* [PATCH 10/14] drivers/ata/libata: Move dereference after NULL test
@ 2009-10-17 6:41 ` Julia Lawall
0 siblings, 0 replies; 4+ messages in thread
From: Julia Lawall @ 2009-10-17 6:41 UTC (permalink / raw)
To: Jeff Garzik, linux-ide, linux-kernel, kernel-janitors
From: Julia Lawall <julia@diku.dk>
In each case, if the NULL test on qc is needed, then the derefernce
should be after the NULL test.
A simplified version of the semantic match that detects this problem is as
follows (http://coccinelle.lip6.fr/):
// <smpl>
@match exists@
expression x, E;
identifier fld;
@@
* x->fld
... when != \(x = E\|&x\)
* x = NULL
// </smpl>
Signed-off-by: Julia Lawall <julia@diku.dk>
---
drivers/ata/libata-core.c | 9 ++++++---
1 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c
index b525a09..d02c95c 100644
--- a/drivers/ata/libata-core.c
+++ b/drivers/ata/libata-core.c
@@ -4919,10 +4919,11 @@ struct ata_queued_cmd *ata_qc_new_init(struct ata_device *dev)
*/
void ata_qc_free(struct ata_queued_cmd *qc)
{
- struct ata_port *ap = qc->ap;
+ struct ata_port *ap;
unsigned int tag;
WARN_ON_ONCE(qc = NULL); /* ata_qc_from_tag _might_ return NULL */
+ ap = qc->ap;
qc->flags = 0;
tag = qc->tag;
@@ -4934,11 +4935,13 @@ void ata_qc_free(struct ata_queued_cmd *qc)
void __ata_qc_complete(struct ata_queued_cmd *qc)
{
- struct ata_port *ap = qc->ap;
- struct ata_link *link = qc->dev->link;
+ struct ata_port *ap;
+ struct ata_link *link;
WARN_ON_ONCE(qc = NULL); /* ata_qc_from_tag _might_ return NULL */
WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE));
+ ap = qc->ap;
+ link = qc->dev->link;
if (likely(qc->flags & ATA_QCFLAG_DMAMAP))
ata_sg_clean(qc);
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 10/14] drivers/ata/libata: Move dereference after NULL test
@ 2009-10-17 6:41 ` Julia Lawall
0 siblings, 0 replies; 4+ messages in thread
From: Julia Lawall @ 2009-10-17 6:41 UTC (permalink / raw)
To: Jeff Garzik, linux-ide, linux-kernel, kernel-janitors
From: Julia Lawall <julia@diku.dk>
In each case, if the NULL test on qc is needed, then the derefernce
should be after the NULL test.
A simplified version of the semantic match that detects this problem is as
follows (http://coccinelle.lip6.fr/):
// <smpl>
@match exists@
expression x, E;
identifier fld;
@@
* x->fld
... when != \(x = E\|&x\)
* x == NULL
// </smpl>
Signed-off-by: Julia Lawall <julia@diku.dk>
---
drivers/ata/libata-core.c | 9 ++++++---
1 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c
index b525a09..d02c95c 100644
--- a/drivers/ata/libata-core.c
+++ b/drivers/ata/libata-core.c
@@ -4919,10 +4919,11 @@ struct ata_queued_cmd *ata_qc_new_init(struct ata_device *dev)
*/
void ata_qc_free(struct ata_queued_cmd *qc)
{
- struct ata_port *ap = qc->ap;
+ struct ata_port *ap;
unsigned int tag;
WARN_ON_ONCE(qc == NULL); /* ata_qc_from_tag _might_ return NULL */
+ ap = qc->ap;
qc->flags = 0;
tag = qc->tag;
@@ -4934,11 +4935,13 @@ void ata_qc_free(struct ata_queued_cmd *qc)
void __ata_qc_complete(struct ata_queued_cmd *qc)
{
- struct ata_port *ap = qc->ap;
- struct ata_link *link = qc->dev->link;
+ struct ata_port *ap;
+ struct ata_link *link;
WARN_ON_ONCE(qc == NULL); /* ata_qc_from_tag _might_ return NULL */
WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE));
+ ap = qc->ap;
+ link = qc->dev->link;
if (likely(qc->flags & ATA_QCFLAG_DMAMAP))
ata_sg_clean(qc);
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH 10/14] drivers/ata/libata: Move dereference after NULL
2009-10-17 6:41 ` Julia Lawall
@ 2009-11-03 21:17 ` Jeff Garzik
-1 siblings, 0 replies; 4+ messages in thread
From: Jeff Garzik @ 2009-11-03 21:17 UTC (permalink / raw)
To: Julia Lawall; +Cc: linux-ide, linux-kernel, kernel-janitors
On 10/17/2009 02:41 AM, Julia Lawall wrote:
> From: Julia Lawall<julia@diku.dk>
>
> In each case, if the NULL test on qc is needed, then the derefernce
> should be after the NULL test.
>
> A simplified version of the semantic match that detects this problem is as
> follows (http://coccinelle.lip6.fr/):
>
> //<smpl>
> @match exists@
> expression x, E;
> identifier fld;
> @@
>
> * x->fld
> ... when != \(x = E\|&x\)
> * x = NULL
> //</smpl>
>
> Signed-off-by: Julia Lawall<julia@diku.dk>
applied
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH 10/14] drivers/ata/libata: Move dereference after NULL test
@ 2009-11-03 21:17 ` Jeff Garzik
0 siblings, 0 replies; 4+ messages in thread
From: Jeff Garzik @ 2009-11-03 21:17 UTC (permalink / raw)
To: Julia Lawall; +Cc: linux-ide, linux-kernel, kernel-janitors
On 10/17/2009 02:41 AM, Julia Lawall wrote:
> From: Julia Lawall<julia@diku.dk>
>
> In each case, if the NULL test on qc is needed, then the derefernce
> should be after the NULL test.
>
> A simplified version of the semantic match that detects this problem is as
> follows (http://coccinelle.lip6.fr/):
>
> //<smpl>
> @match exists@
> expression x, E;
> identifier fld;
> @@
>
> * x->fld
> ... when != \(x = E\|&x\)
> * x == NULL
> //</smpl>
>
> Signed-off-by: Julia Lawall<julia@diku.dk>
applied
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2009-11-03 21:17 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-10-17 6:41 [PATCH 10/14] drivers/ata/libata: Move dereference after NULL test Julia Lawall
2009-10-17 6:41 ` Julia Lawall
2009-11-03 21:17 ` [PATCH 10/14] drivers/ata/libata: Move dereference after NULL Jeff Garzik
2009-11-03 21:17 ` [PATCH 10/14] drivers/ata/libata: Move dereference after NULL test Jeff Garzik
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.