[PATCH 1/2] scsi: qedf: Replace kmalloc_array() with kcalloc()

List overview All Threads
Download

newer

older

[PATCH 5.10/5.15] tty: n_gsm: Fix...

[stable] please apply media:...

Jiasheng Jiang

6 Feb 2025 6 Feb '25

5:25 a.m.

Replace kmalloc_array() with kcalloc() to avoid old (dirty) data being used/freed.

Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.") Cc: stable@vger.kernel.org # v5.10+ Signed-off-by: Jiasheng Jiang jiashengjiangcool@gmail.com --- drivers/scsi/qedf/qedf_io.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c index fcfc3bed02c6..d52057b97a4f 100644 --- a/drivers/scsi/qedf/qedf_io.c +++ b/drivers/scsi/qedf/qedf_io.c @@ -254,9 +254,7 @@ struct qedf_cmd_mgr *qedf_cmd_mgr_alloc(struct qedf_ctx *qedf) }

/* Allocate pool of io_bdts - one for each qedf_ioreq */ - cmgr->io_bdt_pool = kmalloc_array(num_ios, sizeof(struct io_bdt *), - GFP_KERNEL); - + cmgr->io_bdt_pool = kcalloc(num_ios, sizeof(*cmgr->io_bdt_pool), GFP_KERNEL); if (!cmgr->io_bdt_pool) { QEDF_WARN(&(qedf->dbg_ctx), "Failed to alloc io_bdt_pool.\n"); goto mem_err;

-- 2.25.1

Show replies by date

Greg KH

6 Feb 6 Feb

5:36 a.m.

On Thu, Feb 06, 2025 at 05:25:22AM +0000, Jiasheng Jiang wrote:

...

Replace kmalloc_array() with kcalloc() to avoid old (dirty) data being used/freed.

Used/freed where?

...

This is just an array that is then properly all initialized a few lines below this.

So why does this need to be zeroed out at all?

thanks,

greg k-h

Greg KH

5:38 a.m.

On Thu, Feb 06, 2025 at 06:36:58AM +0100, Greg KH wrote:

...

Oh, I think I figured it out, but your text for the changelog is wrong, and needs to be fixed to properly describe what is going on here.

thanks,

greg k-h

Jiasheng Jiang

7:19 p.m.

New subject: [PATCH v2 1/2] scsi: qedf: Replace kmalloc_array() with kcalloc()

Replace kmalloc_array() with kcalloc() to avoid old (dirty) data being used/freed.

Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.") Cc: stable@vger.kernel.org # v5.10+ Signed-off-by: Jiasheng Jiang jiashengjiangcool@gmail.com --- Changlog:

v1 -> v2:

1. Replace kzalloc() with kcalloc() to not reintroduce the possibility of multiplication overflow. --- drivers/scsi/qedf/qedf_io.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-)

-- 2.25.1

Jiasheng Jiang

7:20 p.m.

New subject: [PATCH v2 2/2] scsi: qedf: Add check for bdt_info

Add a check for "bdt_info". Otherwise, if one of the allocations for "cmgr->io_bdt_pool[i]" fails, "bdt_info->bd_tbl" will cause a NULL pointer dereference.

Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.") Cc: stable@vger.kernel.org # v5.10+ Signed-off-by: Jiasheng Jiang jiashengjiangcool@gmail.com --- Changelog:

v1 -> v2:

1. No change. --- drivers/scsi/qedf/qedf_io.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c index d52057b97a4f..1ed0ee4f8dde 100644 --- a/drivers/scsi/qedf/qedf_io.c +++ b/drivers/scsi/qedf/qedf_io.c @@ -125,7 +125,7 @@ void qedf_cmd_mgr_free(struct qedf_cmd_mgr *cmgr) bd_tbl_sz = QEDF_MAX_BDS_PER_CMD * sizeof(struct scsi_sge); for (i = 0; i < num_ios; i++) { bdt_info = cmgr->io_bdt_pool[i]; - if (bdt_info->bd_tbl) { + if (bdt_info && bdt_info->bd_tbl) { dma_free_coherent(&qedf->pdev->dev, bd_tbl_sz, bdt_info->bd_tbl, bdt_info->bd_tbl_dma); bdt_info->bd_tbl = NULL;

-- 2.25.1

Greg KH

7 Feb 7 Feb

3:09 p.m.

New subject: [PATCH v2 1/2] scsi: qedf: Replace kmalloc_array() with kcalloc()

On Thu, Feb 06, 2025 at 07:19:59PM +0000, Jiasheng Jiang wrote:

...

Replace kmalloc_array() with kcalloc() to avoid old (dirty) data being used/freed.

"Potentially" being freed. It will not be used. And this is only for an error path that obviously no one has hit before.

Please explain this much better.

thanks,

greg k-h

Jiasheng Jiang

3:45 p.m.

New subject: [PATCH v3 1/2] scsi: qedf: Replace kmalloc_array() with kcalloc()

Replace kmalloc_array() with kcalloc() to avoid old (dirty) data being potentially used/freed.

Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.") Cc: stable@vger.kernel.org # v5.10+ Signed-off-by: Jiasheng Jiang jiashengjiangcool@gmail.com --- Changlog:

v2 -> v3:

1. Add "potentially" in the commit message to explain this much better.

v1 -> v2:

1. Replace kzalloc() with kcalloc() to not reintroduce the possibility of multiplication overflow. --- drivers/scsi/qedf/qedf_io.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-)

-- 2.25.1

Jiasheng Jiang

3:45 p.m.

New subject: [PATCH v3 2/2] scsi: qedf: Add check for bdt_info

Add a check for "bdt_info". Otherwise, if one of the allocations for "cmgr->io_bdt_pool[i]" fails, "bdt_info->bd_tbl" will cause a NULL pointer dereference.

Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.") Cc: stable@vger.kernel.org # v5.10+ Signed-off-by: Jiasheng Jiang jiashengjiangcool@gmail.com --- Changelog:

v2 -> v3:

1. No change.

v1 -> v2:

1. No change. --- drivers/scsi/qedf/qedf_io.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

-- 2.25.1

Jiasheng Jiang

3:46 p.m.

New subject: [PATCH v2 1/2] scsi: qedf: Replace kmalloc_array() with kcalloc()

Hi Greg,

On Fri, Feb 7, 2025 at 10:10 AM Greg KH gregkh@linuxfoundation.org wrote:

...

Thanks, I have submitted a v3 and added "potentially" in the commit message.

-Jiasheng

days inactive

days old

linux-stable-mirror@lists.linaro.org

8 comments

participants

tags (0)

participants (2)

Greg KH
Jiasheng Jiang