i) {
drivers/atm/he.c- dma_addr_t dma_handle;
drivers/atm/he.c- void *cpuaddr;
drivers/atm/he.c-
--
drivers/s390/scsi/zfcp_aux.c- */
drivers/s390/scsi/zfcp_aux.c-static int
drivers/s390/scsi/zfcp_aux.c-zfcp_allocate_low_mem_buffers(struct zfcp_adapter *adapter)
drivers/s390/scsi/zfcp_aux.c-{
drivers/s390/scsi/zfcp_aux.c- adapter->pool.fsf_req_erp =
drivers/s390/scsi/zfcp_aux.c: mempool_create_kmalloc_pool(ZFCP_POOL_FSF_REQ_ERP_NR,
drivers/s390/scsi/zfcp_aux.c- sizeof(struct zfcp_fsf_req_pool_element));
drivers/s390/scsi/zfcp_aux.c- if (!adapter->pool.fsf_req_erp)
drivers/s390/scsi/zfcp_aux.c- return -ENOMEM;
drivers/s390/scsi/zfcp_aux.c-
drivers/s390/scsi/zfcp_aux.c- adapter->pool.fsf_req_scsi =
drivers/s390/scsi/zfcp_aux.c: mempool_create_kmalloc_pool(ZFCP_POOL_FSF_REQ_SCSI_NR,
drivers/s390/scsi/zfcp_aux.c- sizeof(struct zfcp_fsf_req_pool_element));
drivers/s390/scsi/zfcp_aux.c- if (!adapter->pool.fsf_req_scsi)
drivers/s390/scsi/zfcp_aux.c- return -ENOMEM;
drivers/s390/scsi/zfcp_aux.c-
drivers/s390/scsi/zfcp_aux.c- adapter->pool.fsf_req_abort =
drivers/s390/scsi/zfcp_aux.c: mempool_create_kmalloc_pool(ZFCP_POOL_FSF_REQ_ABORT_NR,
drivers/s390/scsi/zfcp_aux.c- sizeof(struct zfcp_fsf_req_pool_element));
drivers/s390/scsi/zfcp_aux.c- if (!adapter->pool.fsf_req_abort)
drivers/s390/scsi/zfcp_aux.c- return -ENOMEM;
drivers/s390/scsi/zfcp_aux.c-
drivers/s390/scsi/zfcp_aux.c- adapter->pool.fsf_req_status_read =
drivers/s390/scsi/zfcp_aux.c: mempool_create_kmalloc_pool(ZFCP_POOL_STATUS_READ_NR,
drivers/s390/scsi/zfcp_aux.c- sizeof(struct zfcp_fsf_req));
drivers/s390/scsi/zfcp_aux.c- if (!adapter->pool.fsf_req_status_read)
drivers/s390/scsi/zfcp_aux.c- return -ENOMEM;
drivers/s390/scsi/zfcp_aux.c-
drivers/s390/scsi/zfcp_aux.c- adapter->pool.data_status_read =
drivers/s390/scsi/zfcp_aux.c: mempool_create_kmalloc_pool(ZFCP_POOL_STATUS_READ_NR,
drivers/s390/scsi/zfcp_aux.c- sizeof(struct fsf_status_read_buffer));
drivers/s390/scsi/zfcp_aux.c- if (!adapter->pool.data_status_read)
drivers/s390/scsi/zfcp_aux.c- return -ENOMEM;
drivers/s390/scsi/zfcp_aux.c-
drivers/s390/scsi/zfcp_aux.c- adapter->pool.data_gid_pn =
drivers/s390/scsi/zfcp_aux.c: mempool_create_kmalloc_pool(ZFCP_POOL_DATA_GID_PN_NR,
drivers/s390/scsi/zfcp_aux.c- sizeof(struct zfcp_gid_pn_data));
drivers/s390/scsi/zfcp_aux.c- if (!adapter->pool.data_gid_pn)
drivers/s390/scsi/zfcp_aux.c- return -ENOMEM;
drivers/s390/scsi/zfcp_aux.c-
