* [PATCH 0/5] Remove potential NULL dereference
@ 2012-08-14 15:49 Julia Lawall
2012-08-14 15:49 ` [PATCH 1/5] drivers/block/swim3.c: " Julia Lawall
` (4 more replies)
0 siblings, 5 replies; 12+ messages in thread
From: Julia Lawall @ 2012-08-14 15:49 UTC (permalink / raw)
To: linux-kernel; +Cc: kernel-janitors
These patches find a case where there is a dereference before a NULL test
and either move the dereference after the NULL test, or eliminate the NULL
test if it seems unnnecessary.
^ permalink raw reply [flat|nested] 12+ messages in thread* [PATCH 1/5] drivers/block/swim3.c: Remove potential NULL dereference 2012-08-14 15:49 [PATCH 0/5] Remove potential NULL dereference Julia Lawall @ 2012-08-14 15:49 ` Julia Lawall 2012-08-14 15:49 ` [PATCH 2/5] drivers/scsi/bnx2fc/bnx2fc_io.c: " Julia Lawall ` (3 subsequent siblings) 4 siblings, 0 replies; 12+ messages in thread From: Julia Lawall @ 2012-08-14 15:49 UTC (permalink / raw) To: linux-kernel; +Cc: kernel-janitors From: Julia Lawall <Julia.Lawall@lip6.fr> If the NULL test is necessary, the initialization involving a dereference of the tested value should be moved after the NULL test. The sematic patch that fixes this problem is as follows: (http://coccinelle.lip6.fr/) // <smpl> @@ type T; expression E; identifier i,fld; statement S; @@ - T i = E->fld; + T i; ... when != E when != i if (E = NULL) S + i = E->fld; // </smpl> Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr> --- drivers/block/swim3.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/block/swim3.c b/drivers/block/swim3.c index 89ddab1..ffecfef 100644 --- a/drivers/block/swim3.c +++ b/drivers/block/swim3.c @@ -1090,10 +1090,11 @@ static const struct block_device_operations floppy_fops = { static void swim3_mb_event(struct macio_dev* mdev, int mb_state) { struct floppy_state *fs = macio_get_drvdata(mdev); - struct swim3 __iomem *sw = fs->swim3; + struct swim3 __iomem *sw; if (!fs) return; + sw = fs->swim3; if (mb_state != MB_FD) return; ^ permalink raw reply related [flat|nested] 12+ messages in thread
* [PATCH 2/5] drivers/scsi/bnx2fc/bnx2fc_io.c: Remove potential NULL dereference 2012-08-14 15:49 [PATCH 0/5] Remove potential NULL dereference Julia Lawall 2012-08-14 15:49 ` [PATCH 1/5] drivers/block/swim3.c: " Julia Lawall @ 2012-08-14 15:49 ` Julia Lawall 2012-08-15 14:33 ` walter harms ` (4 more replies) 2012-08-14 15:49 ` [PATCH 3/5] drivers/media/video/{s2255drv.c,tm6000/tm6000-alsa.c,tm6000/tm6000-input.c}: Remove pote Julia Lawall ` (2 subsequent siblings) 4 siblings, 5 replies; 12+ messages in thread From: Julia Lawall @ 2012-08-14 15:49 UTC (permalink / raw) To: Bhanu Prakash Gollapudi Cc: kernel-janitors, James E.J. Bottomley, linux-scsi, linux-kernel From: Julia Lawall <Julia.Lawall@lip6.fr> If the NULL test is necessary, the initialization involving a dereference of the tested value should be moved after the NULL test. The sematic patch that fixes this problem is as follows: (http://coccinelle.lip6.fr/) // <smpl> @@ type T; expression E; identifier i,fld; statement S; @@ - T i = E->fld; + T i; ... when != E when != i if (E = NULL) S + i = E->fld; // </smpl> Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr> --- drivers/scsi/bnx2fc/bnx2fc_io.