* [PATCH 0/5] Remove potential NULL dereference
@ 2012-08-14 15:49 Julia Lawall
2012-08-14 15:49 ` [PATCH 1/5] drivers/block/swim3.c: " Julia Lawall
` (4 more replies)
0 siblings, 5 replies; 9+ messages in thread
From: Julia Lawall @ 2012-08-14 15:49 UTC (permalink / raw)
To: linux-kernel; +Cc: kernel-janitors
These patches find a case where there is a dereference before a NULL test
and either move the dereference after the NULL test, or eliminate the NULL
test if it seems unnnecessary.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH 1/5] drivers/block/swim3.c: Remove potential NULL dereference
2012-08-14 15:49 [PATCH 0/5] Remove potential NULL dereference Julia Lawall
@ 2012-08-14 15:49 ` Julia Lawall
2012-08-14 15:49 ` [PATCH 2/5] drivers/scsi/bnx2fc/bnx2fc_io.c: " Julia Lawall
` (3 subsequent siblings)
4 siblings, 0 replies; 9+ messages in thread
From: Julia Lawall @ 2012-08-14 15:49 UTC (permalink / raw)
To: linux-kernel; +Cc: kernel-janitors
From: Julia Lawall <Julia.Lawall@lip6.fr>
If the NULL test is necessary, the initialization involving a dereference of
the tested value should be moved after the NULL test.
The sematic patch that fixes this problem is as follows:
(http://coccinelle.lip6.fr/)
// <smpl>
@@
type T;
expression E;
identifier i,fld;
statement S;
@@
- T i = E->fld;
+ T i;
... when != E
when != i
if (E == NULL) S
+ i = E->fld;
// </smpl>
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
---
drivers/block/swim3.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/block/swim3.c b/drivers/block/swim3.c
index 89ddab1..ffecfef 100644
--- a/drivers/block/swim3.c
+++ b/drivers/block/swim3.c
@@ -1090,10 +1090,11 @@ static const struct block_device_operations floppy_fops = {
static void swim3_mb_event(struct macio_dev* mdev, int mb_state)
{
struct floppy_state *fs = macio_get_drvdata(mdev);
- struct swim3 __iomem *sw = fs->swim3;
+ struct swim3 __iomem *sw;
if (!fs)
return;
+ sw = fs->swim3;
if (mb_state != MB_FD)
return;
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH 2/5] drivers/scsi/bnx2fc/bnx2fc_io.c: Remove potential NULL dereference
2012-08-14 15:49 [PATCH 0/5] Remove potential NULL dereference Julia Lawall
2012-08-14 15:49 ` [PATCH 1/5] drivers/block/swim3.c: " Julia Lawall
@ 2012-08-14 15:49 ` Julia Lawall
2012-09-07 18:23 ` Bhanu Prakash Gollapudi
2012-08-14 15:49 ` [PATCH 3/5] drivers/media/video/{s2255drv.c,tm6000/tm6000-alsa.c,tm6000/tm6000-input.c}: Remove potential NULL dereferences Julia Lawall
` (2 subsequent siblings)
4 siblings, 1 reply; 9+ messages in thread
From: Julia Lawall @ 2012-08-14 15:49 UTC (permalink / raw)
To: Bhanu Prakash Gollapudi
Cc: kernel-janitors, James E.J. Bottomley, linux-scsi, linux-kernel
From: Julia Lawall <Julia.Lawall@lip6.fr>
If the NULL test is necessary, the initialization involving a dereference of
the tested value should be moved after the NULL test.
