RDMA/iw_cxgb4: Fix the unchecked ep dereference

[ Upstream commit 3352976c892301fd576a2e9ff0ac7337b2e2ca48 ]

The patch 944661dd97f4: "RDMA/iw_cxgb4: atomically lookup ep and get a
reference" from May 6, 2016, leads to the following Smatch complaint:

    drivers/infiniband/hw/cxgb4/cm.c:2953 terminate()
    error: we previously assumed 'ep' could be null (see line 2945)

Fixes: 944661dd97f4 ("RDMA/iw_cxgb4: atomically lookup ep and get a reference")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Raju Rangoju <rajur@chelsio.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/drivers/infiniband/hw/cxgb4/cm.c b/drivers/infiniband/hw/cxgb4/cm.c
index 4dcc92d..1b3d014 100644 (file)
--- a/drivers/infiniband/hw/cxgb4/cm.c
+++ b/drivers/infiniband/hw/cxgb4/cm.c
@@ -2947,15 +2947,18 @@ static int terminate(struct c4iw_dev *dev, struct sk_buff *skb)
 
        ep = get_ep_from_tid(dev, tid);
 
-       if (ep && ep->com.qp) {
-               pr_warn("TERM received tid %u qpid %u\n",
-                       tid, ep->com.qp->wq.sq.qid);
-               attrs.next_state = C4IW_QP_STATE_TERMINATE;
-               c4iw_modify_qp(ep->com.qp->rhp, ep->com.qp,
-                              C4IW_QP_ATTR_NEXT_STATE, &attrs, 1);
+       if (ep) {
+               if (ep->com.qp) {
+                       pr_warn("TERM received tid %u qpid %u\n", tid,
+                               ep->com.qp->wq.sq.qid);
+                       attrs.next_state = C4IW_QP_STATE_TERMINATE;
+                       c4iw_modify_qp(ep->com.qp->rhp, ep->com.qp,
+                                      C4IW_QP_ATTR_NEXT_STATE, &attrs, 1);
+               }
+
+               c4iw_put_ep(&ep->com);
        } else
                pr_warn("TERM received tid %u no ep/qp\n", tid);
-       c4iw_put_ep(&ep->com);
 
        return 0;
 }