Discussion:
file->f_op is never NULL...
Dan Carpenter
2013-11-12 10:30:13 UTC
Permalink
Hello Ecrypt FS People,

Al Viro has a patch in linux-next and it upsets Smatch:

The patch 72c2d5319200: "file->f_op is never NULL..." from Sep 22,
2013, leads to the following
static checker warning: "fs/ecryptfs/file.c:320 ecryptfs_unlocked_ioctl()
error: potential NULL dereference 'lower_file'."

fs/ecryptfs/file.c
312 static long
313 ecryptfs_unlocked_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
314 {
315 struct file *lower_file = NULL;
316 long rc = -ENOTTY;
317
318 if (ecryptfs_file_to_private(file))
319 lower_file = ecryptfs_file_to_lower(file);
320 if (lower_file->f_op && lower_file->f_op->unlocked_ioctl)
321 rc = lower_file->f_op->unlocked_ioctl(lower_file, cmd, arg);

If there is no file->private_data then "lower_file" is NULL. However,
I think file->private_data is always set to a valid pointer in
ecryptfs_open() so really we should just remove the
"if (ecryptfs_file_to_private(file))" check. Is that right, or am I
missing something.

322 return rc;
323 }
324
325 #ifdef CONFIG_COMPAT
326 static long
327 ecryptfs_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
328 {
329 struct file *lower_file = NULL;
330 long rc = -ENOIOCTLCMD;
331
332 if (ecryptfs_file_to_private(file))
333 lower_file = ecryptfs_file_to_lower(file);
334 if (lower_file->f_op && lower_file->f_op->compat_ioctl)
335 rc = lower_file->f_op->compat_ioctl(lower_file, cmd, arg);

Same things.

336 return rc;
337 }
338 #endif

regards,
dan carpenter
Tyler Hicks
2013-11-13 18:54:03 UTC
Permalink
When accessing the lower_file pointer located in private_data of
eCryptfs files, there is no need to check to see if the private_data
pointer has been initialized to a non-NULL value. The file->private_data
and file->private_data->lower_file pointers are always initialized to
non-NULL values in ecryptfs_open().

This change quiets a Smatch warning:

CHECK /var/scm/kernel/linux/fs/ecryptfs/file.c
fs/ecryptfs/file.c:321 ecryptfs_unlocked_ioctl() error: potential NULL dereference 'lower_file'.
fs/ecryptfs/file.c:335 ecryptfs_compat_ioctl() error: potential NULL dereference 'lower_file'.

Signed-off-by: Tyler Hicks <***@canonical.com>
Reported-by: Dan Carpenter <***@oracle.com>
Cc: Al Viro <***@zeniv.linux.org.uk>
---

Thanks, Dan! You're right that the "if (ecryptfs_file_to_private(file))" check
is not needed.

I'll include this patch in an upcoming pull request.

Tyler

fs/ecryptfs/file.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/fs/ecryptfs/file.c b/fs/ecryptfs/file.c
index 2229a74..b1eaa7a 100644
--- a/fs/ecryptfs/file.c
+++ b/fs/ecryptfs/file.c
@@ -313,11 +313,9 @@ static int ecryptfs_fasync(int fd, struct file *file, int flag)
static long
ecryptfs_unlocked_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
{
- struct file *lower_file = NULL;
+ struct file *lower_file = ecryptfs_file_to_lower(file);
long rc = -ENOTTY;

- if (ecryptfs_file_to_private(file))
- lower_file = ecryptfs_file_to_lower(file);
if (lower_file->f_op->unlocked_ioctl)
rc = lower_file->f_op->unlocked_ioctl(lower_file, cmd, arg);
return rc;
@@ -327,11 +325,9 @@ ecryptfs_unlocked_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
static long
ecryptfs_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
{
- struct file *lower_file = NULL;
+ struct file *lower_file = ecryptfs_file_to_lower(file);
long rc = -ENOIOCTLCMD;

- if (ecryptfs_file_to_private(file))
- lower_file = ecryptfs_file_to_lower(file);
if (lower_file->f_op && lower_file->f_op->compat_ioctl)
rc = lower_file->f_op->compat_ioctl(lower_file, cmd, arg);
return rc;
--
1.8.3.2
Loading...