If req->ctype does not match any of NIX_AQ_CTYPE_CQ,
NIX_AQ_CTYPE_SQ or NIX_AQ_CTYPE_RQ, pointer bmap will remain
uninitialized and be accessed in test_bit(), which can lead
to kernal crash.
Fix this by returning an error code if this case is triggered.
Signed-off-by: Dinghao Liu <dinghao....@zju.edu.cn>
---
drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c
b/drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c
index 36953d4f51c7..20a64ed24474 100644
--- a/drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c
+++ b/drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c
@@ -869,19 +869,18 @@ static int nix_lf_hwctx_disable(struct rvu *rvu, struct
hwctx_disable_req *req)
aq_req.cq_mask.bp_ena = 1;
q_cnt = pfvf->cq_ctx->qsize;
bmap = pfvf->cq_bmap;
- }
- if (req->ctype == NIX_AQ_CTYPE_SQ) {
+ } else if (req->ctype == NIX_AQ_CTYPE_SQ) {
aq_req.sq.ena = 0;
aq_req.sq_mask.ena = 1;
q_cnt = pfvf->sq_ctx->qsize;
bmap = pfvf->sq_bmap;
- }
- if (req->ctype == NIX_AQ_CTYPE_RQ) {
+ } else if (req->ctype == NIX_AQ_CTYPE_RQ) {
aq_req.rq.ena = 0;
aq_req.rq_mask.ena = 1;
q_cnt = pfvf->rq_ctx->qsize;
bmap = pfvf->rq_bmap;
- }
+ } else
+ return NIX_AF_ERR_AQ_ENQUEUE;
aq_req.ctype = req->ctype;
aq_req.op = NIX_AQ_INSTOP_WRITE;
--
2.17.1
