On Wed, Nov 25, 2020 at 11:46:29AM +0100, Pavel Machek wrote: > Hi! > > > > > > I have been trying to teach Smatch to understand reference counting so > > > > > it can discover these kinds of bugs automatically. > > > > > > > > > > I don't know how software_node_get_next_child() can work when it doesn't > > > > > call kobject_get(). This sort of bug would have been caught in testing > > > > > because it affects the success path so I must be reading the code wrong. > > > > > > > > > > > > > I had the same reading of the code and thought that I was missing something > > > > somewhere. > > > > > > > > There is the same question about 'acpi_get_next_subnode' which is also a > > > > '.get_next_child_node' function, without any ref counting, if I'm correct. > > > > > > > > > > Yeah, but there aren't any ->get/put() ops for the acpi_get_next_subnode() > > > stuff so it's not a problem. (Presumably there is some other sort of > > > refcounting policy there). > > > > OK, so I guess we need to make software_node_get_next_child() > > mimic the behaviour of of_get_next_available_child(), and not > > acpi_get_next_subnode(). Does the attached patch work? > > Does not sound unreasonable. Did it get solved, somehow? Has anybody tested my patch? thanks, -- heikki
