[rds-devel] [PATCH] RDS: IB: NULL dereference on error in rds_ib_alloc_frmr()
Dan Carpenter
dan.carpenter at oracle.com
Wed Jun 14 03:39:24 PDT 2017
We accidentally return ERR_PTR(0) if ib_alloc_mr() fails. The caller
is expecting error pointers so it results in a NULL dereference.
Fixes: 1659185fb4d0 ("RDS: IB: Support Fastreg MR (FRMR) memory registration mode")
Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>
diff --git a/net/rds/ib_frmr.c b/net/rds/ib_frmr.c
index 48332a6ed738..74a66cc162ed 100644
--- a/net/rds/ib_frmr.c
+++ b/net/rds/ib_frmr.c
@@ -38,7 +38,7 @@ static struct rds_ib_mr *rds_ib_alloc_frmr(struct rds_ib_device *rds_ibdev,
struct rds_ib_mr_pool *pool;
struct rds_ib_mr *ibmr = NULL;
struct rds_ib_frmr *frmr;
- int err = 0;
+ int err;
if (npages <= RDS_MR_8K_MSG_SIZE)
pool = rds_ibdev->mr_8k_pool;
@@ -61,6 +61,7 @@ static struct rds_ib_mr *rds_ib_alloc_frmr(struct rds_ib_device *rds_ibdev,
pool->fmr_attr.max_pages);
if (IS_ERR(frmr->mr)) {
pr_warn("RDS/IB: %s failed to allocate MR", __func__);
+ err = -ENOMEM;
goto out_no_cigar;
}
More information about the rds-devel
mailing list