Commit 7162a3e0 authored by Roland Dreier's avatar Roland Dreier

[IB] uverbs: Avoid NULL pointer deref on CQ async event

Userspace CQs that have no completion event channel attached end up
with their cq_context set to NULL.  However, asynchronous events like
"CQ overrun" can still occur on such CQs, so add a uverbs_file member
to struct ib_ucq_object that we can follow to deliver these events.
Signed-off-by: default avatarRoland Dreier <rolandd@cisco.com>
parent a20583a7
...@@ -113,6 +113,7 @@ struct ib_uevent_object { ...@@ -113,6 +113,7 @@ struct ib_uevent_object {
struct ib_ucq_object { struct ib_ucq_object {
struct ib_uobject uobject; struct ib_uobject uobject;
struct ib_uverbs_file *uverbs_file;
struct list_head comp_list; struct list_head comp_list;
struct list_head async_list; struct list_head async_list;
u32 comp_events_reported; u32 comp_events_reported;
......
...@@ -602,6 +602,7 @@ ssize_t ib_uverbs_create_cq(struct ib_uverbs_file *file, ...@@ -602,6 +602,7 @@ ssize_t ib_uverbs_create_cq(struct ib_uverbs_file *file,
uobj->uobject.user_handle = cmd.user_handle; uobj->uobject.user_handle = cmd.user_handle;
uobj->uobject.context = file->ucontext; uobj->uobject.context = file->ucontext;
uobj->uverbs_file = file;
uobj->comp_events_reported = 0; uobj->comp_events_reported = 0;
uobj->async_events_reported = 0; uobj->async_events_reported = 0;
INIT_LIST_HEAD(&uobj->comp_list); INIT_LIST_HEAD(&uobj->comp_list);
......
...@@ -442,13 +442,10 @@ static void ib_uverbs_async_handler(struct ib_uverbs_file *file, ...@@ -442,13 +442,10 @@ static void ib_uverbs_async_handler(struct ib_uverbs_file *file,
void ib_uverbs_cq_event_handler(struct ib_event *event, void *context_ptr) void ib_uverbs_cq_event_handler(struct ib_event *event, void *context_ptr)
{ {
struct ib_uverbs_event_file *ev_file = context_ptr; struct ib_ucq_object *uobj = container_of(event->element.cq->uobject,
struct ib_ucq_object *uobj;
uobj = container_of(event->element.cq->uobject,
struct ib_ucq_object, uobject); struct ib_ucq_object, uobject);
ib_uverbs_async_handler(ev_file->uverbs_file, uobj->uobject.user_handle, ib_uverbs_async_handler(uobj->uverbs_file, uobj->uobject.user_handle,
event->event, &uobj->async_list, event->event, &uobj->async_list,
&uobj->async_events_reported); &uobj->async_events_reported);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment