luck/tmp_suning_uos_patched
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

NTB: Fix issue where we may be accessing NULL ptr

Browse Source 
smatch detected an issue in the function ntb_transport_max_size() where
we could be dereferencing a dma channel pointer when it is NULL.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Dave Jiang <dave.jiang@intel.com>
Signed-off-by: Jon Mason <jdmason@kudzu.us>
This commit is contained in:
Dave Jiang 2015-09-17 13:27:04 -07:00 committed by Jon Mason
parent 6a13feb9c8
commit 04afde45e0
1 changed files with 9 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
drivers/ntb/ntb_transport.c
View File

@ -1996,23 +1996,24 @@ EXPORT_SYMBOL_GPL(ntb_transport_qp_num);
*/ */
unsigned int ntb_transport_max_size(struct ntb_transport_qp *qp) unsigned int ntb_transport_max_size(struct ntb_transport_qp *qp)
{ {
unsigned int max; unsigned int max_size;
unsigned int copy_align; unsigned int copy_align;
struct dma_chan *rx_chan, *tx_chan;
if (!qp) if (!qp)
return 0; return 0;
if (!qp->tx_dma_chan && !qp->rx_dma_chan) rx_chan = qp->rx_dma_chan;
return qp->tx_max_frame - sizeof(struct ntb_payload_header); tx_chan = qp->tx_dma_chan;
copy_align = max(qp->tx_dma_chan->device->copy_align, copy_align = max(rx_chan ? rx_chan->device->copy_align : 0,
qp->rx_dma_chan->device->copy_align); tx_chan ? tx_chan->device->copy_align : 0);
/* If DMA engine usage is possible, try to find the max size for that */ /* If DMA engine usage is possible, try to find the max size for that */
max = qp->tx_max_frame - sizeof(struct ntb_payload_header); max_size = qp->tx_max_frame - sizeof(struct ntb_payload_header);
max -= max % (1 << copy_align); max_size = round_down(max_size, 1 << copy_align);
return max; return max_size;
} }
EXPORT_SYMBOL_GPL(ntb_transport_max_size); EXPORT_SYMBOL_GPL(ntb_transport_max_size);