diff options
| author | Dasaratharaman Chandramouli <dasaratharaman.chandramouli@intel.com> | 2016-10-25 16:12:23 -0400 |
|---|---|---|
| committer | Doug Ledford <dledford@redhat.com> | 2016-11-15 16:16:46 -0500 |
| commit | f2d8a0b367e735ab157222ce74a5f2481216c878 (patch) | |
| tree | 6c5ddd69f786cdf672944fe175dced45e2e6486e | |
| parent | 505efe3e46d5eaab726295cd023fb86d5b789d00 (diff) | |
IB/hfi1: Fix ECN processing in prescan_rxq
When processing ECN via the prescan_rxq path, some fields in the packet
structure are passed uninitialized. This can potentially
cause NULL pointer exceptions during ECN handling.
Reviewed-by: Ira Weiny <ira.weiny@intel.com>
Reviewed-by: Dennis Dalessandro <dennis.dalessandro@intel.com>
Signed-off-by: Dasaratharaman Chandramouli <dasaratharaman.chandramouli@intel.com>
Signed-off-by: Dennis Dalessandro <dennis.dalessandro@intel.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
| -rw-r--r-- | drivers/infiniband/hw/hfi1/driver.c | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/drivers/infiniband/hw/hfi1/driver.c b/drivers/infiniband/hw/hfi1/driver.c index dadd35eedc01..c5efff29c147 100644 --- a/drivers/infiniband/hw/hfi1/driver.c +++ b/drivers/infiniband/hw/hfi1/driver.c | |||
| @@ -599,7 +599,6 @@ static void __prescan_rxq(struct hfi1_packet *packet) | |||
| 599 | dd->rhf_offset; | 599 | dd->rhf_offset; |
| 600 | struct rvt_qp *qp; | 600 | struct rvt_qp *qp; |
| 601 | struct ib_header *hdr; | 601 | struct ib_header *hdr; |
| 602 | struct ib_other_headers *ohdr; | ||
| 603 | struct rvt_dev_info *rdi = &dd->verbs_dev.rdi; | 602 | struct rvt_dev_info *rdi = &dd->verbs_dev.rdi; |
| 604 | u64 rhf = rhf_to_cpu(rhf_addr); | 603 | u64 rhf = rhf_to_cpu(rhf_addr); |
| 605 | u32 etype = rhf_rcv_type(rhf), qpn, bth1; | 604 | u32 etype = rhf_rcv_type(rhf), qpn, bth1; |
| @@ -615,18 +614,21 @@ static void __prescan_rxq(struct hfi1_packet *packet) | |||
| 615 | if (etype != RHF_RCV_TYPE_IB) | 614 | if (etype != RHF_RCV_TYPE_IB) |
| 616 | goto next; | 615 | goto next; |
| 617 | 616 | ||
| 618 | hdr = hfi1_get_msgheader(dd, rhf_addr); | 617 | packet->hdr = hfi1_get_msgheader(dd, rhf_addr); |
| 618 | hdr = packet->hdr; | ||
| 619 | 619 | ||
| 620 | lnh = be16_to_cpu(hdr->lrh[0]) & 3; | 620 | lnh = be16_to_cpu(hdr->lrh[0]) & 3; |
| 621 | 621 | ||
| 622 | if (lnh == HFI1_LRH_BTH) | 622 | if (lnh == HFI1_LRH_BTH) { |
| 623 | ohdr = &hdr->u.oth; | 623 | packet->ohdr = &hdr->u.oth; |
| 624 | else if (lnh == HFI1_LRH_GRH) | 624 | } else if (lnh == HFI1_LRH_GRH) { |
| 625 | ohdr = &hdr->u.l.oth; | 625 | packet->ohdr = &hdr->u.l.oth; |
| 626 | else | 626 | packet->rcv_flags |= HFI1_HAS_GRH; |
| 627 | } else { | ||
| 627 | goto next; /* just in case */ | 628 | goto next; /* just in case */ |
| 629 | } | ||
| 628 | 630 | ||
| 629 | bth1 = be32_to_cpu(ohdr->bth[1]); | 631 | bth1 = be32_to_cpu(packet->ohdr->bth[1]); |
| 630 | is_ecn = !!(bth1 & (HFI1_FECN_SMASK | HFI1_BECN_SMASK)); | 632 | is_ecn = !!(bth1 & (HFI1_FECN_SMASK | HFI1_BECN_SMASK)); |
| 631 | 633 | ||
| 632 | if (!is_ecn) | 634 | if (!is_ecn) |
| @@ -646,7 +648,7 @@ static void __prescan_rxq(struct hfi1_packet *packet) | |||
| 646 | 648 | ||
| 647 | /* turn off BECN, FECN */ | 649 | /* turn off BECN, FECN */ |
| 648 | bth1 &= ~(HFI1_FECN_SMASK | HFI1_BECN_SMASK); | 650 | bth1 &= ~(HFI1_FECN_SMASK | HFI1_BECN_SMASK); |
| 649 | ohdr->bth[1] = cpu_to_be32(bth1); | 651 | packet->ohdr->bth[1] = cpu_to_be32(bth1); |
| 650 | next: | 652 | next: |
| 651 | update_ps_mdata(&mdata, rcd); | 653 | update_ps_mdata(&mdata, rcd); |
| 652 | } | 654 | } |