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/scsi/bnx2fc/bnx2fc_io.c b/drivers/scsi/bnx2fc/bnx2fc_io.c index 73f231c..1dd82db 100644 --- a/drivers/scsi/bnx2fc/bnx2fc_io.c +++ b/drivers/scsi/bnx2fc/bnx2fc_io.c @@ -686,7 +686,7 @@ static int bnx2fc_initiate_tmf(struct scsi_cmnd *sc_cmd, u8 tm_flags) { struct fc_lport *lport; struct fc_rport *rport = starget_to_rport(scsi_target(sc_cmd->device)); - struct fc_rport_libfc_priv *rp = rport->dd_data; + struct fc_rport_libfc_priv *rp; struct fcoe_port *port; struct bnx2fc_interface *interface; struct bnx2fc_rport *tgt; @@ -712,6 +712,7 @@ static int bnx2fc_initiate_tmf(struct scsi_cmnd *sc_cmd, u8 tm_flags) rc = FAILED; goto tmf_err; } + rp = rport->dd_data; rc = fc_block_scsi_eh(sc_cmd); if (rc) ^ permalink raw reply related [flat|nested] 12+ messages in thread
* Re: [PATCH 2/5] drivers/scsi/bnx2fc/bnx2fc_io.c: Remove potential NULL dereference 2012-08-14 15:49 ` [PATCH 2/5] drivers/scsi/bnx2fc/bnx2fc_io.c: " Julia Lawall @ 2012-08-15 14:33 ` walter harms 2012-08-15 14:43 ` Julia Lawall ` (3 subsequent siblings) 4 siblings, 0 replies; 12+ messages in thread From: walter harms @ 2012-08-15 14:33 UTC (permalink / raw) To: kernel-janitors Am 14.08.2012 17:49, schrieb Julia Lawall: > From: Julia Lawall <Julia.Lawall@lip6.fr> > > If the NULL test is necessary, the initialization involving a dereference of > the tested value should be moved after the NULL test. > > The sematic patch that fixes this problem is as follows: > (http://coccinelle.lip6.fr/) > > // <smpl> > @@ > type T; > expression E; > identifier i,fld; > statement S; > @@ > > - T i = E->fld; > + T i; > ... when != E > when != i > if (E = NULL) S > + i = E->fld; > // </smpl> > > Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr> > > --- > drivers/scsi/bnx2fc/bnx2fc_io.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/drivers/scsi/bnx2fc/bnx2fc_io.c b/drivers/scsi/bnx2fc/bnx2fc_io.c > index 73f231c..1dd82db 100644 > --- a/drivers/scsi/bnx2fc/bnx2fc_io.c > +++ b/drivers/scsi/bnx2fc/bnx2fc_io.c > @@ -686,7 +686,7 @@ static int bnx2fc_initiate_tmf(struct scsi_cmnd *sc_cmd, u8 tm_flags) > { > struct fc_lport *lport; > struct fc_rport *rport = starget_to_rport(scsi_target(sc_cmd->device)); > - struct fc_rport_libfc_priv *rp = rport->dd_data; > + struct fc_rport_libfc_priv *rp; > struct fcoe_port *port; > struct bnx2fc_interface *interface; > struct bnx2fc_rport *tgt; just to make me happy, could you move the rport = starget_to_rport(scsi_target(sc_cmd->device)); a bit down ? Just to impove readability. re, wh > @@ -712,6 +712,7 @@ static int bnx2fc_initiate_tmf(struct scsi_cmnd *sc_cmd, u8 tm_flags) > rc = FAILED; > goto tmf_err; > } > + rp = rport->dd_data; > > rc = fc_block_scsi_eh(sc_cmd); > if (rc) > > -- > To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > > ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH 2/5] drivers/scsi/bnx2fc/bnx2fc_io.c: Remove potential NULL dereference 2012-08-14 15:49 ` [PATCH 2/5] drivers/scsi/bnx2fc/bnx2fc_io.c: " Julia Lawall 2012-08-15 14:33 ` walter harms @ 2012-08-15 14:43 ` Julia Lawall 2012-08-15 14:53 ` Julia Lawall ` (2 subsequent siblings) 4 siblings, 0 replies; 12+ messages in thread From: Julia Lawall @ 2012-08-15 14:43 UTC (permalink / raw) To: kernel-janitors On Wed, 15 Aug 2012, walter harms wrote: > > > Am 14.08.2012 17:49, schrieb Julia Lawall: >> From: Julia Lawall <Julia.Lawall@lip6.fr> >> >> If the NULL test is necessary, the initialization involving a dereference of >> the tested value should be moved after the NULL test. >> >> The sematic patch that fixes this problem is as follows: >> (http://coccinelle.lip6.fr/) >> >> // <smpl> >> @@ >> type T; >> expression E; >> identifier i,fld; >> statement S; >> @@ >> >> - T i = E->fld; >> + T i; >> ... when != E >> when != i >> if (E = NULL) S >> + i = E->fld; >> // </smpl> >> >> Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr> >> >> --- >> drivers/scsi/bnx2fc/bnx2fc_io.c | 3 ++- >> 1 file changed, 2 insertions(+), 1 deletion(-) >> >> diff --git a/drivers/scsi/bnx2fc/bnx2fc_io.c b/drivers/scsi/bnx2fc/bnx2fc_io.c >> index 73f231c..1dd82db 100644 >> --- a/drivers/scsi/bnx2fc/bnx2fc_io.c >> +++ b/drivers/scsi/bnx2fc/bnx2fc_io.c >> @@ -686,7 +686,7 @@ static int bnx2fc_initiate_tmf(struct scsi_cmnd *sc_cmd, u8 tm_flags) >> { >> struct fc_lport *lport; >> struct fc_rport *rport = starget_to_rport(scsi_target(sc_cmd->device)); >> - struct fc_rport_libfc_priv *rp = rport->dd_data; >> + struct fc_rport_libfc_priv *rp; >> struct fcoe_port *port; >> struct bnx2fc_interface *interface; >> struct bnx2fc_rport *tgt; > > > just to make me happy, could you move the > rport = starget_to_rport(scsi_target(sc_cmd->device)); > a bit down ? Just to impove readability. Indeed, that would look nicer. Thanks. julia > > re, > wh > >> @@ -712,6 +712,7 @@ static int bnx2fc_initiate_tmf(struct scsi_cmnd *sc_cmd, u8 tm_flags) >> rc = FAILED; >> goto tmf_err; >> } >> + rp = rport->dd_data; >> >> rc = fc_block_scsi_eh(sc_cmd); >> if (rc) >> >> -- >> To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in >> the body of a message to majordomo@vger.kernel.org >> More majordomo info at http://vger.kernel.org/majordomo-info.html >> >> > -- > To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH 2/5] drivers/scsi/bnx2fc/bnx2fc_io.c: Remove potential NULL dereference 2012-08-14 15:49 ` [PATCH 2/5] drivers/scsi/bnx2fc/bnx2fc_io.c: " Julia Lawall 2012-08-15 14:33 ` walter harms 2012-08-15 14:43 ` Julia Lawall @ 2012-08-15 14:53 ` Julia Lawall 2012-08-15 15:29 ` walter harms 2012-09-07 18:23 ` Bhanu Prakash Gollapudi 4 siblings, 0 replies; 12+ messages in thread From: Julia Lawall @ 2012-08-15 14:53 UTC (permalink / raw) To: kernel-janitors From: Julia Lawall <Julia.Lawall@lip6.fr> If the NULL test is necessary, the initialization involving a dereference of the tested value should be moved after the NULL test. Moved the initialization of rport as well, to improve readability. The sematic patch that fixes the first problem is as follows: (http://coccinelle.lip6.fr/) // <smpl> @@ type T; expression E; identifier i,fld; statement S; @@ - T i = E->fld; + T i; ... when != E when != i if (E = NULL) S + i = E->fld; // </smpl> Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr> --- v2: moved the initialization of rport. drivers/scsi/bnx2fc/bnx2fc_io.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/scsi/bnx2fc/bnx2fc_io.c b/drivers/scsi/bnx2fc/bnx2fc_io.c index 73f231c..2e8cf79 100644 --- a/drivers/scsi/bnx2fc/bnx2fc_io.c +++ b/drivers/scsi/bnx2fc/bnx2fc_io.c @@ -685,8 +685,8 @@ int bnx2fc_init_mp_req(struct bnx2fc_cmd *io_req) static int bnx2fc_initiate_tmf(struct scsi_cmnd *sc_cmd, u8 tm_flags) { struct fc_lport *lport; - struct fc_rport *rport = starget_to_rport(scsi_target(sc_cmd->device)); - struct fc_rport_libfc_priv *rp = rport->dd_data; + struct fc_rport *rport; + struct fc_rport_libfc_priv *rp; struct fcoe_port *port; struct bnx2fc_interface *interface; struct bnx2fc_rport *tgt; @@ -704,6 +704,7 @@ static int bnx2fc_initiate_tmf(struct scsi_cmnd *sc_cmd, u8 tm_flags) unsigned long start = jiffies; lport = shost_priv(host); + rport = starget_to_rport(scsi_target(sc_cmd->device)); port = lport_priv(lport); interface = port->priv; @@ -712,6 +713,7 @@ static int bnx2fc_initiate_tmf(struct scsi_cmnd *sc_cmd, u8 tm_flags) rc = FAILED; goto tmf_err; } + rp = rport->dd_data; rc = fc_block_scsi_eh(sc_cmd); if (rc) ^ permalink raw reply related [flat|nested] 12+ messages in thread
