As the memory allocated by kcalloc has not been set to zero, it may
contain uninitialized pointers.
Therefore, free the non-NULL pointers may cause undefined behaviour.

Fixes: 5574cb2194b1 ("habanalabs: Assign each CQ with its own work queue")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
---
 drivers/misc/habanalabs/common/device.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/drivers/misc/habanalabs/common/device.c b/drivers/misc/habanalabs/common/device.c
index 87ab329e65d4..dc6fcb9cca7a 100644
--- a/drivers/misc/habanalabs/common/device.c
+++ b/drivers/misc/habanalabs/common/device.c
@@ -901,9 +901,8 @@ static int device_early_init(struct hl_device *hdev)
 free_eq_wq:
 	destroy_workqueue(hdev->eq_wq);
 free_cq_wq:
-	for (i = 0 ; i < hdev->asic_prop.completion_queues_count ; i++)
-		if (hdev->cq_wq[i])
-			destroy_workqueue(hdev->cq_wq[i]);
+	while (i--)
+		destroy_workqueue(hdev->cq_wq[i]);
 	kfree(hdev->cq_wq);
 asid_fini:
 	hl_asid_fini(hdev);
-- 
2.25.1

On Wed, Feb 8, 2023, at 08:05, Jiasheng Jiang wrote:
> As the memory allocated by kcalloc has not been set to zero, it may
> contain uninitialized pointers.
> Therefore, free the non-NULL pointers may cause undefined behaviour.
>
> Fixes: 5574cb2194b1 ("habanalabs: Assign each CQ with its own work queue")
> Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>

Did you run into a bug here or find that by inspection?

kcalloc() is definitely meant to return zeroed memory, so I don't see
a bug here:


static inline __alloc_size(1, 2) void *kcalloc(size_t n, size_t size, gfp_t flags)
{
        return kmalloc_array(n, size, flags | __GFP_ZERO);
}


       Arnd