Coccinelle: Checking of_node_put() calls with SmPL

Markus Elfring Markus.Elfring at
Thu Jul 11 19:04:13 AEST 2019

> 180                         break;                         --->  Jump out of the loop without releasing it

The device node reference is released behind this for loop.

> 183                 if (!of_device_is_available(state_node)) {
> 184                         of_node_put(state_node);

This function call was added by the commit “cpuidle: dt: Add missing 'of_node_put()'”
on 2017-06-12.

> 185                         continue;                    --->  Release the object references within a loop

I became curious on the applicability of an other coding style
(for a software refactoring) at this place.
How do you think about to achieve the same effect by using a goto statement
instead of two statements in such an if branch?

> 208                 of_node_put(state_node);  -->  Release the object references within a loop
> 209         }
> 210
> 211         of_node_put(state_node);       -->    There may be double free here.

This information points a recurring challenge out for safe source code analysis.
How would you like to exclude the detection of false positives finally?

> This code pattern is very interesting

Thanks that you think also in this direction.

> and the coccinelle software should also recognize this pattern.

There are some open issues to consider for available analysis tools.
How will corresponding details be clarified then?


More information about the Linuxppc-dev mailing list