On 07/10/2019 11:35 PM, wen.yang99@xxxxxxxxxx wrote: >>> we developed a coccinelle script to detect such problems. >> >> Would you find the implementation of the function “dt_init_idle_driver” >> suspicious according to discussed source code search patterns? >> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/cpuidle/dt_idle_states.c?id=e9a83bd2322035ed9d7dcf35753d3f984d76c6a5#n208 >> https://elixir.bootlin.com/linux/v5.2/source/drivers/cpuidle/dt_idle_states.c#L208 >> >> >>> This script is still being improved. >> >> Will corresponding software development challenges become more interesting? > > Hello Markus, > This is the simplified code pattern for it: > > 172 for (i = 0; ; i++) { This loop can only be exited on a break. > 173 state_node = of_parse_phandle(...); ---> Obtain here > ... > 177 match_id = of_match_node(matches, state_node); > 178 if (!match_id) { > 179 err = -ENODEV; > 180 break; ---> Jump out of the loop without releasing it > 181 } > 182 > 183 if (!of_device_is_available(state_node)) { > 184 of_node_put(state_node); > 185 continue; ---> Release the object references within a loop > 186 } > ... > 208 of_node_put(state_node); --> Release the object references within a loop This is required at the end of every loop or continue to free the reference. Only a break will exit the loop where we hit the below of_node_put(). > 209 } > 210 > 211 of_node_put(state_node); --> There may be double free here. None of the break conditions call of_node_put(), so it needs to be called here. -Tyrel > > This code pattern is very interesting and the coccinelle software should also recognize this pattern. > > Regards, > Wen >
