From 9285faa1e7c8ffcc8901c40f6e1cc06d93e92431 Mon Sep 17 00:00:00 2001 From: Tom Tucker Date: Wed, 16 Apr 2008 21:09:34 -0700 Subject: [PATCH] RDMA/amso1100: Add check for NULL reply_msg in c2_intr() Fix a place where we might dereference a NULL pointer; this fixes Coverity CID 1392. On inspection I also found a place where we could attempt to kmem_cache_free() a NULL pointer, so fix this too. Signed-off-by: Tom Tucker Signed-off-by: Roland Dreier --- drivers/infiniband/hw/amso1100/c2_cq.c | 4 ++-- drivers/infiniband/hw/amso1100/c2_intr.c | 6 +++++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/drivers/infiniband/hw/amso1100/c2_cq.c b/drivers/infiniband/hw/amso1100/c2_cq.c index d2b3366786d..bb17cce3cb5 100644 --- a/drivers/infiniband/hw/amso1100/c2_cq.c +++ b/drivers/infiniband/hw/amso1100/c2_cq.c @@ -422,8 +422,8 @@ void c2_free_cq(struct c2_dev *c2dev, struct c2_cq *cq) goto bail1; reply = (struct c2wr_cq_destroy_rep *) (unsigned long) (vq_req->reply_msg); - - vq_repbuf_free(c2dev, reply); + if (reply) + vq_repbuf_free(c2dev, reply); bail1: vq_req_free(c2dev, vq_req); bail0: diff --git a/drivers/infiniband/hw/amso1100/c2_intr.c b/drivers/infiniband/hw/amso1100/c2_intr.c index 0d0bc33ca30..3b5095470cb 100644 --- a/drivers/infiniband/hw/amso1100/c2_intr.c +++ b/drivers/infiniband/hw/amso1100/c2_intr.c @@ -174,7 +174,11 @@ static void handle_vq(struct c2_dev *c2dev, u32 mq_index) return; } - err = c2_errno(reply_msg); + if (reply_msg) + err = c2_errno(reply_msg); + else + err = -ENOMEM; + if (!err) switch (req->event) { case IW_CM_EVENT_ESTABLISHED: c2_set_qp_state(req->qp, -- 2.41.1