authorSvetlana Mavrina <another.karnil@gmail.com>2014-01-12 11:56:09 +0000
committerRoland Dreier <roland@purestorage.com>2014-01-22 23:03:59 -0800
commitd9d5713ca628dc211d8b4a1da5fb9e0cfe592b92 (patch)
parent05633102d85b50f35325dfbedafcedd6c5b3264c (diff)
RDMA/amso1100: Add check if cache memory was allocated before freeing it
There is a path in handle_vq() where kmem_cache_free() can be called with pointer to a local variable. It can happen if vq_repbuf_alloc() failed to allocate memory from cache and req is NULL. The patch adds check if cache memory was allocated before freeing it. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: Svetlana Mavrina <another.karnil@gmail.com> Reviewed-by: Alexey Khoroshilov <khoroshilov@ispras.ru> Signed-off-by: Roland Dreier <roland@purestorage.com>
diff --git a/drivers/infiniband/hw/amso1100/c2_intr.c b/drivers/infiniband/hw/amso1100/c2_intr.c
index 8951db4..3a17d9b 100644
--- a/drivers/infiniband/hw/amso1100/c2_intr.c
+++ b/drivers/infiniband/hw/amso1100/c2_intr.c
@@ -169,7 +169,8 @@ static void handle_vq(struct c2_dev *c2dev, u32 mq_index)
* We should never get here, as the adapter should
* never send us a reply that we're not expecting.
- vq_repbuf_free(c2dev, host_msg);
+ if (reply_msg != NULL)
+ vq_repbuf_free(c2dev, host_msg);
pr_debug("handle_vq: UNEXPECTEDLY got NULL req\n");