patches.lttng/0071-lttng-lib-ring-buffer-move-null-pointer-check-to-ope.patch - pub/scm/linux/kernel/git/geert/ltsi-kernel - Git at Google

 From eeb34e2113576aea782094d1e30f22b445355fe8 Mon Sep 17 00:00:00 2001
 From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
 Date: Wed, 30 Nov 2011 13:34:16 -0500
 Subject: lttng lib: ring buffer move null pointer check to open

 * Dan Carpenter <dan.carpenter@oracle.com> wrote:
 > The patch c844b2f5cfea: "lttng lib: ring buffer" from Nov 28, 2011,
 > leads to the following Smatch complaint:
 >
 > drivers/staging/lttng/lib/ringbuffer/ring_buffer_mmap.c +86
 > +lib_ring_buffer_mmap_buf()
 >          warn: variable dereferenced before check 'buf' (see line 79)
 >
 > drivers/staging/lttng/lib/ringbuffer/ring_buffer_mmap.c
 >     78          unsigned long length = vma->vm_end - vma->vm_start;
 >     79          struct channel *chan = buf->backend.chan;
 >                                        ^^^^^^^^^^^^^^^^^
 > Dereference.
 >
 >     80          const struct lib_ring_buffer_config *config = chan->backend.config;
 >     81          unsigned long mmap_buf_len;
 >     82
 >     83          if (config->output != RING_BUFFER_MMAP)
 >     84                  return -EINVAL;
 >     85
 >     86          if (!buf)
 >                     ^^^^
 > Check.
 >
 >     87                  return -EBADF;
 >     88

 Let's move the NULL buf check to the file "open", where it belongs. The
 "open" file operation is the actual interface between lib ring buffer
 and the modules using it.

 Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
 Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
 Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
 ---
  .../lttng/lib/ringbuffer/ring_buffer_mmap.c        |    3 ---
  .../staging/lttng/lib/ringbuffer/ring_buffer_vfs.c |    3 +++
  2 files changed, 3 insertions(+), 3 deletions(-)

 diff --git a/drivers/staging/lttng/lib/ringbuffer/ring_buffer_mmap.c b/drivers/staging/lttng/lib/ringbuffer/ring_buffer_mmap.c
 index cf37434..c9d6e89 100644
 --- a/drivers/staging/lttng/lib/ringbuffer/ring_buffer_mmap.c
 +++ b/drivers/staging/lttng/lib/ringbuffer/ring_buffer_mmap.c
 @@ -80,9 +80,6 @@ static int lib_ring_buffer_mmap_buf(struct lib_ring_buffer *buf,
  	if (config->output != RING_BUFFER_MMAP)
  		return -EINVAL;

 -	if (!buf)
 -		return -EBADF;
 -
  	mmap_buf_len = chan->backend.buf_size;
  	if (chan->backend.extra_reader_sb)
  		mmap_buf_len += chan->backend.subbuf_size;
 diff --git a/drivers/staging/lttng/lib/ringbuffer/ring_buffer_vfs.c b/drivers/staging/lttng/lib/ringbuffer/ring_buffer_vfs.c
 index 1708ffd..8b78305 100644
 --- a/drivers/staging/lttng/lib/ringbuffer/ring_buffer_vfs.c
 +++ b/drivers/staging/lttng/lib/ringbuffer/ring_buffer_vfs.c
 @@ -42,6 +42,9 @@ int lib_ring_buffer_open(struct inode *inode, struct file *file)
  	struct lib_ring_buffer *buf = inode->i_private;
  	int ret;

 +	if (!buf)
 +		return -EINVAL;
 +
  	ret = lib_ring_buffer_open_read(buf);
  	if (ret)
  		return ret;
 --
 1.7.9
	From eeb34e2113576aea782094d1e30f22b445355fe8 Mon Sep 17 00:00:00 2001
	From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
	Date: Wed, 30 Nov 2011 13:34:16 -0500
	Subject: lttng lib: ring buffer move null pointer check to open

	* Dan Carpenter <dan.carpenter@oracle.com> wrote:
	> The patch c844b2f5cfea: "lttng lib: ring buffer" from Nov 28, 2011,
	> leads to the following Smatch complaint:
	>
	> drivers/staging/lttng/lib/ringbuffer/ring_buffer_mmap.c +86
	> +lib_ring_buffer_mmap_buf()
	> warn: variable dereferenced before check 'buf' (see line 79)
	>
	> drivers/staging/lttng/lib/ringbuffer/ring_buffer_mmap.c
	> 78 unsigned long length = vma->vm_end - vma->vm_start;
	> 79 struct channel *chan = buf->backend.chan;
	> ^^^^^^^^^^^^^^^^^
	> Dereference.
	>
	> 80 const struct lib_ring_buffer_config *config = chan->backend.config;
	> 81 unsigned long mmap_buf_len;
	> 82
	> 83 if (config->output != RING_BUFFER_MMAP)
	> 84 return -EINVAL;
	> 85
	> 86 if (!buf)
	> ^^^^
	> Check.
	>
	> 87 return -EBADF;
	> 88

	Let's move the NULL buf check to the file "open", where it belongs. The
	"open" file operation is the actual interface between lib ring buffer
	and the modules using it.

	Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
	Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
	Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
	---
	.../lttng/lib/ringbuffer/ring_buffer_mmap.c \| 3 ---
	.../staging/lttng/lib/ringbuffer/ring_buffer_vfs.c \| 3 +++
	2 files changed, 3 insertions(+), 3 deletions(-)

	diff --git a/drivers/staging/lttng/lib/ringbuffer/ring_buffer_mmap.c b/drivers/staging/lttng/lib/ringbuffer/ring_buffer_mmap.c
	index cf37434..c9d6e89 100644
	--- a/drivers/staging/lttng/lib/ringbuffer/ring_buffer_mmap.c
	+++ b/drivers/staging/lttng/lib/ringbuffer/ring_buffer_mmap.c
	@@ -80,9 +80,6 @@ static int lib_ring_buffer_mmap_buf(struct lib_ring_buffer *buf,
	if (config->output != RING_BUFFER_MMAP)
	return -EINVAL;

	- if (!buf)
	- return -EBADF;
	-
	mmap_buf_len = chan->backend.buf_size;
	if (chan->backend.extra_reader_sb)
	mmap_buf_len += chan->backend.subbuf_size;
	diff --git a/drivers/staging/lttng/lib/ringbuffer/ring_buffer_vfs.c b/drivers/staging/lttng/lib/ringbuffer/ring_buffer_vfs.c
	index 1708ffd..8b78305 100644
	--- a/drivers/staging/lttng/lib/ringbuffer/ring_buffer_vfs.c
	+++ b/drivers/staging/lttng/lib/ringbuffer/ring_buffer_vfs.c
	@@ -42,6 +42,9 @@ int lib_ring_buffer_open(struct inode inode, struct file file)
	struct lib_ring_buffer *buf = inode->i_private;
	int ret;

	+ if (!buf)
	+ return -EINVAL;
	+
	ret = lib_ring_buffer_open_read(buf);
	if (ret)
	return ret;
	--
	1.7.9