IB/core: Avoid a potential OOPs for an unused optional parameter
authorMichael J. Ruhl <michael.j.ruhl@intel.com>
Thu, 1 Feb 2018 20:31:06 +0000 (12:31 -0800)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 22 Feb 2018 14:42:15 +0000 (15:42 +0100)
commit 2ff124d597c2df8696169ce0006fc974c49a4569 upstream.

The ev_file is an optional parameter for CQ creation. If the parameter
is not passed, the ev_file pointer will be NULL.  Using that pointer
to set the cq_context will result in an OOPs.

Verify that ev_file is not NULL before using.

Cc: <stable@vger.kernel.org> # 4.14.x
Fixes: 9ee79fce3642 ("IB/core: Add completion queue (cq) object actions")
Reviewed-by: Dennis Dalessandro <dennis.dalessandro@intel.com>
Reviewed-by: Ira Weiny <ira.weiny@intel.com>
Signed-off-by: Michael J. Ruhl <michael.j.ruhl@intel.com>
Signed-off-by: Dennis Dalessandro <dennis.dalessandro@intel.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/infiniband/core/uverbs_std_types.c

index 0a98579700ec27e709d254dac245aa1438a40947..5f9321eda1b70d469af6831cadfb950538faf525 100644 (file)
@@ -315,7 +315,7 @@ static int uverbs_create_cq_handler(struct ib_device *ib_dev,
        cq->uobject       = &obj->uobject;
        cq->comp_handler  = ib_uverbs_comp_handler;
        cq->event_handler = ib_uverbs_cq_event_handler;
-       cq->cq_context    = &ev_file->ev_queue;
+       cq->cq_context    = ev_file ? &ev_file->ev_queue : NULL;
        obj->uobject.object = cq;
        obj->uobject.user_handle = user_handle;
        atomic_set(&cq->usecnt, 0);