From: Michael Guralnik <michaelgur@nvidia.com>
Date: Wed, 10 Jun 2026 00:01:42 +0000 (+0300)
Subject: RDMA/core: Avoid NULL dereference on FRMR bad usage
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3937243095b5cfed6556bd1ea170790223f3eeb0;p=thirdparty%2Fkernel%2Flinux.git

RDMA/core: Avoid NULL dereference on FRMR bad usage

In case a driver calls FRMR pop operation without a successful init,
return after triggering a warning to avoid the NULL dereference.

Fixes: ce5df0b891ed ("IB/core: Introduce FRMR pools")
Link: https://patch.msgid.link/r/20260610000145.820592-7-michaelgur@nvidia.com
Signed-off-by: Michael Guralnik <michaelgur@nvidia.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
---

diff --git a/drivers/infiniband/core/frmr_pools.c b/drivers/infiniband/core/frmr_pools.c
index 1cfdddc3fcdaf..892aedfe03bed 100644
--- a/drivers/infiniband/core/frmr_pools.c
+++ b/drivers/infiniband/core/frmr_pools.c
@@ -529,7 +529,9 @@ int ib_frmr_pool_pop(struct ib_device *device, struct ib_mr *mr)
 	struct ib_frmr_pools *pools = device->frmr_pools;
 	struct ib_frmr_pool *pool;
 
-	WARN_ON_ONCE(!device->frmr_pools);
+	if (WARN_ON_ONCE(!pools))
+		return -EINVAL;
+
 	pool = ib_frmr_pool_find(pools, &mr->frmr.key);
 	if (!pool) {
 		pool = create_frmr_pool(device, &mr->frmr.key);