drivers/s390/scsi/zfcp_aux.c- return 0;
--
arch/powerpc/platforms/iseries/iommu.c-void iommu_devnode_init_iSeries(struct device_node *dn)
arch/powerpc/platforms/iseries/iommu.c-{
arch/powerpc/platforms/iseries/iommu.c- struct iommu_table *tbl;
arch/powerpc/platforms/iseries/iommu.c- struct pci_dn *pdn = PCI_DN(dn);
arch/powerpc/platforms/iseries/iommu.c-
arch/powerpc/platforms/iseries/iommu.c: tbl = kmalloc(sizeof(struct iommu_table), GFP_KERNEL);
arch/powerpc/platforms/iseries/iommu.c-
arch/powerpc/platforms/iseries/iommu.c- iommu_table_getparms_iSeries(pdn->busno, pdn->LogicalSlot, 0, tbl);
arch/powerpc/platforms/iseries/iommu.c-
arch/powerpc/platforms/iseries/iommu.c- /* Look for existing tce table */
arch/powerpc/platforms/iseries/iommu.c- pdn->iommu_table = iommu_table_find(tbl);
--
arch/powerpc/platforms/pseries/iommu.c- * space.
arch/powerpc/platforms/pseries/iommu.c- */
arch/powerpc/platforms/pseries/iommu.c- pci->phb->dma_window_size = 0x8000000ul;
arch/powerpc/platforms/pseries/iommu.c- pci->phb->dma_window_base_cur = 0x8000000ul;
arch/powerpc/platforms/pseries/iommu.c-
arch/powerpc/platforms/pseries/iommu.c: tbl = kmalloc(sizeof(struct iommu_table), GFP_KERNEL);
arch/powerpc/platforms/pseries/iommu.c-
arch/powerpc/platforms/pseries/iommu.c- iommu_table_setparms(pci->phb, dn, tbl);
arch/powerpc/platforms/pseries/iommu.c- pci->iommu_table = iommu_init_table(tbl);
arch/powerpc/platforms/pseries/iommu.c-
arch/powerpc/platforms/pseries/iommu.c- /* Divide the rest (1.75GB) among the children */
--
arch/powerpc/platforms/pseries/iommu.c- * Do it now because iommu_table_setparms_lpar needs it.
arch/powerpc/platforms/pseries/iommu.c- */
arch/powerpc/platforms/pseries/iommu.c-
arch/powerpc/platforms/pseries/iommu.c- ppci->bussubno = bus->number;
arch/powerpc/platforms/pseries/iommu.c-
arch/powerpc/platforms/pseries/iommu.c: tbl = (struct iommu_table *)kmalloc(sizeof(struct iommu_table),
arch/powerpc/platforms/pseries/iommu.c- GFP_KERNEL);
arch/powerpc/platforms/pseries/iommu.c-
arch/powerpc/platforms/pseries/iommu.c- iommu_table_setparms_lpar(ppci->phb, pdn, tbl, dma_window);
arch/powerpc/platforms/pseries/iommu.c-
arch/powerpc/platforms/pseries/iommu.c- ppci->iommu_table = iommu_init_table(tbl);
--
arch/powerpc/platforms/pseries/iommu.c- * an iommu table ourselves. The bus setup code should have setup
arch/powerpc/platforms/pseries/iommu.c- * the window sizes already.
