IB/sa_query: Check if sm_ah is NULL in ib_sa_remove_one()

If update_sm_ah() fails, it leaves the port's sm_ah as NULL.  Then if
the device or module is removed, ib_sa_remove_one() will dereference a
NULL pointer when it calls kref_put().  Fix this by testing if sm_ah
is NULL before dropping the reference.

Signed-off-by: Ralph Campbell <ralph.campbell@qlogic.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>

diff --git a/drivers/infiniband/core/sa_query.c b/drivers/infiniband/core/sa_query.c
index 1341de793e51d0694d45501c9e54bf4128ba982e..7863a50d56f25cd8a465fcff0b4ebef6581a675f 100644 (file)
--- a/drivers/infiniband/core/sa_query.c
+++ b/drivers/infiniband/core/sa_query.c
@@ -1064,7 +1064,8 @@ static void ib_sa_remove_one(struct ib_device *device)
 
        for (i = 0; i <= sa_dev->end_port - sa_dev->start_port; ++i) {
                ib_unregister_mad_agent(sa_dev->port[i].agent);
-               kref_put(&sa_dev->port[i].sm_ah->ref, free_sm_ah);
+               if (sa_dev->port[i].sm_ah)
+                       kref_put(&sa_dev->port[i].sm_ah->ref, free_sm_ah);
        }
 
        kfree(sa_dev);