[IB] uverbs: Avoid NULL pointer deref on CQ async event
Userspace CQs that have no completion event channel attached end up with their cq_context set to NULL. However, asynchronous events like "CQ overrun" can still occur on such CQs, so add a uverbs_file member to struct ib_ucq_object that we can follow to deliver these events. Signed-off-by: Roland Dreier <rolandd@cisco.com>
This commit is contained in:
parent
a20583a7c2
commit
7162a3e0db
|
@ -113,6 +113,7 @@ struct ib_uevent_object {
|
|||
|
||||
struct ib_ucq_object {
|
||||
struct ib_uobject uobject;
|
||||
struct ib_uverbs_file *uverbs_file;
|
||||
struct list_head comp_list;
|
||||
struct list_head async_list;
|
||||
u32 comp_events_reported;
|
||||
|
|
|
@ -602,6 +602,7 @@ ssize_t ib_uverbs_create_cq(struct ib_uverbs_file *file,
|
|||
|
||||
uobj->uobject.user_handle = cmd.user_handle;
|
||||
uobj->uobject.context = file->ucontext;
|
||||
uobj->uverbs_file = file;
|
||||
uobj->comp_events_reported = 0;
|
||||
uobj->async_events_reported = 0;
|
||||
INIT_LIST_HEAD(&uobj->comp_list);
|
||||
|
|
|
@ -442,13 +442,10 @@ static void ib_uverbs_async_handler(struct ib_uverbs_file *file,
|
|||
|
||||
void ib_uverbs_cq_event_handler(struct ib_event *event, void *context_ptr)
|
||||
{
|
||||
struct ib_uverbs_event_file *ev_file = context_ptr;
|
||||
struct ib_ucq_object *uobj;
|
||||
struct ib_ucq_object *uobj = container_of(event->element.cq->uobject,
|
||||
struct ib_ucq_object, uobject);
|
||||
|
||||
uobj = container_of(event->element.cq->uobject,
|
||||
struct ib_ucq_object, uobject);
|
||||
|
||||
ib_uverbs_async_handler(ev_file->uverbs_file, uobj->uobject.user_handle,
|
||||
ib_uverbs_async_handler(uobj->uverbs_file, uobj->uobject.user_handle,
|
||||
event->event, &uobj->async_list,
|
||||
&uobj->async_events_reported);
|
||||
|
||||
|
|
Loading…
Reference in New Issue