[PATCH 4/6] drivers/net/fs_enet: remove null pointer dereference - Kernel

This is a discussion on [PATCH 4/6] drivers/net/fs_enet: remove null pointer dereference - Kernel ; From: Julia Lawall The following code appears in the function fs_init_instance in the file drivers/net/fs_enet/fs_enet-main.c. if (fep->ops == NULL) { printk(KERN_ERR DRV_MODULE_NAME ": %s No matching ops found (%d).\n", ndev->name, fpi->fs_no); err = -EINVAL; goto err; } This code implies ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: [PATCH 4/6] drivers/net/fs_enet: remove null pointer dereference

  1. [PATCH 4/6] drivers/net/fs_enet: remove null pointer dereference

    From: Julia Lawall

    The following code appears in the function fs_init_instance in the file drivers/net/fs_enet/fs_enet-main.c.

    if (fep->ops == NULL) {
    printk(KERN_ERR DRV_MODULE_NAME
    ": %s No matching ops found (%d).\n",
    ndev->name, fpi->fs_no);
    err = -EINVAL;
    goto err;
    }

    This code implies that at the point of err, fep->ops can be NULL, so an
    extra test is needed before dereferencing this value.


    This problem was found using the following semantic match
    (http://www.emn.fr/x-info/coccinelle/)

    //
    @@
    expression E, E1;
    identifier f;
    statement S1,S2,S3;
    @@

    * if (E == NULL)
    {
    ... when != if (E == NULL) S1 else S2
    when != E = E1
    * E->f
    ... when any
    return ...;
    }
    else S3
    //


    Signed-off-by: Julia Lawall

    ---

    diff -u -p a/drivers/net/fs_enet/fs_enet-main.c b/drivers/net/fs_enet/fs_enet-main.c
    --- a/drivers/net/fs_enet/fs_enet-main.c 2008-04-27 11:41:11.000000000 +0200
    +++ b/drivers/net/fs_enet/fs_enet-main.c 2008-05-12 09:41:52.000000000 +0200
    @@ -1093,7 +1093,7 @@ err:
    if (registered)
    unregister_netdev(ndev);

    - if (fep != NULL) {
    + if (fep && fep->ops) {
    (*fep->ops->free_bd)(ndev);
    (*fep->ops->cleanup_data)(ndev);
    }
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  2. Re: [PATCH 4/6] drivers/net/fs_enet: remove null pointer dereference

    On Mon, 12 May 2008 15:38:26 +0200 (CEST)
    Julia Lawall wrote:

    > From: Julia Lawall

    Acked-by: Vitaly Bordug

    >
    > The following code appears in the function fs_init_instance in the
    > file drivers/net/fs_enet/fs_enet-main.c.
    >
    > if (fep->ops == NULL) {
    > printk(KERN_ERR DRV_MODULE_NAME
    > ": %s No matching ops found (%d).\n",
    > ndev->name, fpi->fs_no);
    > err = -EINVAL;
    > goto err;
    > }
    >
    > This code implies that at the point of err, fep->ops can be NULL, so
    > an extra test is needed before dereferencing this value.
    >


    >
    > This problem was found using the following semantic match
    > (http://www.emn.fr/x-info/coccinelle/)
    >
    > //
    > @@
    > expression E, E1;
    > identifier f;
    > statement S1,S2,S3;
    > @@
    >
    > * if (E == NULL)
    > {
    > ... when != if (E == NULL) S1 else S2
    > when != E = E1
    > * E->f
    > ... when any
    > return ...;
    > }
    > else S3
    > //

    >
    > Signed-off-by: Julia Lawall
    >
    > ---
    >
    > diff -u -p a/drivers/net/fs_enet/fs_enet-main.c
    > b/drivers/net/fs_enet/fs_enet-main.c ---
    > a/drivers/net/fs_enet/fs_enet-main.c 2008-04-27
    > 11:41:11.000000000 +0200 +++
    > b/drivers/net/fs_enet/fs_enet-main.c 2008-05-12
    > 09:41:52.000000000 +0200 @@ -1093,7 +1093,7 @@ err: if (registered)
    > unregister_netdev(ndev);
    > - if (fep != NULL) {
    > + if (fep && fep->ops) {
    > (*fep->ops->free_bd)(ndev);
    > (*fep->ops->cleanup_data)(ndev);
    > }


