diff options
author | Julia Lawall <julia@diku.dk> | 2008-12-25 13:39:28 +0100 |
---|---|---|
committer | Martin Schwidefsky <schwidefsky@de.ibm.com> | 2008-12-25 13:39:16 +0100 |
commit | 21e7b2c4d59e5d6631b25e71e777cb0160997d6a (patch) | |
tree | b7ec97726e6d16756da6104f5284ea98453c8f80 /drivers/s390/crypto/zcrypt_pcixcc.c | |
parent | [S390] panic_stack leak in smp_alloc_lowcore (diff) | |
download | linux-21e7b2c4d59e5d6631b25e71e777cb0160997d6a.tar.xz linux-21e7b2c4d59e5d6631b25e71e777cb0160997d6a.zip |
[S390] drivers/s390/crypto: Move dereference to after IS_ERR test
If reply is ERR_PTR(...), then it should not be dereferenced, so I have
moved the dereference from the declaration to after the IS_ERR test.
The semantic match that finds the problem is as follows:
(http://www.emn.fr/x-info/coccinelle/)
// <smpl>
@match exists@
expression x, E;
identifier fld;
position p1,p2;
@@
(
x = E;
|
x = E
|
x@p1->fld
... when != x = E
IS_ERR(x@p2)
... when any
)
@other_match exists@
expression match.x, E1, E2;
position match.p1,match.p2;
@@
x = E1
... when != x = E2
when != x@p1
x@p2
@ script:python depends on !other_match@
p1 << match.p1;
p2 << match.p2;
@@
print "* file %s dereference %s test %s" % (p1[0].file,p1[0].line,p2[0].line)
// </smpl>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Diffstat (limited to 'drivers/s390/crypto/zcrypt_pcixcc.c')
-rw-r--r-- | drivers/s390/crypto/zcrypt_pcixcc.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/drivers/s390/crypto/zcrypt_pcixcc.c b/drivers/s390/crypto/zcrypt_pcixcc.c index d8ad36f81540..e7a1e22e77ac 100644 --- a/drivers/s390/crypto/zcrypt_pcixcc.c +++ b/drivers/s390/crypto/zcrypt_pcixcc.c @@ -635,13 +635,16 @@ static void zcrypt_pcixcc_receive(struct ap_device *ap_dev, }; struct response_type *resp_type = (struct response_type *) msg->private; - struct type86x_reply *t86r = reply->message; + struct type86x_reply *t86r; int length; /* Copy the reply message to the request message buffer. */ - if (IS_ERR(reply)) + if (IS_ERR(reply)) { memcpy(msg->message, &error_reply, sizeof(error_reply)); - else if (t86r->hdr.type == TYPE86_RSP_CODE && + goto out; + } + t86r = reply->message; + if (t86r->hdr.type == TYPE86_RSP_CODE && t86r->cprbx.cprb_ver_id == 0x02) { switch (resp_type->type) { case PCIXCC_RESPONSE_TYPE_ICA: @@ -660,6 +663,7 @@ static void zcrypt_pcixcc_receive(struct ap_device *ap_dev, } } else memcpy(msg->message, reply->message, sizeof error_reply); +out: complete(&(resp_type->work)); } |