IPoIB: Fix oops if xmit is called when priv->broadcast is NULL

If a port goes down, ipoib_ib_dev_down() is invoked -- which flushes
the mcasts (clearing priv->broadcast) and clearing the path record
cache.  If ipoib_start_xmit() is then invoked (before the broadcast
group is rejoined), a kernel oops results from attempting to access
priv->broadcast, which is still unset.

Returning NULL from path_rec_create() if priv->broadcast is NULL is a
harmless way of bypassing the problem -- the offending packet is
simply discarded "without prejudice."

Signed-off-by: Jack Morgenstein <jackm@dev.mellanox.co.il>
Signed-off-by: Roland Dreier <rolandd@cisco.com>

diff --git a/drivers/infiniband/ulp/ipoib/ipoib_main.c b/drivers/infiniband/ulp/ipoib/ipoib_main.c
index a03a65ebcf0c0a95d31903b17d448be3dd26ed85..c9f6077b615eb62db39dae44f385976c50018865 100644 (file)
--- a/drivers/infiniband/ulp/ipoib/ipoib_main.c
+++ b/drivers/infiniband/ulp/ipoib/ipoib_main.c
@@ -460,6 +460,9 @@ static struct ipoib_path *path_rec_create(struct net_device *dev, void *gid)
        struct ipoib_dev_priv *priv = netdev_priv(dev);
        struct ipoib_path *path;
 
+       if (!priv->broadcast)
+               return NULL;
+
        path = kzalloc(sizeof *path, GFP_ATOMIC);
        if (!path)
                return NULL;