patches for DPDK stable branches
 help / color / Atom feed
* [dpdk-stable] [PATCH v3 13/15] net/bnxt: avoid null pointer dereference
       [not found] ` <20191002012335.85324-1-ajit.khaparde@broadcom.com>
@ 2019-10-02  1:23   ` Ajit Khaparde
  0 siblings, 0 replies; only message in thread
From: Ajit Khaparde @ 2019-10-02  1:23 UTC (permalink / raw)
  To: dev
  Cc: ferruh.yigit, Kalesh AP, stable, Ajit Kumar Khaparde,
	Rahul Gupta, Lance Richardson

From: Kalesh AP <kalesh-anakkur.purayil@broadcom.com>

Commit "bd0a14c99f65" enables the creation of a dedicated completion
ring for asynchronous event handling instead of handling these
events on a receive completion ring on non Stingray Platforms.

This causes a segfault due to NULL pointer defreference in
bnxt_alloc_async_cp_ring() on stingray. Fix this by checking the
pointer validity before accessing it.

Fixes: bd0a14c99f65 ("net/bnxt: use dedicated CPR for async events")
Cc: stable@dpdk.org

Signed-off-by: Kalesh AP <kalesh-anakkur.purayil@broadcom.com>
Signed-off-by: Ajit Kumar Khaparde <ajit.khaparde@broadcom.com>
Reviewed-by: Rahul Gupta <rahul.gupta@broadcom.com>
Reviewed-by: Lance Richardson <lance.richardson@broadcom.com>
---
 drivers/net/bnxt/bnxt_ring.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/net/bnxt/bnxt_ring.c b/drivers/net/bnxt/bnxt_ring.c
index 2f57e038a0..ec17783cf8 100644
--- a/drivers/net/bnxt/bnxt_ring.c
+++ b/drivers/net/bnxt/bnxt_ring.c
@@ -694,13 +694,15 @@ int bnxt_alloc_hwrm_rings(struct bnxt *bp)
 int bnxt_alloc_async_cp_ring(struct bnxt *bp)
 {
 	struct bnxt_cp_ring_info *cpr = bp->async_cp_ring;
-	struct bnxt_ring *cp_ring = cpr->cp_ring_struct;
+	struct bnxt_ring *cp_ring;
 	uint8_t ring_type;
 	int rc;
 
-	if (BNXT_NUM_ASYNC_CPR(bp) == 0)
+	if (BNXT_NUM_ASYNC_CPR(bp) == 0 || cpr == NULL)
 		return 0;
 
+	cp_ring = cpr->cp_ring_struct;
+
 	if (BNXT_HAS_NQ(bp))
 		ring_type = HWRM_RING_ALLOC_INPUT_RING_TYPE_NQ;
 	else
-- 
2.20.1 (Apple Git-117)


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, back to index

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <7c08999f-13f3-5fb6-39a2-557a0884bfde@intel.com>
     [not found] ` <20191002012335.85324-1-ajit.khaparde@broadcom.com>
2019-10-02  1:23   ` [dpdk-stable] [PATCH v3 13/15] net/bnxt: avoid null pointer dereference Ajit Khaparde

patches for DPDK stable branches

Archives are clonable:
	git clone --mirror http://inbox.dpdk.org/stable/0 stable/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 stable stable/ http://inbox.dpdk.org/stable \
		stable@dpdk.org
	public-inbox-index stable


Newsgroup available over NNTP:
	nntp://inbox.dpdk.org/inbox.dpdk.stable


AGPL code for this site: git clone https://public-inbox.org/ public-inbox