When ep is NULL, no error code of close_listsrv_rpl() is returned.
To fix this bug, close_listsrv_rpl() returns -EINVAL in this case.
Reported-by: TOTE Robot <oslab@xxxxxxxxxxxxxxx>
Signed-off-by: Jia-Ju Bai <baijiaju1990@xxxxxxxxx>
---
drivers/infiniband/hw/cxgb4/cm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/infiniband/hw/cxgb4/cm.c b/drivers/infiniband/hw/cxgb4/cm.c
index 8769e7aa097f..94492d2dfdc7 100644
--- a/drivers/infiniband/hw/cxgb4/cm.c
+++ b/drivers/infiniband/hw/cxgb4/cm.c
@@ -2400,7 +2400,7 @@ static int close_listsrv_rpl(struct c4iw_dev *dev, struct sk_buff *skb)
if (!ep) {
pr_warn("%s stid %d lookup failure!\n", __func__, stid);
- goto out;
+ return -EINVAL;
}
pr_debug("ep %p\n", ep);
c4iw_wake_up_noref(ep->com.wr_waitp, status2errno(rpl->status));
--
2.17.1
