IB/cma: Potential NULL dereference in cma_id_from_event
authorHaggai Eran <haggaie@mellanox.com>
Mon, 21 Sep 2015 13:02:02 +0000 (16:02 +0300)
committerDoug Ledford <dledford@redhat.com>
Tue, 20 Oct 2015 17:13:42 +0000 (13:13 -0400)
If the lookup of a listening ID failed for an AF_IB request, the code
would try to call dev_put() on a NULL net_dev.

Fixes: be688195bd08 ("IB/cma: Fix net_dev reference leak with failed
requests")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Haggai Eran <haggaie@mellanox.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
drivers/infiniband/core/cma.c

index 59a2dafc8c574df13b5d186f9b0987c06c8e58c6..f163ac680841b446c14f8872e57fd88da1b1e069 100644 (file)
@@ -1324,7 +1324,7 @@ static struct rdma_id_private *cma_id_from_event(struct ib_cm_id *cm_id,
        bind_list = cma_ps_find(rdma_ps_from_service_id(req.service_id),
                                cma_port_from_service_id(req.service_id));
        id_priv = cma_find_listener(bind_list, cm_id, ib_event, &req, *net_dev);
-       if (IS_ERR(id_priv)) {
+       if (IS_ERR(id_priv) && *net_dev) {
                dev_put(*net_dev);
                *net_dev = NULL;
        }