* [PATCH v2] NTB: Fix issue where we may be accessing NULL ptr
@ 2015-09-17 20:27 Dave Jiang
2015-09-17 20:58 ` Allen Hubbe
0 siblings, 1 reply; 2+ messages in thread
From: Dave Jiang @ 2015-09-17 20:27 UTC (permalink / raw)
To: jdmason; +Cc: linux-ntb, allen.hubbe, dan.carpenter
smatch detected an issue in the function ntb_transport_max_size() where
we could be dereferencing a dma channel pointer when it is NULL.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Dave Jiang <dave.jiang@intel.com>
---
drivers/ntb/ntb_transport.c | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/drivers/ntb/ntb_transport.c b/drivers/ntb/ntb_transport.c
index 6e3ee90..3903dfc 100644
--- a/drivers/ntb/ntb_transport.c
+++ b/drivers/ntb/ntb_transport.c
@@ -1996,23 +1996,24 @@ EXPORT_SYMBOL_GPL(ntb_transport_qp_num);
*/
unsigned int ntb_transport_max_size(struct ntb_transport_qp *qp)
{
- unsigned int max;
+ unsigned int max_size;
unsigned int copy_align;
+ struct dma_chan *rx_chan, *tx_chan;
if (!qp)
return 0;
- if (!qp->tx_dma_chan && !qp->rx_dma_chan)
- return qp->tx_max_frame - sizeof(struct ntb_payload_header);
+ rx_chan = qp->rx_dma_chan;
+ tx_chan = qp->tx_dma_chan;
- copy_align = max(qp->tx_dma_chan->device->copy_align,
- qp->rx_dma_chan->device->copy_align);
+ copy_align = max(rx_chan ? rx_chan->device->copy_align : 0,
+ tx_chan ? tx_chan->device->copy_align : 0);
/* If DMA engine usage is possible, try to find the max size for that */
- max = qp->tx_max_frame - sizeof(struct ntb_payload_header);
- max -= max % (1 << copy_align);
+ max_size = qp->tx_max_frame - sizeof(struct ntb_payload_header);
+ max_size = round_down(max_size, 1 << copy_align);
- return max;
+ return max_size;
}
EXPORT_SYMBOL_GPL(ntb_transport_max_size);
^ permalink raw reply related [flat|nested] 2+ messages in thread
* RE: [PATCH v2] NTB: Fix issue where we may be accessing NULL ptr
2015-09-17 20:27 [PATCH v2] NTB: Fix issue where we may be accessing NULL ptr Dave Jiang
@ 2015-09-17 20:58 ` Allen Hubbe
0 siblings, 0 replies; 2+ messages in thread
From: Allen Hubbe @ 2015-09-17 20:58 UTC (permalink / raw)
To: 'Dave Jiang', jdmason; +Cc: linux-ntb, dan.carpenter
From: Dave Jiang [mailto:dave.jiang@intel.com]
> smatch detected an issue in the function ntb_transport_max_size() where
> we could be dereferencing a dma channel pointer when it is NULL.
>
> Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
> Signed-off-by: Dave Jiang <dave.jiang@intel.com>
Looks good!
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-09-17 20:58 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-09-17 20:27 [PATCH v2] NTB: Fix issue where we may be accessing NULL ptr Dave Jiang
2015-09-17 20:58 ` Allen Hubbe
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.