RDMA/cxgb4: Added NULL check for lookup_atid

The lookup_atid() function can return NULL if the ATID is
invalid or does not exist in the identifier table, which
could lead to dereferencing a null pointer without a
check in the `act_establish()` and `act_open_rpl()` functions.
Add a NULL check to prevent null pointer dereferencing.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: cfdda9d76436 ("RDMA/cxgb4: Add driver for Chelsio T4 RNIC")
Signed-off-by: Mikhail Lobanov <m.lobanov@rosalinux.ru>
Link: https://patch.msgid.link/20240912145844.77516-1-m.lobanov@rosalinux.ru
Signed-off-by: Leon Romanovsky <leon@kernel.org>

diff --git a/drivers/infiniband/hw/cxgb4/cm.c b/drivers/infiniband/hw/cxgb4/cm.c
index 040ba2224f9ff67e508f5ecd443c96f8cb8f645c..b3757c6a0457a1bc016711f799c91a298d3ece34 100644 (file)
--- a/drivers/infiniband/hw/cxgb4/cm.c
+++ b/drivers/infiniband/hw/cxgb4/cm.c
@@ -1222,6 +1222,8 @@ static int act_establish(struct c4iw_dev *dev, struct sk_buff *skb)
        int ret;
 
        ep = lookup_atid(t, atid);
+       if (!ep)
+               return -EINVAL;
 
        pr_debug("ep %p tid %u snd_isn %u rcv_isn %u\n", ep, tid,
                 be32_to_cpu(req->snd_isn), be32_to_cpu(req->rcv_isn));
@@ -2279,6 +2281,9 @@ static int act_open_rpl(struct c4iw_dev *dev, struct sk_buff *skb)
        int ret = 0;
 
        ep = lookup_atid(t, atid);
+       if (!ep)
+               return -EINVAL;
+
        la = (struct sockaddr_in *)&ep->com.local_addr;
        ra = (struct sockaddr_in *)&ep->com.remote_addr;
        la6 = (struct sockaddr_in6 *)&ep->com.local_addr;