bnxt_re: fix a crash in qp error event processing

In bnxt_qplib_process_qp_event(), for qp error events we look up the qp-handle and pass it for further processing. But we don't check if the handle is NULL. This could lead to a crash in the called functions when that qp-handle is dereferenced, if the qp is destroyed in the meantime. Fix this by checking for a valid qp-handle in that function. Signed-off-by: Sriharsha Basavapatna <sriharsha.basavapatna@broadcom.com> Signed-off-by: Doug Ledford <dledford@redhat.com>
author: Sriharsha Basavapatna <sriharsha.basavapatna@broadcom.com> 2017-10-31 14:59:17 +0530
committer: Doug Ledford <dledford@redhat.com> 2017-11-13 15:01:25 -0500
commit: d6d5c59905c8af932c1cee874e1fb5cd9e83fa61 (patch)
tree: 21186a9ffbb8465892fe89c4e691911b9a6c2a24 /drivers/infiniband/hw
parent: f17966f19575eac9d5dea68b08f6292dd3d4d3db (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/drivers/infiniband/hw/bnxt_re/qplib_rcfw.c b/drivers/infiniband/hw/bnxt_re/qplib_rcfw.c
index 6d116146fa3c..a7b5de3e193c 100644
--- a/drivers/infiniband/hw/bnxt_re/qplib_rcfw.c
+++ b/drivers/infiniband/hw/bnxt_re/qplib_rcfw.c
@@ -302,6 +302,8 @@ static int bnxt_qplib_process_qp_event(struct bnxt_qplib_rcfw *rcfw,
 			"QPLIB: qpid 0x%x, req_err=0x%x, resp_err=0x%x\n",
 			qp_id, err_event->req_err_state_reason,
 			err_event->res_err_state_reason);
+		if (!qp)
+			break;
 		bnxt_qplib_acquire_cq_locks(qp, &flags);
 		bnxt_qplib_mark_qp_error(qp);
 		bnxt_qplib_release_cq_locks(qp, &flags);
author	Sriharsha Basavapatna <sriharsha.basavapatna@broadcom.com>	2017-10-31 14:59:17 +0530
committer	Doug Ledford <dledford@redhat.com>	2017-11-13 15:01:25 -0500
commit	d6d5c59905c8af932c1cee874e1fb5cd9e83fa61 (patch)
tree	21186a9ffbb8465892fe89c4e691911b9a6c2a24 /drivers/infiniband/hw
parent	f17966f19575eac9d5dea68b08f6292dd3d4d3db (diff)