    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2.0.9 (GNU/Linux)

    iEYEARECAAYFAkgoZFoACgkQe8XNc4YXvvj24ACg2SAPJFHf8C lq0jMQJ4ks/qQp
    RH0AniPgTxfpG+GBzSI2xN+xgIT5CMuR
    =QP9p
    -----END PGP SIGNATURE-----


  3. Re: [PATCH 4/6] drivers/net/fs_enet: remove null pointer dereference

    Julia Lawall :
    [...]
    > diff -u -p a/drivers/net/fs_enet/fs_enet-main.c b/drivers/net/fs_enet/fs_enet-main.c
    > --- a/drivers/net/fs_enet/fs_enet-main.c 2008-04-27 11:41:11.000000000 +0200
    > +++ b/drivers/net/fs_enet/fs_enet-main.c 2008-05-12 09:41:52.000000000 +0200
    > @@ -1093,7 +1093,7 @@ err:
    > if (registered)
    > unregister_netdev(ndev);
    >
    > - if (fep != NULL) {
    > + if (fep && fep->ops) {
    > (*fep->ops->free_bd)(ndev);
    > (*fep->ops->cleanup_data)(ndev);
    > }


    Extra cookies for the nice soul who:
    - removes the 'if (registered)' test (it can not happen)
    - uses different error lablels and unrolls the error path. I can not claim
    that the current error path is wrong but it would not hurt if it was more
    trivially balanced.

    --
    Ueimor
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  4. Re: [PATCH 4/6] drivers/net/fs_enet: remove null pointer dereference

    Francois Romieu wrote:
    > Julia Lawall :
    > [...]
    >> diff -u -p a/drivers/net/fs_enet/fs_enet-main.c b/drivers/net/fs_enet/fs_enet-main.c
    >> --- a/drivers/net/fs_enet/fs_enet-main.c 2008-04-27 11:41:11.000000000 +0200
    >> +++ b/drivers/net/fs_enet/fs_enet-main.c 2008-05-12 09:41:52.000000000 +0200
    >> @@ -1093,7 +1093,7 @@ err:
    >> if (registered)
    >> unregister_netdev(ndev);
    >>
    >> - if (fep != NULL) {
    >> + if (fep && fep->ops) {
    >> (*fep->ops->free_bd)(ndev);
    >> (*fep->ops->cleanup_data)(ndev);
    >> }

    >
    > Extra cookies for the nice soul who:
    > - removes the 'if (registered)' test (it can not happen)
    > - uses different error lablels and unrolls the error path. I can not claim
    > that the current error path is wrong but it would not hurt if it was more
    > trivially balanced.
    >


    Please note that this code is going away very soon, when arch/ppc dies.

    -Scott
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  5. Re: [PATCH 4/6] drivers/net/fs_enet: remove null pointer dereference

    Julia Lawall wrote:
    > From: Julia Lawall
    >
    > The following code appears in the function fs_init_instance in the file drivers/net/fs_enet/fs_enet-main.c.
    >
    > if (fep->ops == NULL) {
    > printk(KERN_ERR DRV_MODULE_NAME
    > ": %s No matching ops found (%d).\n",
    > ndev->name, fpi->fs_no);
    > err = -EINVAL;
    > goto err;
    > }
    >
    > This code implies that at the point of err, fep->ops can be NULL, so an
    > extra test is needed before dereferencing this value.
    >
    >
    > This problem was found using the following semantic match
    > (http://www.emn.fr/x-info/coccinelle/)
    >
    > //
    > @@
    > expression E, E1;
    > identifier f;
    > statement S1,S2,S3;
    > @@
    >
    > * if (E == NULL)
    > {
    > ... when != if (E == NULL) S1 else S2
    > when != E = E1
    > * E->f
    > ... when any
    > return ...;
    > }
    > else S3
    > //

    >
    > Signed-off-by: Julia Lawall


    applied

    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

+ Reply to Thread