[dpdk-dev] [PATCH v3 13/15] net/bnxt: avoid null pointer dereference

Ajit Khaparde ajit.khaparde at broadcom.com
Wed Oct 2 03:23:33 CEST 2019


From: Kalesh AP <kalesh-anakkur.purayil at broadcom.com>

Commit "bd0a14c99f65" enables the creation of a dedicated completion
ring for asynchronous event handling instead of handling these
events on a receive completion ring on non Stingray Platforms.

This causes a segfault due to NULL pointer defreference in
bnxt_alloc_async_cp_ring() on stingray. Fix this by checking the
pointer validity before accessing it.

Fixes: bd0a14c99f65 ("net/bnxt: use dedicated CPR for async events")
Cc: stable at dpdk.org

Signed-off-by: Kalesh AP <kalesh-anakkur.purayil at broadcom.com>
Signed-off-by: Ajit Kumar Khaparde <ajit.khaparde at broadcom.com>
Reviewed-by: Rahul Gupta <rahul.gupta at broadcom.com>
Reviewed-by: Lance Richardson <lance.richardson at broadcom.com>
---
 drivers/net/bnxt/bnxt_ring.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/net/bnxt/bnxt_ring.c b/drivers/net/bnxt/bnxt_ring.c
index 2f57e038a0..ec17783cf8 100644
--- a/drivers/net/bnxt/bnxt_ring.c
+++ b/drivers/net/bnxt/bnxt_ring.c
@@ -694,13 +694,15 @@ int bnxt_alloc_hwrm_rings(struct bnxt *bp)
 int bnxt_alloc_async_cp_ring(struct bnxt *bp)
 {
 	struct bnxt_cp_ring_info *cpr = bp->async_cp_ring;
-	struct bnxt_ring *cp_ring = cpr->cp_ring_struct;
+	struct bnxt_ring *cp_ring;
 	uint8_t ring_type;
 	int rc;
 
-	if (BNXT_NUM_ASYNC_CPR(bp) == 0)
+	if (BNXT_NUM_ASYNC_CPR(bp) == 0 || cpr == NULL)
 		return 0;
 
+	cp_ring = cpr->cp_ring_struct;
+
 	if (BNXT_HAS_NQ(bp))
 		ring_type = HWRM_RING_ALLOC_INPUT_RING_TYPE_NQ;
 	else
-- 
2.20.1 (Apple Git-117)



More information about the dev mailing list