* Re: [PATCH 2/5] drivers/scsi/bnx2fc/bnx2fc_io.c: Remove potential NULL dereference 2012-08-14 15:49 ` [PATCH 2/5] drivers/scsi/bnx2fc/bnx2fc_io.c: " Julia Lawall ` (2 preceding siblings ...) 2012-08-15 14:53 ` Julia Lawall @ 2012-08-15 15:29 ` walter harms 2012-09-07 18:23 ` Bhanu Prakash Gollapudi 4 siblings, 0 replies; 12+ messages in thread From: walter harms @ 2012-08-15 15:29 UTC (permalink / raw) To: kernel-janitors thx, it is now much easy to see how the "port" depend on each other. re, wh Am 15.08.2012 16:53, schrieb Julia Lawall: > From: Julia Lawall <Julia.Lawall@lip6.fr> > > If the NULL test is necessary, the initialization involving a > dereference of > the tested value should be moved after the NULL test. > > Moved the initialization of rport as well, to improve readability. > > The sematic patch that fixes the first problem is as follows: > (http://coccinelle.lip6.fr/) > > // <smpl> > @@ > type T; > expression E; > identifier i,fld; > statement S; > @@ > > - T i = E->fld; > + T i; > ... when != E > when != i > if (E = NULL) S > + i = E->fld; > // </smpl> > > Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr> > > --- > v2: moved the initialization of rport. > > drivers/scsi/bnx2fc/bnx2fc_io.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/drivers/scsi/bnx2fc/bnx2fc_io.c > b/drivers/scsi/bnx2fc/bnx2fc_io.c > index 73f231c..2e8cf79 100644 > --- a/drivers/scsi/bnx2fc/bnx2fc_io.c > +++ b/drivers/scsi/bnx2fc/bnx2fc_io.c > @@ -685,8 +685,8 @@ int bnx2fc_init_mp_req(struct bnx2fc_cmd *io_req) > static int bnx2fc_initiate_tmf(struct scsi_cmnd *sc_cmd, u8 tm_flags) > { > struct fc_lport *lport; > - struct fc_rport *rport > starget_to_rport(scsi_target(sc_cmd->device)); > - struct fc_rport_libfc_priv *rp = rport->dd_data; > + struct fc_rport *rport; > + struct fc_rport_libfc_priv *rp; > struct fcoe_port *port; > struct bnx2fc_interface *interface; > struct bnx2fc_rport *tgt; > @@ -704,6 +704,7 @@ static int bnx2fc_initiate_tmf(struct scsi_cmnd > *sc_cmd, u8 tm_flags) > unsigned long start = jiffies; > > lport = shost_priv(host); > + rport = starget_to_rport(scsi_target(sc_cmd->device)); > port = lport_priv(lport); > interface = port->priv; > > @@ -712,6 +713,7 @@ static int bnx2fc_initiate_tmf(struct scsi_cmnd > *sc_cmd, u8 tm_flags) > rc = FAILED; > goto tmf_err; > } > + rp = rport->dd_data; > > rc = fc_block_scsi_eh(sc_cmd); > if (rc) > > ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH 2/5] drivers/scsi/bnx2fc/bnx2fc_io.c: Remove potential NULL dereference 2012-08-14 15:49 ` [PATCH 2/5] drivers/scsi/bnx2fc/bnx2fc_io.c: " Julia Lawall ` (3 preceding siblings ...) 