Faults in Linux Kernel 3.x : Wrong use of krealloc

As part of my work, I need to annotate  the reports generated using Coccinelle Scripts as bugs/FPs for recent Linux Kernels, recent as in versions > 3.0 till the current one 3.18.

As I’m reading the reports (newer ones), so today I completed Linux_realloc.new.org.

This org file had a good number of todos. This org file has reports related to buggy or wrong use of krealloc.

What is krealloc?

krealloc – reallocate memory. The contents will remain unchanged. As the comment says

* @p: object to reallocate memory for.
* @new_size: how many bytes of memory are required.
* @flags: the type of memory to allocate.
* The contents of the object pointed to are preserved up to the
* lesser of the new and old sizes. If @p is %NULL, krealloc()
* behaves exactly like kmalloc(). If @size is 0 and @p is not a
* %NULL pointer, the object pointed to is freed.

Some more on this.


What did I found?

Most bugs were when foo = krealloc(foo, ..) is used. krealloc should use a temporary pointer for allocations and check the temporary pointer returned against NULL too. If krealloc() returns NULL, it doesn’t free the original. So any code of the form ‘foo = krealloc(foo, …);’ is almost certainly a bug, provided there is nothing where memory pointed by foo is stored.

There were some FPs too, where there was a variable where memory pointed by foo is already saved and later can be used with kfree.

Patches are lined for this case too as there were some bugs of this kind present in current Linux Kernel.



#bug, #coccinelle, #coccinelle-scripts, #faults, #krealloc, #linux-kernel, #linux-kernels