uninitialized pointers with __free attribute can cause undefined behavior as the memory randomly assigned to the pointer is freed automatically when the pointer goes out of scope. add check in checkpatch to detect such issues.
Suggested-by: Dan Carpenter <[email protected]> Link: https://lore.kernel.org/all/[email protected]/ Link: https://lore.kernel.org/all/58fd478f408a34b578ee8d949c5c4b4da4d4f41d.ca...@hansenpartnership.com/ Acked-by: Dan Williams <[email protected]> Signed-off-by: Ally Heev <[email protected]> --- Testing: ran checkpatch.pl before and after the change on crypto/asymmetric_keys/x509_public_key.c, which has both initialized with NULL and uninitialized pointers --- Changes in v5: - fixed checkpatch doc - Link to v4: https://lore.kernel.org/r/20251107-aheev-checkpatch-uninitialized-free-v4-1-4822a6ac7...@gmail.com Changes in v4: - fixed UNINITIALIZED_PTR_WITH_FREE description - Link to v3: https://lore.kernel.org/r/20251025-aheev-checkpatch-uninitialized-free-v3-1-a67f72b1c...@gmail.com Changes in v3: - remove $FreeAttribute - Link to v2: https://lore.kernel.org/r/20251024-aheev-checkpatch-uninitialized-free-v2-0-16c0900e8...@gmail.com Changes in v2: - change cover letter and title to reflect new changes - fix regex to handle multiple declarations in a single line case - convert WARN to ERROR for uninitialized pointers - add a new WARN for pointers initialized with NULL - NOTE: tried handling multiple declarations on a single line by splitting them and matching the parts with regex, but, it turned out to be complex and overkill. Moreover, multi-line declarations pose a threat - Link to v1: https://lore.kernel.org/r/20251021-aheev-checkpatch-uninitialized-free-v1-1-18fb01bc6...@gmail.com --- Documentation/dev-tools/checkpatch.rst | 20 ++++++++++++++++++++ scripts/checkpatch.pl | 6 ++++++ 2 files changed, 26 insertions(+) diff --git a/Documentation/dev-tools/checkpatch.rst b/Documentation/dev-tools/checkpatch.rst index d5c47e560324fb2399a5b1bc99c891ed1de10535..865aaaf6dc51b1c3f763b3cbb8713da3d00db960 100644 --- a/Documentation/dev-tools/checkpatch.rst +++ b/Documentation/dev-tools/checkpatch.rst @@ -1009,6 +1009,26 @@ Functions and Variables return bar; + **UNINITIALIZED_PTR_WITH_FREE** + Pointers with __free attribute should be defined and assigned in one + statement. In this case declarations at the top of the function rule + can be relaxed. Not doing so may lead to undefined behavior as the + memory assigned (garbage, in case not initialized) to the pointer is + freed automatically when the pointer goes out of scope. + + See: https://lore.kernel.org/lkml/58fd478f408a34b578ee8d949c5c4b4da4d4f41d.ca...@hansenpartnership.com/ + + Example:: + + type var __free(free_func); + ... // function might have returned here + var = malloc(var_size); + + should be initialized as:: + + type var __free(free_func) = malloc(var_size); + ... // return here would just free allocated memory + Permissions ----------- diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl index 92669904eecc7a8d2afd3f2625528e02b6d17cd6..e697d81d71c0b3628f7b59807e8bc40d582621bb 100755 --- a/scripts/checkpatch.pl +++ b/scripts/checkpatch.pl @@ -7721,6 +7721,12 @@ sub process { ERROR("MISSING_SENTINEL", "missing sentinel in ID array\n" . "$here\n$stat\n"); } } + +# check for uninitialized pointers with __free attribute + while ($line =~ /\*\s*($Ident)\s+__free\s*\(\s*$Ident\s*\)\s*[,;]/g) { + ERROR("UNINITIALIZED_PTR_WITH_FREE", + "pointer '$1' with __free attribute should be initialized\n" . $herecurr); + } } # If we have no input at all, then there is nothing to report on --- base-commit: 6548d364a3e850326831799d7e3ea2d7bb97ba08 change-id: 20251021-aheev-checkpatch-uninitialized-free-5c39f75e10a1 Best regards, -- Ally Heev <[email protected]>
