> > we developed a coccinelle script to detect such problems.
>
> Would you find the implementation of the function “dt_init_idle_driver”
> suspicious according to discussed source code search patterns?
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/cpuidle/dt_idle_states.c?id=e9a83bd2322035ed9d7dcf35753d3f984d76c6a5#n208
> https://elixir.bootlin.com/linux/v5.2/source/drivers/cpuidle/dt_idle_states.c#L208
>
>
> > This script is still being improved.
>
> Will corresponding software development challenges become more interesting?
Hello Markus,
This is the simplified code pattern for it:
172 for (i = 0; ; i++) {
173 state_node = of_parse_phandle(...); ---> Obtain here
...
177 match_id = of_match_node(matches, state_node);
178 if (!match_id) {
179 err = -ENODEV;
180 break; ---> Jump out of
the loop without releasing it
181 }
182
183 if (!of_device_is_available(state_node)) {
184 of_node_put(state_node);
185 continue; ---> Release the
object references within a loop
186 }
...
208 of_node_put(state_node); --> Release the object
references within a loop
209 }
210
211 of_node_put(state_node); --> There may be double free here.
This code pattern is very interesting and the coccinelle software should also
recognize this pattern.
Regards,
Wen
