On Thu, Jun 09, 2016 at 11:56:08AM -0700, John Daley wrote:
> If device configuration failed due to a lack of resources, such as
> if more queues are requested than are available, the queue release
> function is called with NULL pointers which were being dereferenced.
>
> Skip releasing queues if they are NULL pointers.
>
> Fixes: fefed3d1e62c ("enic: new driver")
> Signed-off-by: John Daley <johndale at cisco.com>
> ---
>
> v3: bail out of free rq function if rq is null instead of if
> around != NULL.
>
> drivers/net/enic/enic_main.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/net/enic/enic_main.c b/drivers/net/enic/enic_main.c
> index 996f999..5939b9d 100644
> --- a/drivers/net/enic/enic_main.c
> +++ b/drivers/net/enic/enic_main.c
> @@ -429,6 +429,9 @@ void enic_free_rq(void *rxq)
> struct vnic_rq *rq = (struct vnic_rq *)rxq;
> struct enic *enic = vnic_dev_priv(rq->vdev);
This doesn't look safe to me. You are referencing the pointer before checking
it for NULL.
>
> + if (rxq == NULL)
> + return;
> +
/Bruce
> enic_rxmbuf_queue_release(enic, rq);
> rte_free(rq->mbuf_ring);
> rq->mbuf_ring = NULL;
> --
> 2.7.0
>
