The function mlx5_query_nic_vport_qkey_viol_cntr() calls the functuion mlx5_query_nic_vport_context() but does not check its return value. This could lead to undefined behavior if the query fails. A proper implementation can be found in mlx5_nic_vport_query_local_lb().
Add error handling for mlx5_query_nic_vport_context(). If it fails, free the out buffer via kvfree() and return error code.
Fixes: 9efa75254593 ("net/mlx5_core: Introduce access functions to query vport RoCE fields") Cc: stable@vger.kernel.org # v4.5 Signed-off-by: Wentao Liang vulab@iscas.ac.cn --- drivers/net/ethernet/mellanox/mlx5/core/vport.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/vport.c b/drivers/net/ethernet/mellanox/mlx5/core/vport.c index 0d5f750faa45..276b162ccf18 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/vport.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/vport.c @@ -518,20 +518,23 @@ int mlx5_query_nic_vport_qkey_viol_cntr(struct mlx5_core_dev *mdev, u16 *qkey_viol_cntr) { u32 *out; - int outlen = MLX5_ST_SZ_BYTES(query_nic_vport_context_out); + int ret, outlen = MLX5_ST_SZ_BYTES(query_nic_vport_context_out);
out = kvzalloc(outlen, GFP_KERNEL); if (!out) return -ENOMEM;
- mlx5_query_nic_vport_context(mdev, 0, out); + ret = mlx5_query_nic_vport_context(mdev, 0, out); + if (ret) + goto out;
*qkey_viol_cntr = MLX5_GET(query_nic_vport_context_out, out, nic_vport_context.qkey_violation_counter); - + ret = 0; +out: kvfree(out);
- return 0; + return ret; } EXPORT_SYMBOL_GPL(mlx5_query_nic_vport_qkey_viol_cntr);
On Mon, May 19, 2025 at 11:40:43AM +0800, Wentao Liang wrote:
The function mlx5_query_nic_vport_qkey_viol_cntr() calls the functuion mlx5_query_nic_vport_context() but does not check its return value. This could lead to undefined behavior if the query fails. A proper implementation can be found in mlx5_nic_vport_query_local_lb().
Add error handling for mlx5_query_nic_vport_context(). If it fails, free the out buffer via kvfree() and return error code.
Fixes: 9efa75254593 ("net/mlx5_core: Introduce access functions to query vport RoCE fields") Cc: stable@vger.kernel.org # v4.5 Signed-off-by: Wentao Liang vulab@iscas.ac.cn
drivers/net/ethernet/mellanox/mlx5/core/vport.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/vport.c b/drivers/net/ethernet/mellanox/mlx5/core/vport.c index 0d5f750faa45..276b162ccf18 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/vport.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/vport.c @@ -518,20 +518,23 @@ int mlx5_query_nic_vport_qkey_viol_cntr(struct mlx5_core_dev *mdev, u16 *qkey_viol_cntr) { u32 *out;
- int outlen = MLX5_ST_SZ_BYTES(query_nic_vport_context_out);
- int ret, outlen = MLX5_ST_SZ_BYTES(query_nic_vport_context_out);
You can fix RCT here.
out = kvzalloc(outlen, GFP_KERNEL); if (!out) return -ENOMEM;
- mlx5_query_nic_vport_context(mdev, 0, out);
- ret = mlx5_query_nic_vport_context(mdev, 0, out);
- if (ret)
goto out;*qkey_viol_cntr = MLX5_GET(query_nic_vport_context_out, out, nic_vport_context.qkey_violation_counter);
- ret = 0;
ret is already 0 here, no need to reassign it.
+out: kvfree(out);
- return 0;
- return ret;
} EXPORT_SYMBOL_GPL(mlx5_query_nic_vport_qkey_viol_cntr); -- 2.42.0.windows.2
linux-stable-mirror@lists.linaro.org
-
Michal Swiatkowski -
Wentao Liang