From: Rasesh Mody Date: Wed, 18 Dec 2013 01:07:38 +0000 (-0800) Subject: bna: Add NULL Check Before Dereferencing TCB X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=96e31adf8d73f10bd2b616a17bd8af0d53e9da33;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git bna: Add NULL Check Before Dereferencing TCB Currently we already check to see whether the BNAD_TXQ_TX_STARTED cleared. But if the tcb structure which contains this flag is also already freed by that time, we would dereference the NULL pointer. This patch is to check tcb for NULL pointer, before dereferencing it. Signed-off-by: Rasesh Mody Signed-off-by: David S. Miller --- diff --git a/drivers/net/ethernet/brocade/bna/bnad.c b/drivers/net/ethernet/brocade/bna/bnad.c index 7d818de66e53..e31937a9177d 100644 --- a/drivers/net/ethernet/brocade/bna/bnad.c +++ b/drivers/net/ethernet/brocade/bna/bnad.c @@ -2958,21 +2958,21 @@ bnad_start_xmit(struct sk_buff *skb, struct net_device *netdev) } tcb = bnad->tx_info[0].tcb[txq_id]; - q_depth = tcb->q_depth; - prod = tcb->producer_index; - - unmap_q = tcb->unmap_q; /* * Takes care of the Tx that is scheduled between clearing the flag * and the netif_tx_stop_all_queues() call. */ - if (unlikely(!test_bit(BNAD_TXQ_TX_STARTED, &tcb->flags))) { + if (unlikely(!tcb || !test_bit(BNAD_TXQ_TX_STARTED, &tcb->flags))) { dev_kfree_skb(skb); BNAD_UPDATE_CTR(bnad, tx_skb_stopping); return NETDEV_TX_OK; } + q_depth = tcb->q_depth; + prod = tcb->producer_index; + unmap_q = tcb->unmap_q; + vectors = 1 + skb_shinfo(skb)->nr_frags; wis = BNA_TXQ_WI_NEEDED(vectors); /* 4 vectors per work item */