Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b0ff7c20 authored by Bryan O'Sullivan's avatar Bryan O'Sullivan Committed by Roland Dreier
Browse files

IB/ipath: fix NULL dereference during cleanup 



Fix NULL deref due to pcidev being clobbered before dd->ipath_f_cleanup()
was called.

Signed-off-by: default avatarBryan O'Sullivan <bos@pathscale.com>
Signed-off-by: default avatarRoland Dreier <rolandd@cisco.com>
parent 94b8d9f9

drivers/infiniband/hw/ipath/ipath_driver.c

+11 −11
Original line number Original line Diff line number Diff line
@@ -1905,19 +1905,19 @@ static void __exit infinipath_cleanup(void) 
			} else

			} else

				ipath_dbg("irq is 0, not doing free_irq "

				ipath_dbg("irq is 0, not doing free_irq "

					  "for unit %u\n", dd->ipath_unit);

					  "for unit %u\n", dd->ipath_unit);

			dd->pcidev = NULL;

		}





			/*

			/*

		 * we check for NULL here, because it's outside the kregbase

			 * we check for NULL here, because it's outside

		 * check, and we need to call it after the free_irq.  Thus

			 * the kregbase check, and we need to call it

		 * it's possible that the function pointers were never

			 * after the free_irq.  Thus it's possible that

		 * initialized.

			 * the function pointers were never initialized.

			 */

			 */

			if (dd->ipath_f_cleanup)

			if (dd->ipath_f_cleanup)

				/* clean up chip-specific stuff */

				/* clean up chip-specific stuff */

				dd->ipath_f_cleanup(dd);

				dd->ipath_f_cleanup(dd);





			dd->pcidev = NULL;

		}

		spin_lock_irqsave(&ipath_devs_lock, flags);

		spin_lock_irqsave(&ipath_devs_lock, flags);

	}

	}