diff options
| author | Selvin Xavier <selvin.xavier@broadcom.com> | 2017-06-29 15:28:11 -0400 |
|---|---|---|
| committer | Doug Ledford <dledford@redhat.com> | 2017-07-20 11:20:50 -0400 |
| commit | 4a62c5e9e2e1c15ceb1654715d9284d97f921119 (patch) | |
| tree | ddb0c7c04a3170a048d54458007ff65a6a7cbeda | |
| parent | ab69d4c8da38024191f3514c1296e9e8deea4e98 (diff) | |
RDMA/bnxt_re: Do not free the ctx_tbl entry if delete GID fails
This fix is added only to avoid system crash in some a
specific scenario. When bnxt_re driver is loaded and if
user tries to change interface mac address, delete GID
fails because QP1 is still associated with existing MAC
(default GID). If the above command fails GID tables are
not modified in the h/w or driver, but the GID context memory
is freed. Now, if the user changes the mac back to the original
value, another add_gid comes to the driver where the driver
reports that the GID is already present in its table
and tries to access the context which was already freed.
So, in this case, in order to avoid NULL pointer de-reference,
this patch removes the context memory free if delete_gid fails
and the same context memory is re-used in new add_gid.
Memory cleanup will be taken care during driver unload, while
deleting the GID table.
Signed-off-by: Kalesh AP <kalesh-anakkur.purayil@broadcom.com>
Signed-off-by: Selvin Xavier <selvin.xavier@broadcom.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
| -rw-r--r-- | drivers/infiniband/hw/bnxt_re/ib_verbs.c | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/drivers/infiniband/hw/bnxt_re/ib_verbs.c b/drivers/infiniband/hw/bnxt_re/ib_verbs.c index e743ffd392c6..0cd8372989ce 100644 --- a/drivers/infiniband/hw/bnxt_re/ib_verbs.c +++ b/drivers/infiniband/hw/bnxt_re/ib_verbs.c | |||
| @@ -390,15 +390,17 @@ int bnxt_re_del_gid(struct ib_device *ibdev, u8 port_num, | |||
| 390 | return -EINVAL; | 390 | return -EINVAL; |
| 391 | ctx->refcnt--; | 391 | ctx->refcnt--; |
| 392 | if (!ctx->refcnt) { | 392 | if (!ctx->refcnt) { |
| 393 | rc = bnxt_qplib_del_sgid | 393 | rc = bnxt_qplib_del_sgid(sgid_tbl, |
| 394 | (sgid_tbl, | 394 | &sgid_tbl->tbl[ctx->idx], |
| 395 | &sgid_tbl->tbl[ctx->idx], true); | 395 | true); |
| 396 | if (rc) | 396 | if (rc) { |
| 397 | dev_err(rdev_to_dev(rdev), | 397 | dev_err(rdev_to_dev(rdev), |
| 398 | "Failed to remove GID: %#x", rc); | 398 | "Failed to remove GID: %#x", rc); |
| 399 | ctx_tbl = sgid_tbl->ctx; | 399 | } else { |
| 400 | ctx_tbl[ctx->idx] = NULL; | 400 | ctx_tbl = sgid_tbl->ctx; |
| 401 | kfree(ctx); | 401 | ctx_tbl[ctx->idx] = NULL; |
| 402 | kfree(ctx); | ||
| 403 | } | ||
| 402 | } | 404 | } |
| 403 | } else { | 405 | } else { |
| 404 | return -EINVAL; | 406 | return -EINVAL; |