From: Amiram Perlmutter <amip@mellanox.co.il>
Date: Mon, 22 Jan 2007 15:03:58 +0000 (+0200)
Subject: IB/sdp: fix NULL pointer dereference
X-Git-Tag: v4.1.12-92~264^2~5^2~364
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=637c1ac1b3543031c9007bfef9e56c06f7ff90a3;p=users%2Fjedix%2Flinux-maple.git

IB/sdp: fix NULL pointer dereference

introduced by patch "IB/sdp: handle shutdown recv on listening socket"

Signed-off-by: Amiram Perlmutter <amip@mellanox.co.il>
Signed-off-by: Michael S. Tsirkin <mst@mellanox.co.il>
---

diff --git a/drivers/infiniband/ulp/sdp/sdp_main.c b/drivers/infiniband/ulp/sdp/sdp_main.c
index d70df1a4c55ae..a1b02404919d6 100644
--- a/drivers/infiniband/ulp/sdp/sdp_main.c
+++ b/drivers/infiniband/ulp/sdp/sdp_main.c
@@ -515,7 +515,7 @@ static int sdp_disconnect(struct sock *sk, int flags)
 	int rc = 0;
 	int old_state = sk->sk_state;
 	struct sdp_sock *s, *t;
-	struct rdma_cm_id *id = ssk->id;
+	struct rdma_cm_id *id;
 
 	sdp_dbg(sk, "%s\n", __func__);
 	if (ssk->id)
@@ -525,10 +525,11 @@ static int sdp_disconnect(struct sock *sk, int flags)
 		return rc;
 
 	sdp_set_state(sk, TCP_CLOSE);
+	id = ssk->id;
 	ssk->id = NULL;
 	release_sock(sk); /* release socket since locking semantics is parent
 			     inside child */
-	rdma_destroy_id(ssk->id);
+	rdma_destroy_id(id);
 
 	list_for_each_entry_safe(s, t, &ssk->backlog_queue, backlog_queue) {
 		sk_common_release(&s->isk.sk);