e1000e: prevent null ptr dereference in e1000_tx_queue()

tx_desc can be dereferenced as a null pointer when count is passed in
as 0.

Signed-off-by: Bruce Allan <bruce.w.allan@intel.com>
Tested-by: Emil Tantilov <emil.s.tantilov@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>

diff --git a/drivers/net/e1000e/netdev.c b/drivers/net/e1000e/netdev.c
index 393b76d27536eb735caaa92ae920827cf90c90ae..4bf843ac7ea3a24f9e97bdedd0b6a01f0fea5809 100644 (file)
--- a/drivers/net/e1000e/netdev.c
+++ b/drivers/net/e1000e/netdev.c
@@ -4629,7 +4629,7 @@ static void e1000_tx_queue(struct e1000_adapter *adapter,
 
        i = tx_ring->next_to_use;
 
-       while (count--) {
+       do {
                buffer_info = &tx_ring->buffer_info[i];
                tx_desc = E1000_TX_DESC(*tx_ring, i);
                tx_desc->buffer_addr = cpu_to_le64(buffer_info->dma);
@@ -4640,7 +4640,7 @@ static void e1000_tx_queue(struct e1000_adapter *adapter,
                i++;
                if (i == tx_ring->count)
                        i = 0;
-       }
+       } while (--count > 0);
 
        tx_desc->lower.data |= cpu_to_le32(adapter->txd_cmd);