[ofa-general] [PATCH] AMSO1100: Add check for NULL reply_msg in c2_intr
Tom Tucker
tom at opengridcomputing.com
Fri Apr 4 12:10:40 PDT 2008
AMSO1100: Add check for NULL reply_msg in c2_intr
This is a checker-found bug posted to bugzilla.kernel.org (7478). Upon
inspection I also found a place where we could attempt to kmem_cache_free
a null pointer.
Signed-off-by: Tom Tucker <tom at opengridcomputing.com>
---
Roland,
I don't think anyone has ever hit this bug, so it is a low priority in my view. I also noticed that
if we refactored vq_wait_for_reply that we could combine a common
if (!reply) {
err = -ENOMEM;
goto bail;
}
construct by guaranteeing that reply is non-null if vq_wait_for_reply returns without
an error. This patch, however, is much smaller. What do you think?
drivers/infiniband/hw/amso1100/c2_cq.c | 4 ++--
drivers/infiniband/hw/amso1100/c2_intr.c | 6 +++++-
2 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/drivers/infiniband/hw/amso1100/c2_cq.c b/drivers/infiniband/hw/amso1100/c2_cq.c
index d2b3366..bb17cce 100644
--- a/drivers/infiniband/hw/amso1100/c2_cq.c
+++ b/drivers/infiniband/hw/amso1100/c2_cq.c
@@ -422,8 +422,8 @@ void c2_free_cq(struct c2_dev *c2dev, struct c2_cq *cq)
goto bail1;
reply = (struct c2wr_cq_destroy_rep *) (unsigned long) (vq_req->reply_msg);
-
- vq_repbuf_free(c2dev, reply);
+ if (reply)
+ vq_repbuf_free(c2dev, reply);
bail1:
vq_req_free(c2dev, vq_req);
bail0:
diff --git a/drivers/infiniband/hw/amso1100/c2_intr.c b/drivers/infiniband/hw/amso1100/c2_intr.c
index 0d0bc33..3b50954 100644
--- a/drivers/infiniband/hw/amso1100/c2_intr.c
+++ b/drivers/infiniband/hw/amso1100/c2_intr.c
@@ -174,7 +174,11 @@ static void handle_vq(struct c2_dev *c2dev, u32 mq_index)
return;
}
- err = c2_errno(reply_msg);
+ if (reply_msg)
+ err = c2_errno(reply_msg);
+ else
+ err = -ENOMEM;
+
if (!err) switch (req->event) {
case IW_CM_EVENT_ESTABLISHED:
c2_set_qp_state(req->qp,
More information about the general
mailing list