The sematic patch that fixes this problem is as follows:
(http://coccinelle.lip6.fr/)
// <smpl>
@@
type T;
expression E;
identifier i,fld;
statement S;
@@
- T i = E->fld;
+ T i;
... when != E
when != i
if (E == NULL) S
+ i = E->fld;
// </smpl>
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
---
drivers/scsi/bnx2fc/bnx2fc_io.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/scsi/bnx2fc/bnx2fc_io.c b/drivers/scsi/bnx2fc/bnx2fc_io.c
index 73f231c..1dd82db 100644
--- a/drivers/scsi/bnx2fc/bnx2fc_io.c
+++ b/drivers/scsi/bnx2fc/bnx2fc_io.c
@@ -686,7 +686,7 @@ static int bnx2fc_initiate_tmf(struct scsi_cmnd *sc_cmd, u8 tm_flags)
{
struct fc_lport *lport;
struct fc_rport *rport = starget_to_rport(scsi_target(sc_cmd->device));
- struct fc_rport_libfc_priv *rp = rport->dd_data;
+ struct fc_rport_libfc_priv *rp;
struct fcoe_port *port;
struct bnx2fc_interface *interface;
struct bnx2fc_rport *tgt;
@@ -712,6 +712,7 @@ static int bnx2fc_initiate_tmf(struct scsi_cmnd *sc_cmd, u8 tm_flags)
rc = FAILED;
goto tmf_err;
}
+ rp = rport->dd_data;
rc = fc_block_scsi_eh(sc_cmd);
if (rc)
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH 3/5] drivers/media/video/{s2255drv.c,tm6000/tm6000-alsa.c,tm6000/tm6000-input.c}: Remove potential NULL dereferences
2012-08-14 15:49 [PATCH 0/5] Remove potential NULL dereference Julia Lawall
2012-08-14 15:49 ` [PATCH 1/5] drivers/block/swim3.c: " Julia Lawall
2012-08-14 15:49 ` [PATCH 2/5] drivers/scsi/bnx2fc/bnx2fc_io.c: " Julia Lawall
@ 2012-08-14 15:49 ` Julia Lawall
2012-08-14 15:49 ` [PATCH 4/5] drivers/net/ethernet/ti/davinci_cpdma.c: Remove potential NULL dereference Julia Lawall
2012-08-14 15:49 ` [PATCH 5/5] arch/powerpc/platforms/powernv/pci.c: Remove potential NULL dereferences Julia Lawall
4 siblings, 0 replies; 9+ messages in thread
From: Julia Lawall @ 2012-08-14 15:49 UTC (permalink / raw)
To: Mauro Carvalho Chehab; +Cc: kernel-janitors, linux-media, linux-kernel
From: Julia Lawall <Julia.Lawall@lip6.fr>
If the NULL test is necessary, the initialization involving a dereference of
the tested value should be moved after the NULL test.
The sematic patch that fixes this problem is as follows:
(http://coccinelle.lip6.fr/)
// <smpl>
@@
type T;
expression E;
identifier i,fld;
statement S;
@@
- T i = E->fld;
+ T i;
... when != E
when != i
if (E == NULL) S
+ i = E->fld;
// </smpl>
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
---
drivers/media/video/s2255drv.c | 3 ++-
drivers/media/video/tm6000/tm6000-alsa.c | 3 ++-
drivers/media/video/tm6000/tm6000-input.c | 3 ++-
3 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/media/video/s2255drv.c b/drivers/media/video/s2255drv.c
index 6c7960c..a25513d 100644
--- a/drivers/media/video/s2255drv.c
+++ b/drivers/media/video/s2255drv.c
@@ -1861,11 +1861,12 @@ static int s2255_release(struct file *file)
static int s2255_mmap_v4l(struct file *file, struct vm_area_struct *vma)
{
struct s2255_fh *fh = file->private_data;
- struct s2255_dev *dev = fh->dev;
+ struct s2255_dev *dev;
int ret;
if (!fh)
return -ENODEV;
+ dev = fh->dev;
dprintk(4, "%s, vma=0x%08lx\n", __func__, (unsigned long)vma);
if (mutex_lock_interruptible(&dev->lock))
return -ERESTARTSYS;
diff --git a/drivers/media/video/tm6000/tm6000-alsa.c b/drivers/media/video/tm6000/tm6000-alsa.c
index bd07ec7..813c1ec 100644
--- a/drivers/media/video/tm6000/tm6000-alsa.c
+++ b/drivers/media/video/tm6000/tm6000-alsa.c
@@ -487,10 +487,11 @@ error:
static int tm6000_audio_fini(struct tm6000_core *dev)
{
- struct snd_tm6000_card *chip = dev->adev;
+ struct snd_tm6000_card *chip;
if (!dev)
return 0;
+ chip = dev->adev;
if (!chip)
return 0;
diff --git a/drivers/media/video/tm6000/tm6000-input.c b/drivers/media/video/tm6000/tm6000-input.c
index e80b7e1..dffbd4b 100644
--- a/drivers/media/video/tm6000/tm6000-input.c
+++ b/drivers/media/video/tm6000/tm6000-input.c
@@ -319,12 +319,13 @@ static int tm6000_ir_change_protocol(struct rc_dev *rc, u64 rc_type)
static int __tm6000_ir_int_start(struct rc_dev *rc)
{
struct tm6000_IR *ir = rc->priv;
- struct tm6000_core *dev = ir->dev;
+ struct tm6000_core *dev;
int pipe, size;
int err = -ENOMEM;
if (!ir)
return -ENODEV;
+ dev = ir->dev;
dprintk(2, "%s\n",__func__);
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH 4/5] drivers/net/ethernet/ti/davinci_cpdma.c: Remove potential NULL dereference
2012-08-14 15:49 [PATCH 0/5] Remove potential NULL dereference Julia Lawall
` (2 preceding siblings ...)
