Coccinelle: Checking of_node_put() calls with SmPL
Markus Elfring
Markus.Elfring at web.de
Thu Jul 11 19:04:13 AEST 2019
> 180 break; ---> Jump out of the loop without releasing it
The device node reference is released behind this for loop.
> 183 if (!of_device_is_available(state_node)) {
> 184 of_node_put(state_node);
This function call was added by the commit “cpuidle: dt: Add missing 'of_node_put()'”
on 2017-06-12.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/drivers/cpuidle/dt_idle_states.c?id=b2cdd8e1b54849477a32d820acc2e87828a38f3d
> 185 continue; ---> Release the object references within a loop
I became curious on the applicability of an other coding style
(for a software refactoring) at this place.
How do you think about to achieve the same effect by using a goto statement
instead of two statements in such an if branch?
> 208 of_node_put(state_node); --> Release the object references within a loop
> 209 }
> 210
> 211 of_node_put(state_node); --> There may be double free here.
This information points a recurring challenge out for safe source code analysis.
How would you like to exclude the detection of false positives finally?
> This code pattern is very interesting
Thanks that you think also in this direction.
> and the coccinelle software should also recognize this pattern.
There are some open issues to consider for available analysis tools.
How will corresponding details be clarified then?
Regards,
Markus
More information about the Linuxppc-dev
mailing list