arch/powerpc/platforms/pseries/iommu.c- */
arch/powerpc/platforms/pseries/iommu.c- if (!dev->bus->self) {
arch/powerpc/platforms/pseries/iommu.c- DBG(" --> first child, no bridge. Allocating iommu table.\n");
arch/powerpc/platforms/pseries/iommu.c: tbl = kmalloc(sizeof(struct iommu_table), GFP_KERNEL);
arch/powerpc/platforms/pseries/iommu.c- iommu_table_setparms(PCI_DN(dn)->phb, dn, tbl);
arch/powerpc/platforms/pseries/iommu.c- PCI_DN(mydn)->iommu_table = iommu_init_table(tbl);
arch/powerpc/platforms/pseries/iommu.c-
arch/powerpc/platforms/pseries/iommu.c- return;
arch/powerpc/platforms/pseries/iommu.c- }
--
arch/powerpc/platforms/pseries/iommu.c- pci = PCI_DN(pdn);
arch/powerpc/platforms/pseries/iommu.c- if (!pci->iommu_table) {
arch/powerpc/platforms/pseries/iommu.c- /* iommu_table_setparms_lpar needs bussubno. */
arch/powerpc/platforms/pseries/iommu.c- pci->bussubno = pci->phb->bus->number;
arch/powerpc/platforms/pseries/iommu.c-
arch/powerpc/platforms/pseries/iommu.c: tbl = (struct iommu_table *)kmalloc(sizeof(struct iommu_table),
arch/powerpc/platforms/pseries/iommu.c- GFP_KERNEL);
arch/powerpc/platforms/pseries/iommu.c-
arch/powerpc/platforms/pseries/iommu.c- iommu_table_setparms_lpar(pci->phb, pdn, tbl, dma_window);
arch/powerpc/platforms/pseries/iommu.c-
arch/powerpc/platforms/pseries/iommu.c- pci->iommu_table = iommu_init_table(tbl);
--
arch/ppc/syslib/ppc85xx_rio.c-void mpc85xx_rio_setup(int law_start, int law_size)
arch/ppc/syslib/ppc85xx_rio.c-{
arch/ppc/syslib/ppc85xx_rio.c- struct rio_ops *ops;
arch/ppc/syslib/ppc85xx_rio.c- struct rio_mport *port;
arch/ppc/syslib/ppc85xx_rio.c-
arch/ppc/syslib/ppc85xx_rio.c: ops = kmalloc(sizeof(struct rio_ops), GFP_KERNEL);
arch/ppc/syslib/ppc85xx_rio.c- ops->lcread = mpc85xx_local_config_read;
arch/ppc/syslib/ppc85xx_rio.c- ops->lcwrite = mpc85xx_local_config_write;
arch/ppc/syslib/ppc85xx_rio.c- ops->cread = mpc85xx_rio_config_read;
arch/ppc/syslib/ppc85xx_rio.c- ops->cwrite = mpc85xx_rio_config_write;
arch/ppc/syslib/ppc85xx_rio.c- ops->dsend = mpc85xx_rio_doorbell_send;
arch/ppc/syslib/ppc85xx_rio.c-
arch/ppc/syslib/ppc85xx_rio.c: port = kmalloc(sizeof(struct rio_mport), GFP_KERNEL);
arch/ppc/syslib/ppc85xx_rio.c- port->id = 0;
arch/ppc/syslib/ppc85xx_rio.c- port->index = 0;
arch/ppc/syslib/ppc85xx_rio.c- INIT_LIST_HEAD(&port->dbells);
arch/ppc/syslib/ppc85xx_rio.c- port->iores.start = law_start;
arch/ppc/syslib/ppc85xx_rio.c- port->iores.end = law_start + law_size;
[-- Attachment #4: Type: text/plain, Size: 192 bytes --]
_______________________________________________
Kernel-janitors mailing list
Kernel-janitors@lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/kernel-janitors
^ permalink raw reply [flat|nested] 2+ messages in thread
* [KJ] [PATCH] [KERNEL] check kmalloc return value + error path leak
2007-03-18 23:18 [KJ] [PATCH] [KERNEL] check kmalloc return value + error path leak Amit Choudhary
@ 2007-03-19 4:33 ` Amit Choudhary
0 siblings, 0 replies; 2+ messages in thread
From: Amit Choudhary @ 2007-03-19 4:33 UTC (permalink / raw)
To: kernel-janitors
Hi All,
I have conlcuded going through the entire kernel and looking for places where kmalloc return value was not checked. In the process, I also found some error path leaks. It was heartening to see that the return value of kmalloc was checked everywhere in the kernel except at some 30 odd places. There might be a couple of places that I might have missed.
But I believe that many error path leaks still exist in the system.
