From: Dave Jiang Date: Thu, 17 Sep 2015 20:27:04 +0000 (-0700) Subject: NTB: Fix issue where we may be accessing NULL ptr X-Git-Tag: firefly_0821_release~176^2~739^2~5 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=04afde45e096201f8fd74c1db848a5d85d1aa57d;p=firefly-linux-kernel-4.4.55.git NTB: Fix issue where we may be accessing NULL ptr smatch detected an issue in the function ntb_transport_max_size() where we could be dereferencing a dma channel pointer when it is NULL. Reported-by: Dan Carpenter Signed-off-by: Dave Jiang Signed-off-by: Jon Mason --- diff --git a/drivers/ntb/ntb_transport.c b/drivers/ntb/ntb_transport.c index 6e3ee907d186..3903dfc39975 100644 --- a/drivers/ntb/ntb_transport.c +++ b/drivers/ntb/ntb_transport.c @@ -1996,23 +1996,24 @@ EXPORT_SYMBOL_GPL(ntb_transport_qp_num); */ unsigned int ntb_transport_max_size(struct ntb_transport_qp *qp) { - unsigned int max; + unsigned int max_size; unsigned int copy_align; + struct dma_chan *rx_chan, *tx_chan; if (!qp) return 0; - if (!qp->tx_dma_chan && !qp->rx_dma_chan) - return qp->tx_max_frame - sizeof(struct ntb_payload_header); + rx_chan = qp->rx_dma_chan; + tx_chan = qp->tx_dma_chan; - copy_align = max(qp->tx_dma_chan->device->copy_align, - qp->rx_dma_chan->device->copy_align); + copy_align = max(rx_chan ? rx_chan->device->copy_align : 0, + tx_chan ? tx_chan->device->copy_align : 0); /* If DMA engine usage is possible, try to find the max size for that */ - max = qp->tx_max_frame - sizeof(struct ntb_payload_header); - max -= max % (1 << copy_align); + max_size = qp->tx_max_frame - sizeof(struct ntb_payload_header); + max_size = round_down(max_size, 1 << copy_align); - return max; + return max_size; } EXPORT_SYMBOL_GPL(ntb_transport_max_size);