2012-08-15 15:29 ` walter harms @ 2012-09-07 18:23 ` Bhanu Prakash Gollapudi 4 siblings, 0 replies; 12+ messages in thread From: Bhanu Prakash Gollapudi @ 2012-09-07 18:23 UTC (permalink / raw) To: Julia Lawall Cc: kernel-janitors, James E.J. Bottomley, linux-scsi, linux-kernel On 8/14/2012 8:49 AM, Julia Lawall wrote: > From: Julia Lawall <Julia.Lawall@lip6.fr> > > If the NULL test is necessary, the initialization involving a dereference of > the tested value should be moved after the NULL test. > > The sematic patch that fixes this problem is as follows: > (http://coccinelle.lip6.fr/) > > // <smpl> > @@ > type T; > expression E; > identifier i,fld; > statement S; > @@ > > - T i = E->fld; > + T i; > ... when != E > when != i > if (E = NULL) S > + i = E->fld; > // </smpl> > > Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr> > > --- > drivers/scsi/bnx2fc/bnx2fc_io.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/drivers/scsi/bnx2fc/bnx2fc_io.c b/drivers/scsi/bnx2fc/bnx2fc_io.c > index 73f231c..1dd82db 100644 > --- a/drivers/scsi/bnx2fc/bnx2fc_io.c > +++ b/drivers/scsi/bnx2fc/bnx2fc_io.c > @@ -686,7 +686,7 @@ static int bnx2fc_initiate_tmf(struct scsi_cmnd *sc_cmd, u8 tm_flags) > { > struct fc_lport *lport; > struct fc_rport *rport = starget_to_rport(scsi_target(sc_cmd->device)); > - struct fc_rport_libfc_priv *rp = rport->dd_data; > + struct fc_rport_libfc_priv *rp; > struct fcoe_port *port; > struct bnx2fc_interface *interface; > struct bnx2fc_rport *tgt; > @@ -712,6 +712,7 @@ static int bnx2fc_initiate_tmf(struct scsi_cmnd *sc_cmd, u8 tm_flags) > rc = FAILED; > goto tmf_err; > } > + rp = rport->dd_data; > > rc = fc_block_scsi_eh(sc_cmd); > if (rc) > > Thanks Julia. Acked-by: Bhanu Prakash Gollapudi <bprakash@broadcom.com> ^ permalink raw reply [flat|nested] 12+ messages in thread
* [PATCH 3/5] drivers/media/video/{s2255drv.c,tm6000/tm6000-alsa.c,tm6000/tm6000-input.c}: Remove pote 2012-08-14 15:49 [PATCH 0/5] Remove potential NULL dereference Julia Lawall 2012-08-14 15:49 ` [PATCH 1/5] drivers/block/swim3.c: " Julia Lawall 2012-08-14 15:49 ` [PATCH 2/5] drivers/scsi/bnx2fc/bnx2fc_io.c: " Julia Lawall @ 2012-08-14 15:49 ` Julia Lawall 2012-08-14 15:49 ` [PATCH 4/5] drivers/net/ethernet/ti/davinci_cpdma.c: Remove potential NULL dereference Julia Lawall 2012-08-14 15:49 ` [PATCH 5/5] arch/powerpc/platforms/powernv/pci.c: Remove potential NULL dereferences Julia Lawall 4 siblings, 0 replies; 12+ messages in thread From: Julia Lawall @ 2012-08-14 15:49 UTC (permalink / raw) To: Mauro Carvalho Chehab; +Cc: kernel-janitors, linux-media, linux-kernel From: Julia Lawall <Julia.Lawall@lip6.fr> If the NULL test is necessary, the initialization involving a dereference of the tested value should be moved after the NULL test. The sematic patch that fixes this problem is as follows: (http://coccinelle.lip6.fr/) // <smpl> @@ type T; expression E; identifier i,fld; statement S; @@ - T i = E->fld; + T i; ... when != E when != i if (E = NULL) S + i = E->fld; // </smpl> Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr> --- drivers/media/video/s2255drv.c | 3 ++- drivers/media/video/tm6000/tm6000-alsa.c | 3 ++- drivers/media/video/tm6000/tm6000-input.c | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/drivers/media/video/s2255drv.c b/drivers/media/video/s2255drv.c index 6c7960c..a25513d 100644 --- a/drivers/media/video/s2255drv.c +++ b/drivers/media/video/s2255drv.c @@ -1861,11 +1861,12 @@ static int s2255_release(struct file *file) static int s2255_mmap_v4l(struct file *file, struct vm_area_struct *vma) { struct s2255_fh *fh = file->private_data; - struct s2255_dev *dev = fh->dev; + struct s2255_dev *dev; int ret; if (!fh) return -ENODEV; + dev = fh->dev; dprintk(4, "%s, vma=0x%08lx\n", __func__, (unsigned long)vma); if (mutex_lock_interruptible(&dev->lock)) return -ERESTARTSYS; diff --git a/drivers/media/video/tm6000/tm6000-alsa.c