From: Jack Morgenstein Date: Mon, 26 Nov 2007 08:41:19 +0000 (+0200) Subject: IPoIB: Fix oops if xmit is called when priv->broadcast is NULL X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=1401b53acc0328d96bacb2a3393d2852699df96b;p=GitHub%2FLineageOS%2Fandroid_kernel_samsung_universal7580.git IPoIB: Fix oops if xmit is called when priv->broadcast is NULL If a port goes down, ipoib_ib_dev_down() is invoked -- which flushes the mcasts (clearing priv->broadcast) and clearing the path record cache. If ipoib_start_xmit() is then invoked (before the broadcast group is rejoined), a kernel oops results from attempting to access priv->broadcast, which is still unset. Returning NULL from path_rec_create() if priv->broadcast is NULL is a harmless way of bypassing the problem -- the offending packet is simply discarded "without prejudice." Signed-off-by: Jack Morgenstein Signed-off-by: Roland Dreier --- diff --git a/drivers/infiniband/ulp/ipoib/ipoib_main.c b/drivers/infiniband/ulp/ipoib/ipoib_main.c index a03a65ebcf0..c9f6077b615 100644 --- a/drivers/infiniband/ulp/ipoib/ipoib_main.c +++ b/drivers/infiniband/ulp/ipoib/ipoib_main.c @@ -460,6 +460,9 @@ static struct ipoib_path *path_rec_create(struct net_device *dev, void *gid) struct ipoib_dev_priv *priv = netdev_priv(dev); struct ipoib_path *path; + if (!priv->broadcast) + return NULL; + path = kzalloc(sizeof *path, GFP_ATOMIC); if (!path) return NULL;