ibmvnic: avoid memset null scrq msgs

[ Upstream commit 9281cf2d584083a450fd65fd27cc5f0e692f6e30 ]

scrq->msgs could be NULL during device reset, causing Linux to crash.
So, check before memset scrq->msgs.

Fixes: c8b2ad0a4a901 ("ibmvnic: Sanitize entire SCRQ buffer on reset")
Signed-off-by: Dany Madden <drt@linux.ibm.com>
Signed-off-by: Lijun Pan <ljp@linux.ibm.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/drivers/net/ethernet/ibm/ibmvnic.c b/drivers/net/ethernet/ibm/ibmvnic.c
index 32fc0266d99b188671f7637ee974cf3e144cbf50..f892cb4a08f4e5e3ec2d78c4a328aa6777d2636a 100644 (file)
--- a/drivers/net/ethernet/ibm/ibmvnic.c
+++ b/drivers/net/ethernet/ibm/ibmvnic.c
@@ -2857,15 +2857,26 @@ static int reset_one_sub_crq_queue(struct ibmvnic_adapter *adapter,
 {
        int rc;
 
+       if (!scrq) {
+               netdev_dbg(adapter->netdev,
+                          "Invalid scrq reset. irq (%d) or msgs (%p).\n",
+                          scrq->irq, scrq->msgs);
+               return -EINVAL;
+       }
+
        if (scrq->irq) {
                free_irq(scrq->irq, scrq);
                irq_dispose_mapping(scrq->irq);
                scrq->irq = 0;
        }
-
-       memset(scrq->msgs, 0, 4 * PAGE_SIZE);
-       atomic_set(&scrq->used, 0);
-       scrq->cur = 0;
+       if (scrq->msgs) {
+               memset(scrq->msgs, 0, 4 * PAGE_SIZE);
+               atomic_set(&scrq->used, 0);
+               scrq->cur = 0;
+       } else {
+               netdev_dbg(adapter->netdev, "Invalid scrq reset\n");
+               return -EINVAL;
+       }
 
        rc = h_reg_sub_crq(adapter->vdev->unit_address, scrq->msg_token,
                           4 * PAGE_SIZE, &scrq->crq_num, &scrq->hw_irq);