As you can see that there were a lot of TODOs for 3.x versions. I have written a blog post on why using freed memory is a bug?
What is kfree?
I have explained it all here.
What did I find?
From so many TODOs I checked, I would say most were FPs for this case.
There were a lot of cases where a call to goto was being done immediately after kfree which doesn’t allow the statement (to fetch the variable after freeing) to execute, but Coccinelle script was not recognizing it.
There were many cases where a immediate return is being done after kfree, and not executing the statement where variable is accessed after kfree.
There were some cases where a check on the variable just freed (inside if) is being done and hence avoiding a buggy situation.
I have found some bugs also and I’ll be sending some patches to fix them for the current Linux Kernel, once I’m done with reading the reports.