IB/sa_query: Check if sm_ah is NULL in ib_sa_remove_one()

If update_sm_ah() fails, it leaves the port's sm_ah as NULL. Then if the device or module is removed, ib_sa_remove_one() will dereference a NULL pointer when it calls kref_put(). Fix this by testing if sm_ah is NULL before dropping the reference. Signed-off-by: N Ralph Campbell <ralph.campbell@qlogic.com> Signed-off-by: N Roland Dreier <rolandd@cisco.com>

IB/sa_query: Check if sm_ah is NULL in ib_sa_remove_one()
If update_sm_ah() fails, it leaves the port's sm_ah as NULL. Then if the device or module is removed, ib_sa_remove_one() will dereference a NULL pointer when it calls kref_put(). Fix this by testing if sm_ah is NULL before dropping the reference. Signed-off-by: N Ralph Campbell <ralph.campbell@qlogic.com> Signed-off-by: N Roland Dreier <rolandd@cisco.com>
64b784b5 · Ralph Campbell · Roland Dreier · d35cb360 · 64b784b5
隐藏空白更改
内联并排

Showing with 2 addition and 1 deletion

drivers/infiniband/core/sa_query.c drivers/infiniband/core/sa_query.c +2 -1

未找到文件。
--- a/drivers/infiniband/core/sa_query.c
+++ b/drivers/infiniband/core/sa_query.c
@@ -1064,7 +1064,8 @@ static void ib_sa_remove_one(struct ib_device *device)

 	for (i = 0; i <= sa_dev->end_port - sa_dev->start_port; ++i) {
 		ib_unregister_mad_agent(sa_dev->port[i].agent);
-		kref_put(&sa_dev->port[i].sm_ah->ref, free_sm_ah);
+		if (sa_dev->port[i].sm_ah)
+			kref_put(&sa_dev->port[i].sm_ah->ref, free_sm_ah);
 	}

 	kfree(sa_dev);