In this code, blkvsc_req is allocated in the cache blkdev->request_pool,
but freed in the first case to the cache blkvsc_req->dev->request_pool.
blkvsc_req->dev is subsequently initialized to blkdev, making these the
same at the second call to kmem_cache_free. But at the point of the first
call, blkvsc_req->dev is NULL. The second call is changed too, for
uniformity.
The semantic patch that fixes this problem is as follows:
(http://coccinelle.lip6.fr/)
// <smpl>
@@
expression x,e,e1,e2,e3;
@@
x = \(kmem_cache_alloc\|kmem_cache_zalloc\)(e1,e2)
... when != x = e
(
kmem_cache_free(e1,x);
|
?-kmem_cache_free(e3,x);
+kmem_cache_free(e1,x);
)
// </smpl>
Signed-off-by: Julia Lawall <julia@diku.dk>
Cc: KY Srinivasan <kys@microsoft.com>
Cc: Hank Janssen <hjanssen@microsoft.com>
Cc: Haiyang Zhang <haiyangz@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
fe3e593601