checkpatch: add uninitialized pointer with __free attribute check

Uinitialized pointers with __free attribute can cause undefined behavior
as the memory randomly assigned to the pointer is freed automatically when
the pointer goes out of scope.  add check in checkpatch to detect such
issues.

Link: https://lkml.kernel.org/r/20251203-aheev-checkpatch-uninitialized-free-v7-1-841e3b31d8f3@gmail.com
Signed-off-by: Ally Heev <allyheev@gmail.com>
Suggested-by: Dan Carpenter <dan.carpenter@linaro.org>
Link: https://lore.kernel.org/all/8a4c0b43-cf63-400d-b33d-d9c447b7e0b9@suswa.mountain/
Link: https://lore.kernel.org/all/58fd478f408a34b578ee8d949c5c4b4da4d4f41d.camel@HansenPartnership.com/
Acked-by: Dan Williams <dan.j.williams@intel.com>
Reviewed-by: Krzysztof Kozlowski <krzk@kernel.org>
Acked-by: Joe Perches <joe@perches.com>
Cc: Andy Whitcroft <apw@canonical.com>
Cc: David Hunter <david.hunter.linux@gmail.com>
Cc: Dwaipayan Ray <dwaipayanray1@gmail.com>
Cc: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: James Bottomley <james.bottomley@HansenPartnership.com>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Lukas Bulwahn <lukas.bulwahn@gmail.com>
Cc: Menon, Nishanth <nm@ti.com>
Cc: Stephen Boyd <sboyd@kernel.org>
Cc: Viresh Kumar <vireshk@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

diff --git a/Documentation/dev-tools/checkpatch.rst b/Documentation/dev-tools/checkpatch.rst
index 4dccd1036870929b9676a7739cac06d9a8bc7bbf..84ccb52e120bbb0fcba5498efe1fe575c7a7b438 100644 (file)
--- a/Documentation/dev-tools/checkpatch.rst
+++ b/Documentation/dev-tools/checkpatch.rst
@@ -1009,6 +1009,29 @@ Functions and Variables
 
       return bar;
 
+  **UNINITIALIZED_PTR_WITH_FREE**
+    Pointers with __free attribute should be declared at the place of use
+    and initialized (see include/linux/cleanup.h). In this case
+    declarations at the top of the function rule can be relaxed. Not doing
+    so may lead to undefined behavior as the memory assigned (garbage,
+    in case not initialized) to the pointer is freed automatically when
+    the pointer goes out of scope.
+
+    Also see: https://lore.kernel.org/lkml/58fd478f408a34b578ee8d949c5c4b4da4d4f41d.camel@HansenPartnership.com/
+
+    Example::
+
+      type var __free(free_func);
+      ... // var not used, but, in future someone might add a return here
+      var = malloc(var_size);
+      ...
+
+    should be initialized as::
+
+      ...
+      type var __free(free_func) = malloc(var_size);
+      ...
+
 
 Permissions
 -----------

diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
index d58ca9655ab7e6366536b4fd5620e4d4fd72046c..c0250244cf7a3cb5e289b04fa4a9f644692dc278 100755 (executable)
--- a/scripts/checkpatch.pl
+++ b/scripts/checkpatch.pl
@@ -7732,6 +7732,12 @@ sub process {
                                ERROR("MISSING_SENTINEL", "missing sentinel in ID array\n" . "$here\n$stat\n");
                        }
                }
+
+# check for uninitialized pointers with __free attribute
+               while ($line =~ /\*\s*($Ident)\s+__free\s*\(\s*$Ident\s*\)\s*[,;]/g) {
+                       ERROR("UNINITIALIZED_PTR_WITH_FREE",
+                             "pointer '$1' with __free attribute should be initialized\n" . $herecurr);
+               }
        }
 
        # If we have no input at all, then there is nothing to report on