bna: Add NULL Check Before Dereferencing TCB

Currently we already check to see whether the BNAD_TXQ_TX_STARTED cleared.
But if the tcb structure which contains this flag is also already freed by that
time, we would dereference the NULL pointer. This patch is to check tcb for NULL
pointer, before dereferencing it.

Signed-off-by: Rasesh Mody <rmody@brocade.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/drivers/net/ethernet/brocade/bna/bnad.c b/drivers/net/ethernet/brocade/bna/bnad.c
index 7d818de66e537bbe4e01408a407479727ebc541b..e31937a9177ddd22bc81d62a56ef86c0a3c3bde2 100644 (file)
--- a/drivers/net/ethernet/brocade/bna/bnad.c
+++ b/drivers/net/ethernet/brocade/bna/bnad.c
@@ -2958,21 +2958,21 @@ bnad_start_xmit(struct sk_buff *skb, struct net_device *netdev)
        }
 
        tcb = bnad->tx_info[0].tcb[txq_id];
-       q_depth = tcb->q_depth;
-       prod = tcb->producer_index;
-
-       unmap_q = tcb->unmap_q;
 
        /*
         * Takes care of the Tx that is scheduled between clearing the flag
         * and the netif_tx_stop_all_queues() call.
         */
-       if (unlikely(!test_bit(BNAD_TXQ_TX_STARTED, &tcb->flags))) {
+       if (unlikely(!tcb || !test_bit(BNAD_TXQ_TX_STARTED, &tcb->flags))) {
                dev_kfree_skb(skb);
                BNAD_UPDATE_CTR(bnad, tx_skb_stopping);
                return NETDEV_TX_OK;
        }
 
+       q_depth = tcb->q_depth;
+       prod = tcb->producer_index;
+       unmap_q = tcb->unmap_q;
+
        vectors = 1 + skb_shinfo(skb)->nr_frags;
        wis = BNA_TXQ_WI_NEEDED(vectors);       /* 4 vectors per work item */