driver inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I87LCF
--------------------------------------------------------------------------
The hr_qp can be a NULL pointer. A check has been added to avoid illegal access.
Fixes: f0384ddcf1ee ("RDMA/hns: Add method to query WQE buffer's address") Signed-off-by: Chengchang Tang tangchengchang@huawei.com --- drivers/infiniband/hw/hns/hns_roce_dca.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/drivers/infiniband/hw/hns/hns_roce_dca.c b/drivers/infiniband/hw/hns/hns_roce_dca.c index 77d34c4597de..ef4eda064724 100644 --- a/drivers/infiniband/hw/hns/hns_roce_dca.c +++ b/drivers/infiniband/hw/hns/hns_roce_dca.c @@ -1752,13 +1752,17 @@ static int UVERBS_HANDLER(HNS_IB_METHOD_DCA_MEM_QUERY)( struct uverbs_attr_bundle *attrs) { struct hns_roce_qp *hr_qp = uverbs_attr_to_hr_qp(attrs); - struct hns_roce_dev *hr_dev = to_hr_dev(hr_qp->ibqp.device); - struct hns_roce_dca_ctx *ctx = hr_qp_to_dca_ctx(hr_dev, hr_qp); struct dca_page_query_active_attr active_attr = {}; + struct hns_roce_dca_ctx *ctx = NULL; + struct hns_roce_dev *hr_dev = NULL; u32 page_idx, page_ofs; int ret;
- if (!hr_qp) + if (hr_qp) + hr_dev = to_hr_dev(hr_qp->ibqp.device); + if (hr_dev) + ctx = hr_qp_to_dca_ctx(hr_dev, hr_qp); + if (!ctx) return -EINVAL;
ret = uverbs_copy_from(&page_idx, attrs,