On Wed, 2025-12-03 at 20:58 +0530, Ally Heev wrote: > uninitialized pointers with __free attribute can cause undefined > behavior as the memory randomly assigned to the pointer is freed > automatically when the pointer goes out of scope. > add check in checkpatch to detect such issues. > > Suggested-by: Dan Carpenter <[email protected]> > Link: > https://lore.kernel.org/all/[email protected]/ > Link: > https://lore.kernel.org/all/58fd478f408a34b578ee8d949c5c4b4da4d4f41d.ca...@hansenpartnership.com/ > Acked-by: Dan Williams <[email protected]> > Reviewed-by: Krzysztof Kozlowski <[email protected]> > Signed-off-by: Ally Heev <[email protected]>
Acked-by: Joe Perches <[email protected]> > --- > Testing: > ran checkpatch.pl before and after the change on > crypto/asymmetric_keys/x509_public_key.c, which has > both initialized with NULL and uninitialized pointers > --- > Changes in v7: > - RESEND. Also, added Reviewed-by trailer > - Link to v6: > https://lore.kernel.org/r/20251125-aheev-checkpatch-uninitialized-free-v6-1-2f3a1d78f...@gmail.com > > Changes in v6: > - added declaration at the place of use suggestion > - Link to v5: > https://lore.kernel.org/r/20251124-aheev-checkpatch-uninitialized-free-v5-1-0c523b1a3...@gmail.com > > Changes in v5: > - fixed checkpatch doc > - Link to v4: > https://lore.kernel.org/r/20251107-aheev-checkpatch-uninitialized-free-v4-1-4822a6ac7...@gmail.com > > Changes in v4: > - fixed UNINITIALIZED_PTR_WITH_FREE description > - Link to v3: > https://lore.kernel.org/r/20251025-aheev-checkpatch-uninitialized-free-v3-1-a67f72b1c...@gmail.com > > Changes in v3: > - remove $FreeAttribute > - Link to v2: > https://lore.kernel.org/r/20251024-aheev-checkpatch-uninitialized-free-v2-0-16c0900e8...@gmail.com > > Changes in v2: > - change cover letter and title to reflect new changes > - fix regex to handle multiple declarations in a single line case > - convert WARN to ERROR for uninitialized pointers > - add a new WARN for pointers initialized with NULL > - NOTE: tried handling multiple declarations on a single line by splitting > them and matching the parts with regex, but, it turned out to be > complex and overkill. Moreover, multi-line declarations pose a threat > - Link to v1: > https://lore.kernel.org/r/20251021-aheev-checkpatch-uninitialized-free-v1-1-18fb01bc6...@gmail.com > --- > Documentation/dev-tools/checkpatch.rst | 23 +++++++++++++++++++++++ > scripts/checkpatch.pl | 6 ++++++ > 2 files changed, 29 insertions(+) > > diff --git a/Documentation/dev-tools/checkpatch.rst > b/Documentation/dev-tools/checkpatch.rst > index > d5c47e560324fb2399a5b1bc99c891ed1de10535..b6e02fb91e85710fecfc0a5e5c83a8e7f32d1d3c > 100644 > --- a/Documentation/dev-tools/checkpatch.rst > +++ b/Documentation/dev-tools/checkpatch.rst > @@ -1009,6 +1009,29 @@ Functions and Variables > > return bar; > > + **UNINITIALIZED_PTR_WITH_FREE** > + Pointers with __free attribute should be declared at the place of use > + and initialized (see include/linux/cleanup.h). In this case > + declarations at the top of the function rule can be relaxed. Not doing > + so may lead to undefined behavior as the memory assigned (garbage, > + in case not initialized) to the pointer is freed automatically when > + the pointer goes out of scope. > + > + Also see: > https://lore.kernel.org/lkml/58fd478f408a34b578ee8d949c5c4b4da4d4f41d.ca...@hansenpartnership.com/ > + > + Example:: > + > + type var __free(free_func); > + ... // var not used, but, in future someone might add a return here > + var = malloc(var_size); > + ... > + > + should be initialized as:: > + > + ... > + type var __free(free_func) = malloc(var_size); > + ... > + > > Permissions > ----------- > diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl > index > 92669904eecc7a8d2afd3f2625528e02b6d17cd6..e697d81d71c0b3628f7b59807e8bc40d582621bb > 100755 > --- a/scripts/checkpatch.pl > +++ b/scripts/checkpatch.pl > @@ -7721,6 +7721,12 @@ sub process { > ERROR("MISSING_SENTINEL", "missing sentinel in > ID array\n" . "$here\n$stat\n"); > } > } > + > +# check for uninitialized pointers with __free attribute > + while ($line =~ > /\*\s*($Ident)\s+__free\s*\(\s*$Ident\s*\)\s*[,;]/g) { > + ERROR("UNINITIALIZED_PTR_WITH_FREE", > + "pointer '$1' with __free attribute should be > initialized\n" . $herecurr); > + } > } > > # If we have no input at all, then there is nothing to report on > > --- > base-commit: 6548d364a3e850326831799d7e3ea2d7bb97ba08 > change-id: 20251021-aheev-checkpatch-uninitialized-free-5c39f75e10a1 > > Best regards,