2012-08-14 15:49 ` [PATCH 3/5] drivers/media/video/{s2255drv.c,tm6000/tm6000-alsa.c,tm6000/tm6000-input.c}: Remove potential NULL dereferences Julia Lawall
@ 2012-08-14 15:49 ` Julia Lawall
2012-08-15 0:00 ` David Miller
2012-08-14 15:49 ` [PATCH 5/5] arch/powerpc/platforms/powernv/pci.c: Remove potential NULL dereferences Julia Lawall
4 siblings, 1 reply; 9+ messages in thread
From: Julia Lawall @ 2012-08-14 15:49 UTC (permalink / raw)
To: netdev; +Cc: kernel-janitors, linux-kernel
From: Julia Lawall <Julia.Lawall@lip6.fr>
If the NULL test is necessary, the initialization involving a dereference of
the tested value should be moved after the NULL test.
The sematic patch that fixes this problem is as follows:
(http://coccinelle.lip6.fr/)
// <smpl>
@@
type T;
expression E;
identifier i,fld;
statement S;
@@
- T i = E->fld;
+ T i;
... when != E
when != i
if (E == NULL) S
+ i = E->fld;
// </smpl>
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
---
drivers/net/ethernet/ti/davinci_cpdma.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/ti/davinci_cpdma.c b/drivers/net/ethernet/ti/davinci_cpdma.c
index 3b5c457..d15c888 100644
--- a/drivers/net/ethernet/ti/davinci_cpdma.c
+++ b/drivers/net/ethernet/ti/davinci_cpdma.c
@@ -538,11 +538,12 @@ EXPORT_SYMBOL_GPL(cpdma_chan_create);
int cpdma_chan_destroy(struct cpdma_chan *chan)
{
- struct cpdma_ctlr *ctlr = chan->ctlr;
+ struct cpdma_ctlr *ctlr;
unsigned long flags;
if (!chan)
return -EINVAL;
+ ctlr = chan->ctlr;
spin_lock_irqsave(&ctlr->lock, flags);
if (chan->state != CPDMA_STATE_IDLE)
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH 5/5] arch/powerpc/platforms/powernv/pci.c: Remove potential NULL dereferences
2012-08-14 15:49 [PATCH 0/5] Remove potential NULL dereference Julia Lawall
` (3 preceding siblings ...)
2012-08-14 15:49 ` [PATCH 4/5] drivers/net/ethernet/ti/davinci_cpdma.c: Remove potential NULL dereference Julia Lawall
@ 2012-08-14 15:49 ` Julia Lawall
4 siblings, 0 replies; 9+ messages in thread
From: Julia Lawall @ 2012-08-14 15:49 UTC (permalink / raw)
To: Benjamin Herrenschmidt
Cc: kernel-janitors, Paul Mackerras, linuxppc-dev, linux-kernel
From: Julia Lawall <Julia.Lawall@lip6.fr>
If the NULL test is necessary, the initialization involving a dereference of
the tested value should be moved after the NULL test.