There are 8 files remaining where kmalloc return value is not checked. I did not have compilers for these architectures so I didn't fix them. Also, I believe some of these are non-issues as it looks like they happen very early in the boot cycle, and if no memory is available at that time, then the system is not going to work anyway.
I am listing the files here and the relevant misbehaving code so that someone working on that platform can fix these.
I had written a perl program to check whether the return value of kmalloc is being checked or not. It can be downloaded from here: http://www.geocities.com/amit2030/findkmalloc.pl.txt.
I do not think it is perfect but it works and probably someone else can find it useful too. I had used some manual effort too.
The offending files (no check for kmalloc return values + error path leaks where they check) are:
--------------------------------------
arch/powerpc/kernel/ibmebus.c
arch/ppc/8260_io/fcc_enet.c
arch/cris/arch-v32/mm/intmem.c
drivers/net/sb1250-mac.c
drivers/atm/he.c
drivers/s390/scsi/zfcp_aux.c
arch/powerpc/platforms/iseries/iommu.c
arch/ppc/syslib/ppc85xx_rio.c
--------------------------------------
--
drivers/s390/scsi/zfcp_aux.c- */
drivers/s390/scsi/zfcp_aux.c-static int
drivers/s390/scsi/zfcp_aux.c-zfcp_allocate_low_mem_buffers(struct zfcp_adapter *adapter)
drivers/s390/scsi/zfcp_aux.c-{
drivers/s390/scsi/zfcp_aux.c- adapter->pool.fsf_req_erp drivers/s390/scsi/zfcp_aux.c: mempool_create_kmalloc_pool(ZFCP_POOL_FSF_REQ_ERP_NR,
drivers/s390/scsi/zfcp_aux.c- sizeof(struct zfcp_fsf_req_pool_element));
drivers/s390/scsi/zfcp_aux.c- if (!adapter->pool.fsf_req_erp)
drivers/s390/scsi/zfcp_aux.c- return -ENOMEM;
drivers/s390/scsi/zfcp_aux.c-
drivers/s390/scsi/zfcp_aux.c- adapter->pool.fsf_req_scsi drivers/s390/scsi/zfcp_aux.c: mempool_create_kmalloc_pool(ZFCP_POOL_FSF_REQ_SCSI_NR,
drivers/s390/scsi/zfcp_aux.c- sizeof(struct zfcp_fsf_req_pool_element));
drivers/s390/scsi/zfcp_aux.c- if (!adapter->pool.fsf_req_scsi)
drivers/s390/scsi/zfcp_aux.c- return -ENOMEM;
drivers/s390/scsi/zfcp_aux.c-
drivers/s390/scsi/zfcp_aux.c- adapter->pool.fsf_req_abort drivers/s390/scsi/zfcp_aux.c: mempool_create_kmalloc_pool(ZFCP_POOL_FSF_REQ_ABORT_NR,
drivers/s390/scsi/zfcp_aux.c- sizeof(struct zfcp_fsf_req_pool_element));
drivers/s390/scsi/zfcp_aux.c- if (!adapter->pool.fsf_req_abort)
drivers/s390/scsi/zfcp_aux.c- return -ENOMEM;
drivers/s390/scsi/zfcp_aux.c-
drivers/s390/scsi/zfcp_aux.c- adapter->pool.fsf_req_status_read drivers/s390/scsi/zfcp_aux.c: mempool_create_kmalloc_pool(ZFCP_POOL_STATUS_READ_NR,
drivers/s390/scsi/zfcp_aux.c- sizeof(struct zfcp_fsf_req));
drivers/s390/scsi/zfcp_aux.c- if (!adapter->pool.fsf_req_status_read)
drivers/s390/scsi/zfcp_aux.c- return -ENOMEM;
drivers/s390/scsi/zfcp_aux.c-
drivers/s390/scsi/zfcp_aux.c- adapter->pool.data_status_read drivers/s390/scsi/zfcp_aux.c: mempool_create_kmalloc_pool(ZFCP_POOL_STATUS_READ_NR,