b/drivers/media/video/tm6000/tm6000-alsa.c index bd07ec7..813c1ec 100644 --- a/drivers/media/video/tm6000/tm6000-alsa.c +++ b/drivers/media/video/tm6000/tm6000-alsa.c @@ -487,10 +487,11 @@ error: static int tm6000_audio_fini(struct tm6000_core *dev) { - struct snd_tm6000_card *chip = dev->adev; + struct snd_tm6000_card *chip; if (!dev) return 0; + chip = dev->adev; if (!chip) return 0; diff --git a/drivers/media/video/tm6000/tm6000-input.c b/drivers/media/video/tm6000/tm6000-input.c index e80b7e1..dffbd4b 100644 --- a/drivers/media/video/tm6000/tm6000-input.c +++ b/drivers/media/video/tm6000/tm6000-input.c @@ -319,12 +319,13 @@ static int tm6000_ir_change_protocol(struct rc_dev *rc, u64 rc_type) static int __tm6000_ir_int_start(struct rc_dev *rc) { struct tm6000_IR *ir = rc->priv; - struct tm6000_core *dev = ir->dev; + struct tm6000_core *dev; int pipe, size; int err = -ENOMEM; if (!ir) return -ENODEV; + dev = ir->dev; dprintk(2, "%s\n",__func__); ^ permalink raw reply related [flat|nested] 12+ messages in thread
* [PATCH 4/5] drivers/net/ethernet/ti/davinci_cpdma.c: Remove potential NULL dereference 2012-08-14 15:49 [PATCH 0/5] Remove potential NULL dereference Julia Lawall ` (2 preceding siblings ...) 2012-08-14 15:49 ` [PATCH 3/5] drivers/media/video/{s2255drv.c,tm6000/tm6000-alsa.c,tm6000/tm6000-input.c}: Remove pote Julia Lawall @ 2012-08-14 15:49 ` Julia Lawall 2012-08-15 0:00 ` David Miller 2012-08-14 15:49 ` [PATCH 5/5] arch/powerpc/platforms/powernv/pci.c: Remove potential NULL dereferences Julia Lawall 4 siblings, 1 reply; 12+ messages in thread From: Julia Lawall @ 2012-08-14 15:49 UTC (permalink / raw) To: netdev; +Cc: kernel-janitors, linux-kernel From: Julia Lawall <Julia.Lawall@lip6.fr> If the NULL test is necessary, the initialization involving a dereference of the tested value should be moved after the NULL test. The sematic patch that fixes this problem is as follows: (http://coccinelle.lip6.fr/) // <smpl> @@ type T; expression E; identifier i,fld; statement S; @@ - T i = E->fld; + T i; ... when != E when != i if (E = NULL) S + i = E->fld; // </smpl> Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr> --- drivers/net/ethernet/ti/davinci_cpdma.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/ti/davinci_cpdma.c b/drivers/net/ethernet/ti/davinci_cpdma.c index 3b5c457..d15c888 100644 --- a/drivers/net/ethernet/ti/davinci_cpdma.c +++ b/drivers/net/ethernet/ti/davinci_cpdma.c @@ -538,11 +538,12 @@ EXPORT_SYMBOL_GPL(cpdma_chan_create); int cpdma_chan_destroy(struct cpdma_chan *chan) { - struct cpdma_ctlr *ctlr = chan->ctlr; + struct cpdma_ctlr *ctlr; unsigned long flags; if (!chan) return -EINVAL; + ctlr = chan->ctlr; spin_lock_irqsave(&ctlr->lock, flags); if (chan->state != CPDMA_STATE_IDLE) ^ permalink raw reply related [flat|nested] 12+ messages in thread
* Re: [PATCH 4/5] drivers/net/ethernet/ti/davinci_cpdma.c: Remove potential NULL dereference 2012-08-14 15:49 ` [PATCH 4/5] drivers/net/ethernet/ti/davinci_cpdma.c: Remove potential NULL dereference Julia Lawall @ 2012-08-15 0:00 ` David Miller 0 siblings, 0 replies; 12+ messages in thread From: David Miller @ 2012-08-15 0:00 UTC (permalink / raw) To: Julia.Lawall; +Cc: netdev, kernel-janitors, linux-kernel From: Julia Lawall <Julia.Lawall@lip6.fr> Date: Tue, 14 Aug 2012 17:49:47 +0200 > From: Julia Lawall <Julia.Lawall@lip6.fr> > > If the NULL test is necessary, the initialization involving a dereference of > the tested value should be moved after the NULL test. > > The sematic patch that fixes this problem is as follows: > (http://coccinelle.lip6.fr/) ... > Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr> Applied, thanks. ^ permalink raw reply [flat|nested] 12+ messages in thread
