[IB] uverbs: Avoid NULL pointer deref on CQ async event
authorRoland Dreier <rolandd@cisco.com>
Sun, 30 Oct 2005 17:50:04 +0000 (09:50 -0800)
committerRoland Dreier <rolandd@cisco.com>
Mon, 31 Oct 2005 15:10:32 +0000 (07:10 -0800)
Userspace CQs that have no completion event channel attached end up
with their cq_context set to NULL.  However, asynchronous events like
"CQ overrun" can still occur on such CQs, so add a uverbs_file member
to struct ib_ucq_object that we can follow to deliver these events.

Signed-off-by: Roland Dreier <rolandd@cisco.com>
drivers/infiniband/core/uverbs.h
drivers/infiniband/core/uverbs_cmd.c
drivers/infiniband/core/uverbs_main.c

index 031cdf3c066d6b5f1404057326ef8844529feeb0..ecb830127865d5ef96f534c62351be697d90fbb5 100644 (file)
@@ -113,6 +113,7 @@ struct ib_uevent_object {
 
 struct ib_ucq_object {
        struct ib_uobject       uobject;
+       struct ib_uverbs_file  *uverbs_file;
        struct list_head        comp_list;
        struct list_head        async_list;
        u32                     comp_events_reported;
index 8c89abc8c76460056bd358d92573c2f146330e63..63a74151c60b4dd9971641353fbf6f382f6ffa5b 100644 (file)
@@ -602,6 +602,7 @@ ssize_t ib_uverbs_create_cq(struct ib_uverbs_file *file,
 
        uobj->uobject.user_handle   = cmd.user_handle;
        uobj->uobject.context       = file->ucontext;
+       uobj->uverbs_file           = file;
        uobj->comp_events_reported  = 0;
        uobj->async_events_reported = 0;
        INIT_LIST_HEAD(&uobj->comp_list);
index 0eb38f479b3957c7294357a8a6356a8a053011e9..e58a7b278a00bf0ae47af52000286b743688e794 100644 (file)
@@ -442,13 +442,10 @@ static void ib_uverbs_async_handler(struct ib_uverbs_file *file,
 
 void ib_uverbs_cq_event_handler(struct ib_event *event, void *context_ptr)
 {
-       struct ib_uverbs_event_file *ev_file = context_ptr;
-       struct ib_ucq_object *uobj;
+       struct ib_ucq_object *uobj = container_of(event->element.cq->uobject,
+                                                 struct ib_ucq_object, uobject);
 
-       uobj = container_of(event->element.cq->uobject,
-                           struct ib_ucq_object, uobject);
-
-       ib_uverbs_async_handler(ev_file->uverbs_file, uobj->uobject.user_handle,
+       ib_uverbs_async_handler(uobj->uverbs_file, uobj->uobject.user_handle,
                                event->event, &uobj->async_list,
                                &uobj->async_events_reported);