Re: Coccinelle: Checking of_node_put() calls with SmPL

[wen.yang99 at zte.com.cn]

> > we developed a coccinelle script to detect such problems.
> 
> Would you find the implementation of the function “dt_init_idle_driver”
> suspicious according to discussed source code search patterns?
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/cpuidle/dt_idle_states.c?id=e9a83bd2322035ed9d7dcf35753d3f984d76c6a5#n208
> https://elixir.bootlin.com/linux/v5.2/source/drivers/cpuidle/dt_idle_states.c#L208
> 
> 
> > This script is still being improved.
> 
> Will corresponding software development challenges become more interesting?

Hello Markus,
This is the simplified code pattern for it:

172         for (i = 0; ; i++) {
173                 state_node = of_parse_phandle(...);     ---> Obtain here
...
177                 match_id = of_match_node(matches, state_node);
178                 if (!match_id) {
179                         err = -ENODEV;                              
180                         break;                         --->  Jump out of the loop without releasing it
181                 }
182 
183                 if (!of_device_is_available(state_node)) {
184                         of_node_put(state_node);
185                         continue;                    --->  Release the object references within a loop
186                 }
...
208                 of_node_put(state_node);  -->  Release the object references within a loop
209         }
210 
211         of_node_put(state_node);       -->    There may be double free here.

This code pattern is very interesting and the coccinelle software should also recognize this pattern.

Regards,
Wen