nvme-rdma: fix null pointer dereference on req->mr
authorColin Ian King <colin.king@canonical.com>
Mon, 5 Sep 2016 15:24:38 +0000 (16:24 +0100)
committerSagi Grimberg <sagi@grimberg.me>
Mon, 12 Sep 2016 19:29:42 +0000 (22:29 +0300)
If there is an error on req->mr, req->mr is set to null, however
the following statement sets req->mr->need_inval causing a null
pointer dereference.  Fix this by bailing out to label 'out' to
immediately return and hence skip over the offending null pointer
dereference.

Fixes: f5b7b559e1488 ("nvme-rdma: Get rid of duplicate variable")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sagi Grimberg <sagi@grimberg.me>
drivers/nvme/host/rdma.c

index d6bdf55a969e097b6d0f235c301cb58e8bc2beaa..c2c2c28e6eb59fbd45dfc278354c65626d9b0f95 100644 (file)
@@ -293,6 +293,7 @@ static int nvme_rdma_reinit_request(void *data, struct request *rq)
        if (IS_ERR(req->mr)) {
                ret = PTR_ERR(req->mr);
                req->mr = NULL;
+               goto out;
        }
 
        req->mr->need_inval = false;