On Tue, 16 Feb 2016, Yann Droneaud wrote:
> krealloc() must not be used against devm_*() allocated > memory regions: > > - if a bigger memory is to be allocated, krealloc() and > __krealloc() could return a different pointer than the > one given to them, creating a memory region which is not > managed, thus it will not be automatically released on > device removal. > > - if a bigger memory is to be allocated, krealloc() could > kfree() the managed memory region which is passed to it. > The old pointer is left registered as a resource for the > device. On device removal, this dangling pointer will be > used and an unrelated memory region could be released. > > - if the requested size is equal to 0, krealloc() can also > just behave like kfree(). Here too, the old pointer is > kept associated with the device. On device removal, this > invalid pointer will be used and an unrelated memory > region could be released. > > For all these reasons, krealloc() must not be used on a > pointer returned by devm_*() functions. > > Cc: Tejun Heo <[email protected]> > Cc: Pekka Enberg <[email protected]> > Signed-off-by: Yann Droneaud <[email protected]> Acked-by: Julia Lawall <[email protected]> > --- > scripts/coccinelle/free/devm_free.cocci | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/scripts/coccinelle/free/devm_free.cocci > b/scripts/coccinelle/free/devm_free.cocci > index 3794cd97494b..c990d2c7ee16 100644 > --- a/scripts/coccinelle/free/devm_free.cocci > +++ b/scripts/coccinelle/free/devm_free.cocci > @@ -66,6 +66,10 @@ position p; > | > * kzfree@p(x) > | > +* __krealloc@p(x, ...) > +| > +* krealloc@p(x, ...) > +| > * free_pages@p(x, ...) > | > * free_page@p(x) > -- > 2.5.0 > >
