RDMA/bnxt_re: Add sanity checks on rdev validity

[ Upstream commit f0df225d12fcb049429fb5bf5122afe143c2dd15 ]

There is a possibility that ulp_irq_stop and ulp_irq_start
callbacks will be called when the device is in detached state.
This can cause a crash due to NULL pointer dereference as
the rdev is already freed.

Fixes: cc5b9b48d447 ("RDMA/bnxt_re: Recover the device when FW error is detected")
Signed-off-by: Kalesh AP <kalesh-anakkur.purayil@broadcom.com>
Signed-off-by: Selvin Xavier <selvin.xavier@broadcom.com>
Link: https://patch.msgid.link/1738657285-23968-3-git-send-email-selvin.xavier@broadcom.com
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/drivers/infiniband/hw/bnxt_re/main.c b/drivers/infiniband/hw/bnxt_re/main.c
index 08cc9ea1752767ed7c2d4850896a5ac3e641ce7a..9fd83189d00a50c7872abca429cdf6ba7bf95e40 100644 (file)
--- a/drivers/infiniband/hw/bnxt_re/main.c
+++ b/drivers/infiniband/hw/bnxt_re/main.c
@@ -314,6 +314,8 @@ static void bnxt_re_stop_irq(void *handle)
        int indx;
 
        rdev = en_info->rdev;
+       if (!rdev)
+               return;
        rcfw = &rdev->rcfw;
 
        for (indx = BNXT_RE_NQ_IDX; indx < rdev->nqr->num_msix; indx++) {
@@ -334,6 +336,8 @@ static void bnxt_re_start_irq(void *handle, struct bnxt_msix_entry *ent)
        int indx, rc;
 
        rdev = en_info->rdev;
+       if (!rdev)
+               return;
        msix_ent = rdev->nqr->msix_entries;
        rcfw = &rdev->rcfw;
        if (!ent) {
@@ -2077,6 +2081,7 @@ static int bnxt_re_suspend(struct auxiliary_device *adev, pm_message_t state)
        ibdev_info(&rdev->ibdev, "%s: L2 driver notified to stop en_state 0x%lx",
                   __func__, en_dev->en_state);
        bnxt_re_remove_device(rdev, BNXT_RE_PRE_RECOVERY_REMOVE, adev);
+       bnxt_re_update_en_info_rdev(NULL, en_info, adev);
        mutex_unlock(&bnxt_re_mutex);
 
        return 0;