AMSO1100: Add check for NULL reply_msg in c2_intr This is a checker-found bug posted to bugzilla.kernel.org (7478). Upon inspection I also found a place where we could attempt to kmem_cache_free a null pointer. Signed-off-by: Tom Tucker <[EMAIL PROTECTED]> ---
Roland, I don't think anyone has ever hit this bug, so it is a low priority in my view. I also noticed that if we refactored vq_wait_for_reply that we could combine a common if (!reply) { err = -ENOMEM; goto bail; } construct by guaranteeing that reply is non-null if vq_wait_for_reply returns without an error. This patch, however, is much smaller. What do you think? drivers/infiniband/hw/amso1100/c2_cq.c | 4 ++-- drivers/infiniband/hw/amso1100/c2_intr.c | 6 +++++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/drivers/infiniband/hw/amso1100/c2_cq.c b/drivers/infiniband/hw/amso1100/c2_cq.c index d2b3366..bb17cce 100644 --- a/drivers/infiniband/hw/amso1100/c2_cq.c +++ b/drivers/infiniband/hw/amso1100/c2_cq.c @@ -422,8 +422,8 @@ void c2_free_cq(struct c2_dev *c2dev, struct c2_cq *cq) goto bail1; reply = (struct c2wr_cq_destroy_rep *) (unsigned long) (vq_req->reply_msg); - - vq_repbuf_free(c2dev, reply); + if (reply) + vq_repbuf_free(c2dev, reply); bail1: vq_req_free(c2dev, vq_req); bail0: diff --git a/drivers/infiniband/hw/amso1100/c2_intr.c b/drivers/infiniband/hw/amso1100/c2_intr.c index 0d0bc33..3b50954 100644 --- a/drivers/infiniband/hw/amso1100/c2_intr.c +++ b/drivers/infiniband/hw/amso1100/c2_intr.c @@ -174,7 +174,11 @@ static void handle_vq(struct c2_dev *c2dev, u32 mq_index) return; } - err = c2_errno(reply_msg); + if (reply_msg) + err = c2_errno(reply_msg); + else + err = -ENOMEM; + if (!err) switch (req->event) { case IW_CM_EVENT_ESTABLISHED: c2_set_qp_state(req->qp, _______________________________________________ general mailing list general@lists.openfabrics.org http://lists.openfabrics.org/cgi-bin/mailman/listinfo/general To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general