The sematic patch that fixes this problem is as follows:
(http://coccinelle.lip6.fr/)
// <smpl>
@@
type T;
expression E;
identifier i,fld;
statement S;
@@
- T i = E->fld;
+ T i;
... when != E
when != i
if (E == NULL) S
+ i = E->fld;
// </smpl>
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
---
arch/powerpc/platforms/powernv/pci.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/arch/powerpc/platforms/powernv/pci.c b/arch/powerpc/platforms/powernv/pci.c
index be3cfc5..928e97b 100644
--- a/arch/powerpc/platforms/powernv/pci.c
+++ b/arch/powerpc/platforms/powernv/pci.c
@@ -287,12 +287,13 @@ static int pnv_pci_read_config(struct pci_bus *bus,
int where, int size, u32 *val)
{
struct pci_controller *hose = pci_bus_to_host(bus);
- struct pnv_phb *phb = hose->private_data;
+ struct pnv_phb *phb;
u32 bdfn = (((uint64_t)bus->number) << 8) | devfn;
s64 rc;
if (hose == NULL)
return PCIBIOS_DEVICE_NOT_FOUND;
+ phb = hose->private_data;
switch (size) {
case 1: {
@@ -331,11 +332,12 @@ static int pnv_pci_write_config(struct pci_bus *bus,
int where, int size, u32 val)
{
struct pci_controller *hose = pci_bus_to_host(bus);
- struct pnv_phb *phb = hose->private_data;
+ struct pnv_phb *phb;
u32 bdfn = (((uint64_t)bus->number) << 8) | devfn;
if (hose == NULL)
return PCIBIOS_DEVICE_NOT_FOUND;
+ phb = hose->private_data;
cfg_dbg("pnv_pci_write_config bus: %x devfn: %x +%x/%x -> %08x\n",
bus->number, devfn, where, size, val);
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH 4/5] drivers/net/ethernet/ti/davinci_cpdma.c: Remove potential NULL dereference
2012-08-14 15:49 ` [PATCH 4/5] drivers/net/ethernet/ti/davinci_cpdma.c: Remove potential NULL dereference Julia Lawall
@ 2012-08-15 0:00 ` David Miller
0 siblings, 0 replies; 9+ messages in thread
From: David Miller @ 2012-08-15 0:00 UTC (permalink / raw)
To: Julia.Lawall; +Cc: netdev, kernel-janitors, linux-kernel
From: Julia Lawall <Julia.Lawall@lip6.fr>
Date: Tue, 14 Aug 2012 17:49:47 +0200
> From: Julia Lawall <Julia.Lawall@lip6.fr>
>
> If the NULL test is necessary, the initialization involving a dereference of
> the tested value should be moved after the NULL test.
>
> The sematic patch that fixes this problem is as follows:
> (http://coccinelle.lip6.fr/)
...
> Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Applied, thanks.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH 2/5] drivers/scsi/bnx2fc/bnx2fc_io.c: Remove potential NULL dereference
2012-08-14 15:49 ` [PATCH 2/5] drivers/scsi/bnx2fc/bnx2fc_io.c: " Julia Lawall
@ 2012-09-07 18:23 ` Bhanu Prakash Gollapudi
2012-09-24 19:37 ` Bhanu Prakash Gollapudi
0 siblings, 1 reply; 9+ messages in thread
From: Bhanu Prakash Gollapudi @ 2012-09-07 18:23 UTC (permalink / raw)
To: Julia Lawall
Cc: kernel-janitors, James E.J. Bottomley, linux-scsi, linux-kernel
On 8/14/2012 8:49 AM, Julia Lawall wrote:
> From: Julia Lawall <Julia.Lawall@lip6.fr>
>
> If the NULL test is necessary, the initialization involving a dereference of
> the tested value should be moved after the NULL test.
>
> The sematic patch that fixes this problem is as follows:
> (http://coccinelle.lip6.fr/)
>
> // <smpl>
> @@
> type T;
> expression E;
> identifier i,fld;
> statement S;
> @@
>
> - T i = E->fld;
> + T i;
> ... when != E
> when != i
> if (E == NULL) S
> + i = E->fld;
> // </smpl>
>
> Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
>
> ---
> drivers/scsi/bnx2fc/bnx2fc_io.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/scsi/bnx2fc/bnx2fc_io.c b/drivers/scsi/bnx2fc/bnx2fc_io.c
> index 73f231c..1dd82db 100644
> --- a/drivers/scsi/bnx2fc/bnx2fc_io.c
> +++ b/drivers/scsi/bnx2fc/bnx2fc_io.c
> @@ -686,7 +686,7 @@ static int bnx2fc_initiate_tmf(struct scsi_cmnd *sc_cmd, u8 tm_flags)
> {
> struct fc_lport *lport;
> struct fc_rport *rport = starget_to_rport(scsi_target(sc_cmd->device));
> - struct fc_rport_libfc_priv *rp = rport->dd_data;
> + struct fc_rport_libfc_priv *rp;
> struct fcoe_port *port;
> struct bnx2fc_interface *interface;
> struct bnx2fc_rport *tgt;
> @@ -712,6 +712,7 @@ static int bnx2fc_initiate_tmf(struct scsi_cmnd *sc_cmd, u8 tm_flags)
> rc = FAILED;
> goto tmf_err;
> }
> + rp = rport->dd_data;
>
> rc = fc_block_scsi_eh(sc_cmd);
> if (rc)
>
>
Thanks Julia.
