| From foo@baz Wed Dec 20 18:17:52 CET 2017 |
| From: "Wei Hu(Xavier)" <xavier.huwei@huawei.com> |
| Date: Fri, 29 Sep 2017 23:10:12 +0800 |
| Subject: RDMA/hns: Avoid NULL pointer exception |
| |
| From: "Wei Hu(Xavier)" <xavier.huwei@huawei.com> |
| |
| |
| [ Upstream commit 5e437b1d7e8d31ff9a4b8e898eb3a6cee309edd9 ] |
| |
| After the loop in hns_roce_v1_mr_free_work_fn function, it is possible that |
| all qps will have been freed (in which case ne will be 0). If that |
| happens, then later in the function when we dereference hr_qp we will |
| get an exception. Check ne is not 0 to make sure we actually have an |
| hr_qp left to work on. |
| |
| This patch fixes the smatch error as below: |
| drivers/infiniband/hw/hns/hns_roce_hw_v1.c:1009 hns_roce_v1_mr_free_work_fn() |
| error: we previously assumed 'hr_qp' could be null |
| |
| Signed-off-by: Wei Hu (Xavier) <xavier.huwei@huawei.com> |
| Signed-off-by: Lijun Ou <oulijun@huawei.com> |
| Signed-off-by: Shaobo Xu <xushaobo2@huawei.com> |
| Signed-off-by: Doug Ledford <dledford@redhat.com> |
| Signed-off-by: Sasha Levin <alexander.levin@verizon.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| drivers/infiniband/hw/hns/hns_roce_hw_v1.c | 5 +++++ |
| 1 file changed, 5 insertions(+) |
| |
| --- a/drivers/infiniband/hw/hns/hns_roce_hw_v1.c |
| +++ b/drivers/infiniband/hw/hns/hns_roce_hw_v1.c |
| @@ -1001,6 +1001,11 @@ static void hns_roce_v1_mr_free_work_fn( |
| } |
| } |
| |
| + if (!ne) { |
| + dev_err(dev, "Reseved loop qp is absent!\n"); |
| + goto free_work; |
| + } |
| + |
| do { |
| ret = hns_roce_v1_poll_cq(&mr_free_cq->ib_cq, ne, wc); |
| if (ret < 0) { |
