AMSO1100: Add check for NULL reply_msg in c2_intr
This is a checker-found bug posted to bugzilla.kernel.org (7478). Upon
inspection I also found a place where we could attempt to kmem_cache_free
a null pointer.
Signed-off-by: Tom Tucker <[EMAIL PROTECTED]>
---
Roland,
I don't think anyone has ever hit this bug, so it is a low priority in my view.
I also noticed that
if we refactored vq_wait_for_reply that we could combine a common
if (!reply) {
err = -ENOMEM;
goto bail;
}
construct by guaranteeing that reply is non-null if vq_wait_for_reply returns
without
an error. This patch, however, is much smaller. What do you think?
drivers/infiniband/hw/amso1100/c2_cq.c | 4 ++--
drivers/infiniband/hw/amso1100/c2_intr.c | 6 +++++-
2 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/drivers/infiniband/hw/amso1100/c2_cq.c
b/drivers/infiniband/hw/amso1100/c2_cq.c
index d2b3366..bb17cce 100644
--- a/drivers/infiniband/hw/amso1100/c2_cq.c
+++ b/drivers/infiniband/hw/amso1100/c2_cq.c
@@ -422,8 +422,8 @@ void c2_free_cq(struct c2_dev *c2dev, struct c2_cq *cq)
goto bail1;
reply = (struct c2wr_cq_destroy_rep *) (unsigned long)
(vq_req->reply_msg);
-
- vq_repbuf_free(c2dev, reply);
+ if (reply)
+ vq_repbuf_free(c2dev, reply);
bail1:
vq_req_free(c2dev, vq_req);
bail0:
diff --git a/drivers/infiniband/hw/amso1100/c2_intr.c
b/drivers/infiniband/hw/amso1100/c2_intr.c
index 0d0bc33..3b50954 100644
--- a/drivers/infiniband/hw/amso1100/c2_intr.c
+++ b/drivers/infiniband/hw/amso1100/c2_intr.c
@@ -174,7 +174,11 @@ static void handle_vq(struct c2_dev *c2dev, u32 mq_index)
return;
}
- err = c2_errno(reply_msg);
+ if (reply_msg)
+ err = c2_errno(reply_msg);
+ else
+ err = -ENOMEM;
+
if (!err) switch (req->event) {
case IW_CM_EVENT_ESTABLISHED:
c2_set_qp_state(req->qp,
_______________________________________________
general mailing list
[email protected]
http://lists.openfabrics.org/cgi-bin/mailman/listinfo/general
To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general