Acked-by: Bhanu Prakash Gollapudi <bprakash@broadcom.com>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH 2/5] drivers/scsi/bnx2fc/bnx2fc_io.c: Remove potential NULL dereference
2012-09-07 18:23 ` Bhanu Prakash Gollapudi
@ 2012-09-24 19:37 ` Bhanu Prakash Gollapudi
0 siblings, 0 replies; 9+ messages in thread
From: Bhanu Prakash Gollapudi @ 2012-09-24 19:37 UTC (permalink / raw)
To: Julia Lawall; +Cc: James E.J. Bottomley, linux-kernel
On 09/07/2012 11:23 AM, Bhanu Prakash Gollapudi wrote:
> On 8/14/2012 8:49 AM, Julia Lawall wrote:
>> From: Julia Lawall <Julia.Lawall@lip6.fr>
>>
>> If the NULL test is necessary, the initialization involving a
>> dereference of
>> the tested value should be moved after the NULL test.
>>
>> The sematic patch that fixes this problem is as follows:
>> (http://coccinelle.lip6.fr/)
>>
>> // <smpl>
>> @@
>> type T;
>> expression E;
>> identifier i,fld;
>> statement S;
>> @@
>>
>> - T i = E->fld;
>> + T i;
>> ... when != E
>> when != i
>> if (E == NULL) S
>> + i = E->fld;
>> // </smpl>
>>
>> Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
>>
>> ---
>> drivers/scsi/bnx2fc/bnx2fc_io.c | 3 ++-
>> 1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/drivers/scsi/bnx2fc/bnx2fc_io.c
>> b/drivers/scsi/bnx2fc/bnx2fc_io.c
>> index 73f231c..1dd82db 100644
>> --- a/drivers/scsi/bnx2fc/bnx2fc_io.c
>> +++ b/drivers/scsi/bnx2fc/bnx2fc_io.c
>> @@ -686,7 +686,7 @@ static int bnx2fc_initiate_tmf(struct scsi_cmnd
>> *sc_cmd, u8 tm_flags)
>> {
>> struct fc_lport *lport;
>> struct fc_rport *rport =
>> starget_to_rport(scsi_target(sc_cmd->device));
>> - struct fc_rport_libfc_priv *rp = rport->dd_data;
>> + struct fc_rport_libfc_priv *rp;
>> struct fcoe_port *port;
>> struct bnx2fc_interface *interface;
>> struct bnx2fc_rport *tgt;
>> @@ -712,6 +712,7 @@ static int bnx2fc_initiate_tmf(struct scsi_cmnd
>> *sc_cmd, u8 tm_flags)
>> rc = FAILED;
>> goto tmf_err;
>> }
>> + rp = rport->dd_data;
>>
>> rc = fc_block_scsi_eh(sc_cmd);
>> if (rc)
>>
>>
> Thanks Julia.
>
> Acked-by: Bhanu Prakash Gollapudi <bprakash@broadcom.com>
James, can you please pick up this patch also for 'misc'?
Thanks,
Bhanu
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2012-09-24 19:38 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-08-14 15:49 [PATCH 0/5] Remove potential NULL dereference Julia Lawall
2012-08-14 15:49 ` [PATCH 1/5] drivers/block/swim3.c: " Julia Lawall
2012-08-14 15:49 ` [PATCH 2/5] drivers/scsi/bnx2fc/bnx2fc_io.c: " Julia Lawall
2012-09-07 18:23 ` Bhanu Prakash Gollapudi
2012-09-24 19:37 ` Bhanu Prakash Gollapudi
2012-08-14 15:49 ` [PATCH 3/5] drivers/media/video/{s2255drv.c,tm6000/tm6000-alsa.c,tm6000/tm6000-input.c}: Remove potential NULL dereferences Julia Lawall
2012-08-14 15:49 ` [PATCH 4/5] drivers/net/ethernet/ti/davinci_cpdma.c: Remove potential NULL dereference Julia Lawall
2012-08-15 0:00 ` David Miller
2012-08-14 15:49 ` [PATCH 5/5] arch/powerpc/platforms/powernv/pci.c: Remove potential NULL dereferences Julia Lawall
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).