Commit da9cfb87 authored Feb 15, 2019 by Wen Yang Committed by Masahiro Yamada Mar 17, 2019

coccinelle: semantic code search for missing put_device()



The of_find_device_by_node() takes a reference to the underlying device
structure, we should release that reference.
The implementation of this semantic code search is:
In a function, for a local variable returned by calling
of_find_device_by_node(),
a, if it is released by a function such as
   put_device()/of_dev_put()/platform_device_put() after the last use,
   it is considered that there is no reference leak;
b, if it is passed back to the caller via
   dev_get_drvdata()/platform_get_drvdata()/get_device(), etc., the
   reference will be released in other functions, and the current function
   also considers that there is no reference leak;
c, for the rest of the situation, the current function should release the
   reference by calling put_device, this code search will report the
   corresponding error message.

By using this semantic code search, we have found some object reference leaks,
such as:
commit 11907e9d ("ASoC: fsl-asoc-card: fix object reference leaks in
fsl_asoc_card_probe")
commit a12085d1 ("mtd: rawnand: atmel: fix possible object reference leak")
commit 11493f26 ("mtd: rawnand: jz4780: fix possible object reference leak")

There are still dozens of reference leaks in the current kernel code.

Further, for the case of b, the object returned to other functions may also
have a reference leak, we will continue to develop other cocci scripts to
further check the reference leak.

Signed-off-by: Wen Yang <wen.yang99@zte.com.cn>
Reviewed-by: Julia Lawall <Julia.Lawall@lip6.fr>
Reviewed-by: Markus Elfring <Markus.Elfring@web.de>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

parent 6fb7ef5a

scripts/coccinelle/free/put_device.cocci

0 → 100644

+56 −0

Original line number	Diff line number	Diff line
		// SPDX-License-Identifier: GPL-2.0
		/// Find missing put_device for every of_find_device_by_node.
		///
		// Confidence: Moderate
		// Copyright: (C) 2018-2019 Wen Yang, ZTE.
		// Comments:
		// Options: --no-includes --include-headers

		virtual report
		virtual org

		@search exists@
		local idexpression id;
		expression x,e,e1;
		position p1,p2;
		type T,T1,T2,T3;
		@@

		id = of_find_device_by_node@p1(x)
		... when != e = id
		if (id == NULL \|\| ...) { ... return ...; }
		... when != put_device(&id->dev)
		when != platform_device_put(id)
		when != of_dev_put(id)
		when != if (id) { ... put_device(&id->dev) ... }
		when != e1 = (T)id
		when != e1 = &id->dev
		when != e1 = get_device(&id->dev)
		when != e1 = (T1)platform_get_drvdata(id)
		(
		return
		( id
		\| (T2)dev_get_drvdata(&id->dev)
		\| (T3)platform_get_drvdata(id)
		);
		\| return@p2 ...;
		)

		@script:python depends on report@
		p1 << search.p1;
		p2 << search.p2;
		@@

		coccilib.report.print_report(p2[0], "ERROR: missing put_device; "
		+ "call of_find_device_by_node on line "
		+ p1[0].line
		+ ", but without a corresponding object release "
		+ "within this function.")

		@script:python depends on org@
		p1 << search.p1;
		p2 << search.p2;
		@@

		cocci.print_main("of_find_device_by_node", p1)
		cocci.print_secs("needed put_device", p2)

Admin message