Potential NULL pointer dereference in drivers/infiniband/hw/mlx4/qp.c

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello everyone,
In function `_mlx4_ib_create_qp`, `create_qp_common` is called in case `IB_QPT_UD` with qp being NULL. In this function, there exists a code segment as follows, 

```
                 if (init_attr->create_flags & IB_QP_CREATE_NETIF_QP) {
			if (dev->steering_support ==
			    MLX4_STEERING_MODE_DEVICE_MANAGED)
				qp->flags |= MLX4_IB_QP_NETIF;
			else
				goto err;
		}
```
So it's possible that the function returns with `err` being 0 (previously set by `set_rq_size`). This leads to NULL pointer dereference at line 1515 in qp.c because `qp` remains to be NULL while `err` returned is 0. I was wondering if some `if` statement checking the `err` variable is required here or it's omitted by purpose. Please let me know if it makes sense. 

Best,
Shaobo
[Index of Archives]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Photo]     [Yosemite News]     [Yosemite Photos]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux