From eeb34e2113576aea782094d1e30f22b445355fe8 Mon Sep 17 00:00:00 2001 From: Mathieu Desnoyers Date: Wed, 30 Nov 2011 13:34:16 -0500 Subject: [PATCH] lttng lib: ring buffer move null pointer check to open * Dan Carpenter wrote: > The patch c844b2f5cfea: "lttng lib: ring buffer" from Nov 28, 2011, > leads to the following Smatch complaint: > > drivers/staging/lttng/lib/ringbuffer/ring_buffer_mmap.c +86 > +lib_ring_buffer_mmap_buf() > warn: variable dereferenced before check 'buf' (see line 79) > > drivers/staging/lttng/lib/ringbuffer/ring_buffer_mmap.c > 78 unsigned long length = vma->vm_end - vma->vm_start; > 79 struct channel *chan = buf->backend.chan; > ^^^^^^^^^^^^^^^^^ > Dereference. > > 80 const struct lib_ring_buffer_config *config = chan->backend.config; > 81 unsigned long mmap_buf_len; > 82 > 83 if (config->output != RING_BUFFER_MMAP) > 84 return -EINVAL; > 85 > 86 if (!buf) > ^^^^ > Check. > > 87 return -EBADF; > 88 Let's move the NULL buf check to the file "open", where it belongs. The "open" file operation is the actual interface between lib ring buffer and the modules using it. Reported-by: Dan Carpenter Signed-off-by: Mathieu Desnoyers Signed-off-by: Greg Kroah-Hartman --- drivers/staging/lttng/lib/ringbuffer/ring_buffer_mmap.c | 3 --- drivers/staging/lttng/lib/ringbuffer/ring_buffer_vfs.c | 3 +++ 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/staging/lttng/lib/ringbuffer/ring_buffer_mmap.c b/drivers/staging/lttng/lib/ringbuffer/ring_buffer_mmap.c index cf374348d907..c9d6e89a7695 100644 --- a/drivers/staging/lttng/lib/ringbuffer/ring_buffer_mmap.c +++ b/drivers/staging/lttng/lib/ringbuffer/ring_buffer_mmap.c @@ -80,9 +80,6 @@ static int lib_ring_buffer_mmap_buf(struct lib_ring_buffer *buf, if (config->output != RING_BUFFER_MMAP) return -EINVAL; - if (!buf) - return -EBADF; - mmap_buf_len = chan->backend.buf_size; if (chan->backend.extra_reader_sb) mmap_buf_len += chan->backend.subbuf_size; diff --git a/drivers/staging/lttng/lib/ringbuffer/ring_buffer_vfs.c b/drivers/staging/lttng/lib/ringbuffer/ring_buffer_vfs.c index 1708ffd6bc9b..8b783052a5f6 100644 --- a/drivers/staging/lttng/lib/ringbuffer/ring_buffer_vfs.c +++ b/drivers/staging/lttng/lib/ringbuffer/ring_buffer_vfs.c @@ -42,6 +42,9 @@ int lib_ring_buffer_open(struct inode *inode, struct file *file) struct lib_ring_buffer *buf = inode->i_private; int ret; + if (!buf) + return -EINVAL; + ret = lib_ring_buffer_open_read(buf); if (ret) return ret; -- 2.30.2