lttng lib: ring buffer move null pointer check to open
authorMathieu Desnoyers <mathieu.desnoyers@efficios.com>
Wed, 30 Nov 2011 18:34:16 +0000 (13:34 -0500)
committerGreg Kroah-Hartman <gregkh@suse.de>
Thu, 1 Dec 2011 17:37:48 +0000 (09:37 -0800)
* Dan Carpenter <dan.carpenter@oracle.com> wrote:
> The patch c844b2f5cfea: "lttng lib: ring buffer" from Nov 28, 2011,
> leads to the following Smatch complaint:
>
> drivers/staging/lttng/lib/ringbuffer/ring_buffer_mmap.c +86
> +lib_ring_buffer_mmap_buf()
>          warn: variable dereferenced before check 'buf' (see line 79)
>
> drivers/staging/lttng/lib/ringbuffer/ring_buffer_mmap.c
>     78          unsigned long length = vma->vm_end - vma->vm_start;
>     79          struct channel *chan = buf->backend.chan;
>                                        ^^^^^^^^^^^^^^^^^
> Dereference.
>
>     80          const struct lib_ring_buffer_config *config = chan->backend.config;
>     81          unsigned long mmap_buf_len;
>     82
>     83          if (config->output != RING_BUFFER_MMAP)
>     84                  return -EINVAL;
>     85
>     86          if (!buf)
>                     ^^^^
> Check.
>
>     87                  return -EBADF;
>     88

Let's move the NULL buf check to the file "open", where it belongs. The
"open" file operation is the actual interface between lib ring buffer
and the modules using it.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
drivers/staging/lttng/lib/ringbuffer/ring_buffer_mmap.c
drivers/staging/lttng/lib/ringbuffer/ring_buffer_vfs.c

index cf374348d907334f81e3f2d9b67ef8bce44789d2..c9d6e89a76955fbf0f062413e1c6fba1feb98df5 100644 (file)
@@ -80,9 +80,6 @@ static int lib_ring_buffer_mmap_buf(struct lib_ring_buffer *buf,
        if (config->output != RING_BUFFER_MMAP)
                return -EINVAL;
 
-       if (!buf)
-               return -EBADF;
-
        mmap_buf_len = chan->backend.buf_size;
        if (chan->backend.extra_reader_sb)
                mmap_buf_len += chan->backend.subbuf_size;
index 1708ffd6bc9b1b80f06da11af5cb7830c2a6923b..8b783052a5f6cbe510e218120f6c16b56ebc96c5 100644 (file)
@@ -42,6 +42,9 @@ int lib_ring_buffer_open(struct inode *inode, struct file *file)
        struct lib_ring_buffer *buf = inode->i_private;
        int ret;
 
+       if (!buf)
+               return -EINVAL;
+
        ret = lib_ring_buffer_open_read(buf);
        if (ret)
                return ret;