From: Haggai Eran Date: Mon, 21 Sep 2015 13:02:02 +0000 (+0300) Subject: IB/cma: Potential NULL dereference in cma_id_from_event X-Git-Tag: firefly_0821_release~176^2~884^2~3 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=b3b51f9f6f5d91cd16afaed0c22df2c56ed5f92e;p=firefly-linux-kernel-4.4.55.git IB/cma: Potential NULL dereference in cma_id_from_event If the lookup of a listening ID failed for an AF_IB request, the code would try to call dev_put() on a NULL net_dev. Fixes: be688195bd08 ("IB/cma: Fix net_dev reference leak with failed requests") Reported-by: Dan Carpenter Signed-off-by: Haggai Eran Signed-off-by: Doug Ledford --- diff --git a/drivers/infiniband/core/cma.c b/drivers/infiniband/core/cma.c index 59a2dafc8c57..f163ac680841 100644 --- a/drivers/infiniband/core/cma.c +++ b/drivers/infiniband/core/cma.c @@ -1324,7 +1324,7 @@ static struct rdma_id_private *cma_id_from_event(struct ib_cm_id *cm_id, bind_list = cma_ps_find(rdma_ps_from_service_id(req.service_id), cma_port_from_service_id(req.service_id)); id_priv = cma_find_listener(bind_list, cm_id, ib_event, &req, *net_dev); - if (IS_ERR(id_priv)) { + if (IS_ERR(id_priv) && *net_dev) { dev_put(*net_dev); *net_dev = NULL; }