From: Svetlana Mavrina <another.karnil@gmail.com>
Date: Sun, 12 Jan 2014 11:56:09 +0000 (+0000)
Subject: RDMA/amso1100: Add check if cache memory was allocated before freeing it
X-Git-Tag: v3.14-rc1~103^2~1^5~1
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d9d5713ca628dc211d8b4a1da5fb9e0cfe592b92;p=thirdparty%2Fkernel%2Flinux.git

RDMA/amso1100: Add check if cache memory was allocated before freeing it

There is a path in handle_vq() where kmem_cache_free() can be called
with pointer to a local variable.  It can happen if vq_repbuf_alloc()
failed to allocate memory from cache and req is NULL.

The patch adds check if cache memory was allocated before freeing it.

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Svetlana Mavrina <another.karnil@gmail.com>
Reviewed-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Signed-off-by: Roland Dreier <roland@purestorage.com>
---

diff --git a/drivers/infiniband/hw/amso1100/c2_intr.c b/drivers/infiniband/hw/amso1100/c2_intr.c
index 8951db4ae29d4..3a17d9b36dbac 100644
--- a/drivers/infiniband/hw/amso1100/c2_intr.c
+++ b/drivers/infiniband/hw/amso1100/c2_intr.c
@@ -169,7 +169,8 @@ static void handle_vq(struct c2_dev *c2dev, u32 mq_index)
 		 * We should never get here, as the adapter should
 		 * never send us a reply that we're not expecting.
 		 */
-		vq_repbuf_free(c2dev, host_msg);
+		if (reply_msg != NULL)
+			vq_repbuf_free(c2dev, host_msg);
 		pr_debug("handle_vq: UNEXPECTEDLY got NULL req\n");
 		return;
 	}