Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp1103987ybb; Wed, 1 Apr 2020 15:58:31 -0700 (PDT) X-Google-Smtp-Source: APiQypJNOS+DOwoXmIIQKeOQ/pzv0bNAp4hvu+6QWC0CcHB9CHAhbZdoPBXLagMi96YjNv5EJFac X-Received: by 2002:aca:50d0:: with SMTP id e199mr210966oib.133.1585781911036; Wed, 01 Apr 2020 15:58:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1585781911; cv=none; d=google.com; s=arc-20160816; b=CMYhrphzL6iA6dTgNzF5RApiMegCxO1aUhtaeWbCtoeC+/h6IIygAcaWkPBxT+VVfZ 2Yi3t3XblKFtbUW85ZItJVLcCk4e+mrDh+UUuSJJO4M8z6bFHdCZgHKcO8c0T+s3qT9G VieHfcAgUnX73/As3KqVjz1tKl8xdzOv9pU6FOsSvLJzrBtWI6+dUvONwxY01jhS+eco Yq/pJhVfPVl4gJBEpPUs/u2n1gU2k0BJT9asWe/q2EaajMDPzmPWBhEVXcLF6lXp5s5c jsj1fh7gO9ptilq6VBO8M9iObcxUz0TGs85DVMzXwtVGNkFXYrcO6zzIbk9gmXGQdLey Y+wA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=DYFvruC+bCYtydWzpoOpcUG2pf5ggc5obTx5ZMIJfFc=; b=X0Fj8vbFU5MCordZAz2lmjjqyvLrs3SZIiHKIjMex/NMSVWKwYzquM28L5lRugvvQl pAV4p2/+8+DTjXcLLOkT40Q2ZvM0PXo4PVqgY3dKInErXgon5PsZRK1CS+EfrT0iTv03 aY3m4PfBq56YLQg07KpJO5ckbuvrtYYjhybbe8ahbpdl1ZRmbyfpTMydr8h6guNuvXoB BxdL+WHZ481nhyQLSZdduS9fW+uyQB1bp2BUlJqLahnaGlUSQYR3o0rk3FvdDyPEaajx 07CL9xLJTF6Xqwc7pX5T/zz5VZIEXoB9hnDBCKD0JtWQONhc907i7sPu1bjbrZ8+OlaF wv3w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i6si1486034oia.100.2020.04.01.15.58.01; Wed, 01 Apr 2020 15:58:31 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388983AbgDAWt2 (ORCPT + 99 others); Wed, 1 Apr 2020 18:49:28 -0400 Received: from youngberry.canonical.com ([91.189.89.112]:47837 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388966AbgDAWt2 (ORCPT ); Wed, 1 Apr 2020 18:49:28 -0400 Received: from 1.general.cking.uk.vpn ([10.172.193.212] helo=localhost) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jJmAj-0004nz-QG; Wed, 01 Apr 2020 22:49:21 +0000 From: Colin King To: Faisal Latif , Shiraz Saleem , Doug Ledford , Jason Gunthorpe , sindhu.devale@intel.com, linux-rdma@vger.kernel.org Cc: kernel-janitors@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH][next] i40iw: fix null pointer dereference on a null wqe pointer Date: Wed, 1 Apr 2020 23:49:21 +0100 Message-Id: <20200401224921.405279-1-colin.king@canonical.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Colin Ian King Currently the null check for wqe is incorrect and lets a null wqe be passed to set_64bit_val and this indexes into the null pointer causing a null pointer dereference. Fix this by fixing the null pointer check to return an error if wqe is null. Addresses-Coverity: ("dereference after a null check") Fixes: 4b34e23f4eaa ("i40iw: Report correct firmware version") Signed-off-by: Colin Ian King --- drivers/infiniband/hw/i40iw/i40iw_ctrl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/infiniband/hw/i40iw/i40iw_ctrl.c b/drivers/infiniband/hw/i40iw/i40iw_ctrl.c index e8b4b3743661..688f19667221 100644 --- a/drivers/infiniband/hw/i40iw/i40iw_ctrl.c +++ b/drivers/infiniband/hw/i40iw/i40iw_ctrl.c @@ -1046,7 +1046,7 @@ i40iw_sc_query_rdma_features(struct i40iw_sc_cqp *cqp, u64 header; wqe = i40iw_sc_cqp_get_next_send_wqe(cqp, scratch); - if (wqe) + if (!wqe) return I40IW_ERR_RING_FULL; set_64bit_val(wqe, 32, feat_mem->pa); -- 2.25.1