* [PATCH 5/5] arch/powerpc/platforms/powernv/pci.c: Remove potential NULL dereferences 2012-08-14 15:49 [PATCH 0/5] Remove potential NULL dereference Julia Lawall ` (3 preceding siblings ...) 2012-08-14 15:49 ` [PATCH 4/5] drivers/net/ethernet/ti/davinci_cpdma.c: Remove potential NULL dereference Julia Lawall @ 2012-08-14 15:49 ` Julia Lawall 4 siblings, 0 replies; 12+ messages in thread From: Julia Lawall @ 2012-08-14 15:49 UTC (permalink / raw) To: Benjamin Herrenschmidt Cc: Paul Mackerras, kernel-janitors, linuxppc-dev, linux-kernel From: Julia Lawall <Julia.Lawall@lip6.fr> If the NULL test is necessary, the initialization involving a dereference of the tested value should be moved after the NULL test. The sematic patch that fixes this problem is as follows: (http://coccinelle.lip6.fr/) // <smpl> @@ type T; expression E; identifier i,fld; statement S; @@ - T i = E->fld; + T i; ... when != E when != i if (E = NULL) S + i = E->fld; // </smpl> Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr> --- arch/powerpc/platforms/powernv/pci.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/powerpc/platforms/powernv/pci.c b/arch/powerpc/platforms/powernv/pci.c index be3cfc5..928e97b 100644 --- a/arch/powerpc/platforms/powernv/pci.c +++ b/arch/powerpc/platforms/powernv/pci.c @@ -287,12 +287,13 @@ static int pnv_pci_read_config(struct pci_bus *bus, int where, int size, u32 *val) { struct pci_controller *hose = pci_bus_to_host(bus); - struct pnv_phb *phb = hose->private_data; + struct pnv_phb *phb; u32 bdfn = (((uint64_t)bus->number) << 8) | devfn; s64 rc; if (hose = NULL) return PCIBIOS_DEVICE_NOT_FOUND; + phb = hose->private_data; switch (size) { case 1: { @@ -331,11 +332,12 @@ static int pnv_pci_write_config(struct pci_bus *bus, int where, int size, u32 val) { struct pci_controller *hose = pci_bus_to_host(bus); - struct pnv_phb *phb = hose->private_data; + struct pnv_phb *phb; u32 bdfn = (((uint64_t)bus->number) << 8) | devfn; if (hose = NULL) return PCIBIOS_DEVICE_NOT_FOUND; + phb = hose->private_data; cfg_dbg("pnv_pci_write_config bus: %x devfn: %x +%x/%x -> %08x\n", bus->number, devfn, where, size, val); ^ permalink raw reply related [flat|nested] 12+ messages in thread
end of thread, other threads:[~2012-09-07 18:23 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-08-14 15:49 [PATCH 0/5] Remove potential NULL dereference Julia Lawall
2012-08-14 15:49 ` [PATCH 1/5] drivers/block/swim3.c: " Julia Lawall
2012-08-14 15:49 ` [PATCH 2/5] drivers/scsi/bnx2fc/bnx2fc_io.c: " Julia Lawall
2012-08-15 14:33 ` walter harms
2012-08-15 14:43 ` Julia Lawall
2012-08-15 14:53 ` Julia Lawall
2012-08-15 15:29 ` walter harms
2012-09-07 18:23 ` Bhanu Prakash Gollapudi
2012-08-14 15:49 ` [PATCH 3/5] drivers/media/video/{s2255drv.c,tm6000/tm6000-alsa.c,tm6000/tm6000-input.c}: Remove pote Julia Lawall
2012-08-14 15:49 ` [PATCH 4/5] drivers/net/ethernet/ti/davinci_cpdma.c: Remove potential NULL dereference Julia Lawall
2012-08-15 0:00 ` David Miller
2012-08-14 15:49 ` [PATCH 5/5] arch/powerpc/platforms/powernv/pci.c: Remove potential NULL dereferences Julia Lawall
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).