[dpdk-dev] [PATCH v3 13/15] net/bnxt: avoid null pointer dereference
Ajit Khaparde
ajit.khaparde at broadcom.com
Wed Oct 2 03:23:33 CEST 2019
From: Kalesh AP <kalesh-anakkur.purayil at broadcom.com>
Commit "bd0a14c99f65" enables the creation of a dedicated completion
ring for asynchronous event handling instead of handling these
events on a receive completion ring on non Stingray Platforms.
This causes a segfault due to NULL pointer defreference in
bnxt_alloc_async_cp_ring() on stingray. Fix this by checking the
pointer validity before accessing it.
Fixes: bd0a14c99f65 ("net/bnxt: use dedicated CPR for async events")
Cc: stable at dpdk.org
Signed-off-by: Kalesh AP <kalesh-anakkur.purayil at broadcom.com>
Signed-off-by: Ajit Kumar Khaparde <ajit.khaparde at broadcom.com>
Reviewed-by: Rahul Gupta <rahul.gupta at broadcom.com>
Reviewed-by: Lance Richardson <lance.richardson at broadcom.com>
---
drivers/net/bnxt/bnxt_ring.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/net/bnxt/bnxt_ring.c b/drivers/net/bnxt/bnxt_ring.c
index 2f57e038a0..ec17783cf8 100644
--- a/drivers/net/bnxt/bnxt_ring.c
+++ b/drivers/net/bnxt/bnxt_ring.c
@@ -694,13 +694,15 @@ int bnxt_alloc_hwrm_rings(struct bnxt *bp)
int bnxt_alloc_async_cp_ring(struct bnxt *bp)
{
struct bnxt_cp_ring_info *cpr = bp->async_cp_ring;
- struct bnxt_ring *cp_ring = cpr->cp_ring_struct;
+ struct bnxt_ring *cp_ring;
uint8_t ring_type;
int rc;
- if (BNXT_NUM_ASYNC_CPR(bp) == 0)
+ if (BNXT_NUM_ASYNC_CPR(bp) == 0 || cpr == NULL)
return 0;
+ cp_ring = cpr->cp_ring_struct;
+
if (BNXT_HAS_NQ(bp))
ring_type = HWRM_RING_ALLOC_INPUT_RING_TYPE_NQ;
else
--
2.20.1 (Apple Git-117)
More information about the dev
mailing list