drivers/s390/scsi/zfcp_aux.c- sizeof(struct fsf_status_read_buffer));
drivers/s390/scsi/zfcp_aux.c- if (!adapter->pool.data_status_read)
drivers/s390/scsi/zfcp_aux.c- return -ENOMEM;
drivers/s390/scsi/zfcp_aux.c-
drivers/s390/scsi/zfcp_aux.c- adapter->pool.data_gid_pn drivers/s390/scsi/zfcp_aux.c: mempool_create_kmalloc_pool(ZFCP_POOL_DATA_GID_PN_NR,
drivers/s390/scsi/zfcp_aux.c- sizeof(struct zfcp_gid_pn_data));
drivers/s390/scsi/zfcp_aux.c- if (!adapter->pool.data_gid_pn)
drivers/s390/scsi/zfcp_aux.c- return -ENOMEM;
drivers/s390/scsi/zfcp_aux.c-
drivers/s390/scsi/zfcp_aux.c- return 0;
--
arch/powerpc/platforms/iseries/iommu.c-void iommu_devnode_init_iSeries(struct device_node *dn)
arch/powerpc/platforms/iseries/iommu.c-{
arch/powerpc/platforms/iseries/iommu.c- struct iommu_table *tbl;
arch/powerpc/platforms/iseries/iommu.c- struct pci_dn *pdn = PCI_DN(dn);
arch/powerpc/platforms/iseries/iommu.c-
arch/powerpc/platforms/iseries/iommu.c: tbl = kmalloc(sizeof(struct iommu_table), GFP_KERNEL);
arch/powerpc/platforms/iseries/iommu.c-
arch/powerpc/platforms/iseries/iommu.c- iommu_table_getparms_iSeries(pdn->busno, pdn->LogicalSlot, 0, tbl);
arch/powerpc/platforms/iseries/iommu.c-
arch/powerpc/platforms/iseries/iommu.c- /* Look for existing tce table */
arch/powerpc/platforms/iseries/iommu.c- pdn->iommu_table = iommu_table_find(tbl);
--
arch/powerpc/platforms/pseries/iommu.c- * space.
arch/powerpc/platforms/pseries/iommu.c- */
arch/powerpc/platforms/pseries/iommu.c- pci->phb->dma_window_size = 0x8000000ul;
arch/powerpc/platforms/pseries/iommu.c- pci->phb->dma_window_base_cur = 0x8000000ul;
arch/powerpc/platforms/pseries/iommu.c-
arch/powerpc/platforms/pseries/iommu.c: tbl = kmalloc(sizeof(struct iommu_table), GFP_KERNEL);
arch/powerpc/platforms/pseries/iommu.c-
arch/powerpc/platforms/pseries/iommu.c- iommu_table_setparms(pci->phb, dn, tbl);
arch/powerpc/platforms/pseries/iommu.c- pci->iommu_table = iommu_init_table(tbl);
arch/powerpc/platforms/pseries/iommu.c-
arch/powerpc/platforms/pseries/iommu.c- /* Divide the rest (1.75GB) among the children */
--
arch/powerpc/platforms/pseries/iommu.c- * Do it now because iommu_table_setparms_lpar needs it.
arch/powerpc/platforms/pseries/iommu.c- */
arch/powerpc/platforms/pseries/iommu.c-
arch/powerpc/platforms/pseries/iommu.c- ppci->bussubno = bus->number;
arch/powerpc/platforms/pseries/iommu.c-
arch/powerpc/platforms/pseries/iommu.c: tbl = (struct iommu_table *)kmalloc(sizeof(struct iommu_table),
arch/powerpc/platforms/pseries/iommu.c- GFP_KERNEL);
arch/powerpc/platforms/pseries/iommu.c-
arch/powerpc/platforms/pseries/iommu.c- iommu_table_setparms_lpar(ppci->phb, pdn, tbl, dma_window);
arch/powerpc/platforms/pseries/iommu.c-
arch/powerpc/platforms/pseries/iommu.c- ppci->iommu_table = iommu_init_table(tbl);
--
arch/powerpc/platforms/pseries/iommu.c- * an iommu table ourselves. The bus setup code should have setup
arch/powerpc/platforms/pseries/iommu.c- * the window sizes already.
