From 637c1ac1b3543031c9007bfef9e56c06f7ff90a3 Mon Sep 17 00:00:00 2001
From: Amiram Perlmutter <amip@mellanox.co.il>
Date: Mon, 22 Jan 2007 17:03:58 +0200
Subject: [PATCH] IB/sdp: fix NULL pointer dereference

introduced by patch "IB/sdp: handle shutdown recv on listening socket"

Signed-off-by: Amiram Perlmutter <amip@mellanox.co.il>
Signed-off-by: Michael S. Tsirkin <mst@mellanox.co.il>
---
 drivers/infiniband/ulp/sdp/sdp_main.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/drivers/infiniband/ulp/sdp/sdp_main.c b/drivers/infiniband/ulp/sdp/sdp_main.c
index d70df1a4c55a..a1b02404919d 100644
--- a/drivers/infiniband/ulp/sdp/sdp_main.c
+++ b/drivers/infiniband/ulp/sdp/sdp_main.c
@@ -515,7 +515,7 @@ static int sdp_disconnect(struct sock *sk, int flags)
 	int rc = 0;
 	int old_state = sk->sk_state;
 	struct sdp_sock *s, *t;
-	struct rdma_cm_id *id = ssk->id;
+	struct rdma_cm_id *id;
 
 	sdp_dbg(sk, "%s\n", __func__);
 	if (ssk->id)
@@ -525,10 +525,11 @@ static int sdp_disconnect(struct sock *sk, int flags)
 		return rc;
 
 	sdp_set_state(sk, TCP_CLOSE);
+	id = ssk->id;
 	ssk->id = NULL;
 	release_sock(sk); /* release socket since locking semantics is parent
 			     inside child */
-	rdma_destroy_id(ssk->id);
+	rdma_destroy_id(id);
 
 	list_for_each_entry_safe(s, t, &ssk->backlog_queue, backlog_queue) {
 		sk_common_release(&s->isk.sk);
-- 
2.50.1