summaryrefslogtreecommitdiffstats
path: root/drivers
diff options
context:
space:
mode:
authorDave Jiang <dave.jiang@intel.com>2015-09-17 22:27:04 +0200
committerJon Mason <jdmason@kudzu.us>2015-11-08 22:11:21 +0100
commit04afde45e096201f8fd74c1db848a5d85d1aa57d (patch)
treeb26f609ea9c211e40de16c9d795edc01c38a0e3c /drivers
parentLinux 4.3 (diff)
downloadlinux-04afde45e096201f8fd74c1db848a5d85d1aa57d.tar.xz
linux-04afde45e096201f8fd74c1db848a5d85d1aa57d.zip
NTB: Fix issue where we may be accessing NULL ptr
smatch detected an issue in the function ntb_transport_max_size() where we could be dereferencing a dma channel pointer when it is NULL. Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Dave Jiang <dave.jiang@intel.com> Signed-off-by: Jon Mason <jdmason@kudzu.us>
Diffstat (limited to 'drivers')
-rw-r--r--drivers/ntb/ntb_transport.c17
1 files changed, 9 insertions, 8 deletions
diff --git a/drivers/ntb/ntb_transport.c b/drivers/ntb/ntb_transport.c
index 6e3ee907d186..3903dfc39975 100644
--- a/drivers/ntb/ntb_transport.c
+++ b/drivers/ntb/ntb_transport.c
@@ -1996,23 +1996,24 @@ EXPORT_SYMBOL_GPL(ntb_transport_qp_num);
*/
unsigned int ntb_transport_max_size(struct ntb_transport_qp *qp)
{
- unsigned int max;
+ unsigned int max_size;
unsigned int copy_align;
+ struct dma_chan *rx_chan, *tx_chan;
if (!qp)
return 0;
- if (!qp->tx_dma_chan && !qp->rx_dma_chan)
- return qp->tx_max_frame - sizeof(struct ntb_payload_header);
+ rx_chan = qp->rx_dma_chan;
+ tx_chan = qp->tx_dma_chan;
- copy_align = max(qp->tx_dma_chan->device->copy_align,
- qp->rx_dma_chan->device->copy_align);
+ copy_align = max(rx_chan ? rx_chan->device->copy_align : 0,
+ tx_chan ? tx_chan->device->copy_align : 0);
/* If DMA engine usage is possible, try to find the max size for that */
- max = qp->tx_max_frame - sizeof(struct ntb_payload_header);
- max -= max % (1 << copy_align);
+ max_size = qp->tx_max_frame - sizeof(struct ntb_payload_header);
+ max_size = round_down(max_size, 1 << copy_align);
- return max;
+ return max_size;
}
EXPORT_SYMBOL_GPL(ntb_transport_max_size);