On Wed, Nov 06, 2019 at 11:38:57AM -0400, Jason Gunthorpe wrote:
> > 959 rc = qedr_init_user_queue(udata, dev, &cq->q, ureq.addr,
> > 960 ureq.len, true,
> > 961 IB_ACCESS_LOCAL_WRITE,
> > 962 1, 1);
> > 963 if (rc)
> > 964 goto err0;
> > 965
> > 966 pbl_ptr = cq->q.pbl_tbl->pa;
> > 967 page_cnt = cq->q.pbl_info.num_pbes;
> > 968
> > 969 cq->ibcq.cqe = chain_entries;
> > 970 cq->q.db_addr = ctx->dpi_addr + db_offset;
> > ^^^^^^^^^^^^^
> > New unchecked dereference.
>
> For rdma_udata_to_drv_context(), udata != NULL implies ctx != NULL
>
In that case, the other check for NULL ctx is inside an if (udata)
condition so it could be removed.
1036 return 0;
1037
1038 err2:
1039 destroy_iparams.icid = cq->icid;
1040 dev->ops->rdma_destroy_cq(dev->rdma_ctx, &destroy_iparams,
1041 &destroy_oparams);
1042 err1:
1043 if (udata) {
^^^^^
1044 qedr_free_pbl(dev, &cq->q.pbl_info, cq->q.pbl_tbl);
1045 ib_umem_release(cq->q.umem);
1046 if (ctx)
^^^
Too late.
1047 rdma_user_mmap_entry_remove(&ctx->ibucontext,
1048 cq->q.db_mmap_entry);
regards,
dan carpenter