arch/powerpc/platforms/pseries/iommu.c- */
arch/powerpc/platforms/pseries/iommu.c- if (!dev->bus->self) {
arch/powerpc/platforms/pseries/iommu.c- DBG(" --> first child, no bridge. Allocating iommu table.\n");
arch/powerpc/platforms/pseries/iommu.c: tbl = kmalloc(sizeof(struct iommu_table), GFP_KERNEL);
arch/powerpc/platforms/pseries/iommu.c- iommu_table_setparms(PCI_DN(dn)->phb, dn, tbl);
arch/powerpc/platforms/pseries/iommu.c- PCI_DN(mydn)->iommu_table = iommu_init_table(tbl);
arch/powerpc/platforms/pseries/iommu.c-
arch/powerpc/platforms/pseries/iommu.c- return;
arch/powerpc/platforms/pseries/iommu.c- }
--
arch/powerpc/platforms/pseries/iommu.c- pci = PCI_DN(pdn);
arch/powerpc/platforms/pseries/iommu.c- if (!pci->iommu_table) {
arch/powerpc/platforms/pseries/iommu.c- /* iommu_table_setparms_lpar needs bussubno. */
arch/powerpc/platforms/pseries/iommu.c- pci->bussubno = pci->phb->bus->number;
arch/powerpc/platforms/pseries/iommu.c-
arch/powerpc/platforms/pseries/iommu.c: tbl = (struct iommu_table *)kmalloc(sizeof(struct iommu_table),
arch/powerpc/platforms/pseries/iommu.c- GFP_KERNEL);
arch/powerpc/platforms/pseries/iommu.c-
arch/powerpc/platforms/pseries/iommu.c- iommu_table_setparms_lpar(pci->phb, pdn, tbl, dma_window);
arch/powerpc/platforms/pseries/iommu.c-
arch/powerpc/platforms/pseries/iommu.c- pci->iommu_table = iommu_init_table(tbl);
--
arch/ppc/syslib/ppc85xx_rio.c-void mpc85xx_rio_setup(int law_start, int law_size)
arch/ppc/syslib/ppc85xx_rio.c-{
arch/ppc/syslib/ppc85xx_rio.c- struct rio_ops *ops;
arch/ppc/syslib/ppc85xx_rio.c- struct rio_mport *port;
arch/ppc/syslib/ppc85xx_rio.c-
arch/ppc/syslib/ppc85xx_rio.c: ops = kmalloc(sizeof(struct rio_ops), GFP_KERNEL);
arch/ppc/syslib/ppc85xx_rio.c- ops->lcread = mpc85xx_local_config_read;
arch/ppc/syslib/ppc85xx_rio.c- ops->lcwrite = mpc85xx_local_config_write;
arch/ppc/syslib/ppc85xx_rio.c- ops->cread = mpc85xx_rio_config_read;
arch/ppc/syslib/ppc85xx_rio.c- ops->cwrite = mpc85xx_rio_config_write;
arch/ppc/syslib/ppc85xx_rio.c- ops->dsend = mpc85xx_rio_doorbell_send;
arch/ppc/syslib/ppc85xx_rio.c-
arch/ppc/syslib/ppc85xx_rio.c: port = kmalloc(sizeof(struct rio_mport), GFP_KERNEL);
arch/ppc/syslib/ppc85xx_rio.c- port->id = 0;
arch/ppc/syslib/ppc85xx_rio.c- port->index = 0;
arch/ppc/syslib/ppc85xx_rio.c- INIT_LIST_HEAD(&port->dbells);
arch/ppc/syslib/ppc85xx_rio.c- port->iores.start = law_start;
arch/ppc/syslib/ppc85xx_rio.c- port->iores.end = law_start + law_size;
--
arch/powerpc/kernel/ibmebus.c- dma_addr_t *dma_handle,
arch/powerpc/kernel/ibmebus.c- gfp_t flag)
arch/powerpc/kernel/ibmebus.c-{
arch/powerpc/kernel/ibmebus.c- void *mem;
arch/powerpc/kernel/ibmebus.c-
arch/powerpc/kernel/ibmebus.c: mem = kmalloc(size, flag);
arch/powerpc/kernel/ibmebus.c- *dma_handle = (dma_addr_t)mem;
arch/powerpc/kernel/ibmebus.c-
arch/powerpc/kernel/ibmebus.c- return mem;
arch/powerpc/kernel/ibmebus.c-}
arch/powerpc/kernel/ibmebus.c-
--
arch/ppc/8260_io/fcc_enet.c- memset((char *)ep, 0, sizeof(fcc_enet_t));
arch/ppc/8260_io/fcc_enet.c-
arch/ppc/8260_io/fcc_enet.c- /* Allocate space for the buffer descriptors from regular memory.
arch/ppc/8260_io/fcc_enet.c- * Initialize base addresses for the buffer descriptors.
arch/ppc/8260_io/fcc_enet.c- */
arch/ppc/8260_io/fcc_enet.c: cep->rx_bd_base = (cbd_t *)kmalloc(sizeof(cbd_t) * RX_RING_SIZE,
arch/ppc/8260_io/fcc_enet.c- GFP_KERNEL | GFP_DMA);
arch/ppc/8260_io/fcc_enet.c- ep->fen_genfcc.fcc_rbase = __pa(cep->rx_bd_base);
arch/ppc/8260_io/fcc_enet.c: cep->tx_bd_base = (cbd_t *)kmalloc(sizeof(cbd_t) * TX_RING_SIZE,
arch/ppc/8260_io/fcc_enet.c- GFP_KERNEL | GFP_DMA);
arch/ppc/8260_io/fcc_enet.c- ep->fen_genfcc.fcc_tbase = __pa(cep->tx_bd_base);
arch/ppc/8260_io/fcc_enet.c-
arch/ppc/8260_io/fcc_enet.c- cep->dirty_tx = cep->cur_tx = cep->tx_bd_base;
arch/ppc/8260_io/fcc_enet.c- cep->cur_rx = cep->rx_bd_base;
--
arch/cris/arch-v32/mm/intmem.c- if (allocation->status = STATUS_FREE &&
arch/cris/arch-v32/mm/intmem.c- allocation->size >= size + alignment) {
arch/cris/arch-v32/mm/intmem.c- if (allocation->size > size + alignment) {
arch/cris/arch-v32/mm/intmem.c- struct intmem_allocation* alloc arch/cris/arch-v32/mm/intmem.c- (struct intmem_allocation*)
arch/cris/arch-v32/mm/intmem.c: kmalloc(sizeof *alloc, GFP_ATOMIC);
arch/cris/arch-v32/mm/intmem.c- alloc->status = STATUS_FREE;
arch/cris/arch-v32/mm/intmem.c- alloc->size = allocation->size - size - alignment;
arch/cris/arch-v32/mm/intmem.c- alloc->offset = allocation->offset + size;
arch/cris/arch-v32/mm/intmem.c- list_add(&alloc->entry, &allocation->entry);
arch/cris/arch-v32/mm/intmem.c-
arch/cris/arch-v32/mm/intmem.c- if (alignment) {
arch/cris/arch-v32/mm/intmem.c- struct intmem_allocation* tmp;
arch/cris/arch-v32/mm/intmem.c- tmp = (struct intmem_allocation*)
arch/cris/arch-v32/mm/intmem.c: kmalloc(sizeof *tmp, GFP_ATOMIC);
arch/cris/arch-v32/mm/intmem.c- tmp->offset = allocation->offset;
arch/cris/arch-v32/mm/intmem.c- tmp->size = alignment;
arch/cris/arch-v32/mm/intmem.c- tmp->status = STATUS_FREE;
arch/cris/arch-v32/mm/intmem.c- allocation->offset += alignment;
arch/cris/arch-v32/mm/intmem.c- list_add_tail(&tmp->entry, &allocation->entry);
--
arch/cris/arch-v32/mm/intmem.c-static void crisv32_intmem_init(void)
arch/cris/arch-v32/mm/intmem.c-{
arch/cris/arch-v32/mm/intmem.c- static int initiated = 0;
arch/cris/arch-v32/mm/intmem.c- if (!initiated) {
arch/cris/arch-v32/mm/intmem.c- struct intmem_allocation* alloc arch/cris/arch-v32/mm/intmem.c: (struct intmem_allocation*)kmalloc(sizeof *alloc, GFP_KERNEL);
arch/cris/arch-v32/mm/intmem.c- INIT_LIST_HEAD(&intmem_allocations);
arch/cris/arch-v32/mm/intmem.c- intmem_virtual = ioremap(MEM_INTMEM_START, MEM_INTMEM_SIZE);
arch/cris/arch-v32/mm/intmem.c- initiated = 1;
arch/cris/arch-v32/mm/intmem.c- alloc->size = MEM_INTMEM_SIZE;
arch/cris/arch-v32/mm/intmem.c- alloc->offset = 0;
--
drivers/net/sb1250-mac.c- /*
drivers/net/sb1250-mac.c- * And context table
drivers/net/sb1250-mac.c- */
drivers/net/sb1250-mac.c-
drivers/net/sb1250-mac.c- d->sbdma_ctxtable = (struct sk_buff **)
drivers/net/sb1250-mac.c: kmalloc(d->sbdma_maxdescr*sizeof(struct sk_buff *), GFP_KERNEL);
drivers/net/sb1250-mac.c-
drivers/net/sb1250-mac.c- memset(d->sbdma_ctxtable,0,d->sbdma_maxdescr*sizeof(struct sk_buff *));
drivers/net/sb1250-mac.c-
drivers/net/sb1250-mac.c-#ifdef CONFIG_SBMAC_COALESCE
drivers/net/sb1250-mac.c- /*
--
drivers/net/sb1250-mac.c- */
drivers/net/sb1250-mac.c-
drivers/net/sb1250-mac.c- d->sbdma_maxdescr = maxdescr;
drivers/net/sb1250-mac.c-
drivers/net/sb1250-mac.c- d->sbdma_dscrtable = (sbdmadscr_t *)
drivers/net/sb1250-mac.c- kmalloc((d->sbdma_maxdescr+1)*sizeof(sbdmadscr_t), GFP_KERNEL);
drivers/net/sb1250-mac.c-
drivers/net/sb1250-mac.c- /*
drivers/net/sb1250-mac.c- * The descriptor table must be aligned to at least 16 bytes or the
drivers/net/sb1250-mac.c- * MAC will corrupt it.
drivers/net/sb1250-mac.c- */
--
drivers/atm/he.c- if (he_dev->rbps_base = NULL) {
drivers/atm/he.c- hprintk("failed to alloc rbps\n");
drivers/atm/he.c- return -ENOMEM;
drivers/atm/he.c- }
drivers/atm/he.c- memset(he_dev->rbps_base, 0, CONFIG_RBPS_SIZE * sizeof(struct he_rbp));
drivers/atm/he.c: he_dev->rbps_virt = kmalloc(CONFIG_RBPS_SIZE * sizeof(struct he_virt), GFP_KERNEL);
drivers/atm/he.c-
drivers/atm/he.c- for (i = 0; i < CONFIG_RBPS_SIZE; ++i) {
drivers/atm/he.c- dma_addr_t dma_handle;
drivers/atm/he.c- void *cpuaddr;
drivers/atm/he.c-
Regards,
Amit
_______________________________________________
Kernel-janitors mailing list
Kernel-janitors@lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/kernel-janitors
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2007-03-19 4:33 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-03-18 23:18 [KJ] [PATCH] [KERNEL] check kmalloc return value + error path leak Amit Choudhary
2007-03-19 4:33 ` Amit Choudhary
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.