drivers/scsi/qedf/qedf_io.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-)
Replace kmalloc_array() with kcalloc() to avoid old (dirty) data being
used/freed.
Moreover, add a check for "bdt_info". Otherwise, if one of the allocations
for cmgr->io_bdt_pool[i] fails, "bdt_info->bd_tbl" will cause a NULL
pointer dereference.
Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
---
Changelog:
v1 -> v2:
1. Replace kzalloc() with kcalloc().
---
drivers/scsi/qedf/qedf_io.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c
index fcfc3bed02c6..abb459e87a86 100644
--- a/drivers/scsi/qedf/qedf_io.c
+++ b/drivers/scsi/qedf/qedf_io.c
@@ -125,7 +125,7 @@ void qedf_cmd_mgr_free(struct qedf_cmd_mgr *cmgr)
bd_tbl_sz = QEDF_MAX_BDS_PER_CMD * sizeof(struct scsi_sge);
for (i = 0; i < num_ios; i++) {
bdt_info = cmgr->io_bdt_pool[i];
- if (bdt_info->bd_tbl) {
+ if (bdt_info && bdt_info->bd_tbl) {
dma_free_coherent(&qedf->pdev->dev, bd_tbl_sz,
bdt_info->bd_tbl, bdt_info->bd_tbl_dma);
bdt_info->bd_tbl = NULL;
@@ -254,9 +254,7 @@ struct qedf_cmd_mgr *qedf_cmd_mgr_alloc(struct qedf_ctx *qedf)
}
/* Allocate pool of io_bdts - one for each qedf_ioreq */
- cmgr->io_bdt_pool = kmalloc_array(num_ios, sizeof(struct io_bdt *),
- GFP_KERNEL);
-
+ cmgr->io_bdt_pool = kcalloc(num_ios, sizeof(struct io_bdt *), GFP_KERNEL);
if (!cmgr->io_bdt_pool) {
QEDF_WARN(&(qedf->dbg_ctx), "Failed to alloc io_bdt_pool.\n");
goto mem_err;
--
2.25.1… > +++ b/drivers/scsi/qedf/qedf_io.c … @@ -254,9 +254,7 @@ struct qedf_cmd_mgr *qedf_cmd_mgr_alloc(struct qedf_ctx *qedf) } /* Allocate pool of io_bdts - one for each qedf_ioreq */ … + cmgr->io_bdt_pool = kcalloc(num_ios, sizeof(struct io_bdt *), GFP_KERNEL); … See also: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/coding-style.rst?h=v6.13#n941 Regards, Markus
Hi Markus, On Sun, Feb 2, 2025 at 11:54 AM Markus Elfring <Markus.Elfring@web.de> wrote: > > … > > +++ b/drivers/scsi/qedf/qedf_io.c > … > @@ -254,9 +254,7 @@ struct qedf_cmd_mgr *qedf_cmd_mgr_alloc(struct qedf_ctx *qedf) > } > > /* Allocate pool of io_bdts - one for each qedf_ioreq */ > … > + cmgr->io_bdt_pool = kcalloc(num_ios, sizeof(struct io_bdt *), GFP_KERNEL); > … > > See also: > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/coding-style.rst?h=v6.13#n941 > > Regards, > Markus Thanks, I have split it into two new patches and fixed the error. -Jiasheng
Replace kmalloc_array() with kcalloc() to avoid old (dirty) data being
used/freed.
Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
---
drivers/scsi/qedf/qedf_io.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c
index fcfc3bed02c6..d52057b97a4f 100644
--- a/drivers/scsi/qedf/qedf_io.c
+++ b/drivers/scsi/qedf/qedf_io.c
@@ -254,9 +254,7 @@ struct qedf_cmd_mgr *qedf_cmd_mgr_alloc(struct qedf_ctx *qedf)
}
/* Allocate pool of io_bdts - one for each qedf_ioreq */
- cmgr->io_bdt_pool = kmalloc_array(num_ios, sizeof(struct io_bdt *),
- GFP_KERNEL);
-
+ cmgr->io_bdt_pool = kcalloc(num_ios, sizeof(*cmgr->io_bdt_pool), GFP_KERNEL);
if (!cmgr->io_bdt_pool) {
QEDF_WARN(&(qedf->dbg_ctx), "Failed to alloc io_bdt_pool.\n");
goto mem_err;
--
2.25.1> Replace kmalloc_array() with kcalloc() to avoid old (dirty) data being > used/freed.… > --- > drivers/scsi/qedf/qedf_io.c | 4 +--- … Will you become more familiar with patch version descriptions? https://lore.kernel.org/all/?q=%22This+looks+like+a+new+version+of+a+previously+submitted+patch%22 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/submitting-patches.rst?h=v6.13#n310 Regards, Markus
Hi Markus, On Mon, Feb 3, 2025 at 2:20 AM Markus Elfring <Markus.Elfring@web.de> wrote: > > > Replace kmalloc_array() with kcalloc() to avoid old (dirty) data being > > used/freed.… > > --- > > drivers/scsi/qedf/qedf_io.c | 4 +--- > … > > Will you become more familiar with patch version descriptions? > https://lore.kernel.org/all/?q=%22This+looks+like+a+new+version+of+a+previously+submitted+patch%22 > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/submitting-patches.rst?h=v6.13#n310 > > Regards, > Markus Thanks, I have submitted a v3 and added the changelog. -Jiasheng
> Thanks, I have submitted a v3 and added the changelog. Are you going to improve your version management? Would a small patch series have been helpful to avoid any confusion here? Regards, Markus
Hi Markus, On Tue, Feb 4, 2025 at 3:05 AM Markus Elfring <Markus.Elfring@web.de> wrote: > > > Thanks, I have submitted a v3 and added the changelog. > Are you going to improve your version management? > Would a small patch series have been helpful to avoid any confusion here? > > Regards, > Markus Thanks, I have submitted the patch series. -Jiasheng
> Thanks, I have submitted the patch series. * Would a cover letter have been helpful? * Why did you find a “RESEND” relevant already? * Is there a need to increase version numbers? Regards, Markus
This patch series improves memory safety in the qedf SCSI driver by: 1. Replace kmalloc_array() with kcalloc() to avoid old (dirty) data being used/freed. 2. Add a check for "bdt_info". Otherwise, if one of the allocations for "cmgr->io_bdt_pool[i]" fails, "bdt_info->bd_tbl" will cause a NULL pointer dereference. ### Changelog: #### v2: - Replace kzalloc() with kcalloc(). Jiasheng Jiang (2): scsi: qedf: Replace kmalloc_array() with kcalloc() scsi: qedf: Add check for bdt_info drivers/scsi/qedf/qedf_io.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) -- 2.25.1
… > ### Changelog: > #### v2: … Why did you overlook to increment version numbers once more? https://lore.kernel.org/all/?q=%22This+looks+like+a+new+version+of+a+previously+submitted+patch%22 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/submitting-patches.rst?h=v6.13#n605 Regards, Markus
Replace kmalloc_array() with kcalloc() to avoid old (dirty) data being
used/freed.
Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.")
Cc: <stable@vger.kernel.org> # v5.10+
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
---
drivers/scsi/qedf/qedf_io.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c
index fcfc3bed02c6..d52057b97a4f 100644
--- a/drivers/scsi/qedf/qedf_io.c
+++ b/drivers/scsi/qedf/qedf_io.c
@@ -254,9 +254,7 @@ struct qedf_cmd_mgr *qedf_cmd_mgr_alloc(struct qedf_ctx *qedf)
}
/* Allocate pool of io_bdts - one for each qedf_ioreq */
- cmgr->io_bdt_pool = kmalloc_array(num_ios, sizeof(struct io_bdt *),
- GFP_KERNEL);
-
+ cmgr->io_bdt_pool = kcalloc(num_ios, sizeof(*cmgr->io_bdt_pool), GFP_KERNEL);
if (!cmgr->io_bdt_pool) {
QEDF_WARN(&(qedf->dbg_ctx), "Failed to alloc io_bdt_pool.\n");
goto mem_err;
--
2.25.1On Thu, Feb 06, 2025 at 05:25:22AM +0000, Jiasheng Jiang wrote:
> Replace kmalloc_array() with kcalloc() to avoid old (dirty) data being
> used/freed.
Used/freed where?
>
> Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.")
> Cc: <stable@vger.kernel.org> # v5.10+
> Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
> ---
> drivers/scsi/qedf/qedf_io.c | 4 +---
> 1 file changed, 1 insertion(+), 3 deletions(-)
>
> diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c
> index fcfc3bed02c6..d52057b97a4f 100644
> --- a/drivers/scsi/qedf/qedf_io.c
> +++ b/drivers/scsi/qedf/qedf_io.c
> @@ -254,9 +254,7 @@ struct qedf_cmd_mgr *qedf_cmd_mgr_alloc(struct qedf_ctx *qedf)
> }
>
> /* Allocate pool of io_bdts - one for each qedf_ioreq */
> - cmgr->io_bdt_pool = kmalloc_array(num_ios, sizeof(struct io_bdt *),
> - GFP_KERNEL);
> -
> + cmgr->io_bdt_pool = kcalloc(num_ios, sizeof(*cmgr->io_bdt_pool), GFP_KERNEL);
This is just an array that is then properly all initialized a few lines
below this.
So why does this need to be zeroed out at all?
thanks,
greg k-h
On Thu, Feb 06, 2025 at 06:36:58AM +0100, Greg KH wrote:
> On Thu, Feb 06, 2025 at 05:25:22AM +0000, Jiasheng Jiang wrote:
> > Replace kmalloc_array() with kcalloc() to avoid old (dirty) data being
> > used/freed.
>
> Used/freed where?
>
> >
> > Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.")
> > Cc: <stable@vger.kernel.org> # v5.10+
> > Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
> > ---
> > drivers/scsi/qedf/qedf_io.c | 4 +---
> > 1 file changed, 1 insertion(+), 3 deletions(-)
> >
> > diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c
> > index fcfc3bed02c6..d52057b97a4f 100644
> > --- a/drivers/scsi/qedf/qedf_io.c
> > +++ b/drivers/scsi/qedf/qedf_io.c
> > @@ -254,9 +254,7 @@ struct qedf_cmd_mgr *qedf_cmd_mgr_alloc(struct qedf_ctx *qedf)
> > }
> >
> > /* Allocate pool of io_bdts - one for each qedf_ioreq */
> > - cmgr->io_bdt_pool = kmalloc_array(num_ios, sizeof(struct io_bdt *),
> > - GFP_KERNEL);
> > -
> > + cmgr->io_bdt_pool = kcalloc(num_ios, sizeof(*cmgr->io_bdt_pool), GFP_KERNEL);
>
> This is just an array that is then properly all initialized a few lines
> below this.
>
> So why does this need to be zeroed out at all?
Oh, I think I figured it out, but your text for the changelog is wrong,
and needs to be fixed to properly describe what is going on here.
thanks,
greg k-h
Replace kmalloc_array() with kcalloc() to avoid old (dirty) data being
used/freed.
Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.")
Cc: <stable@vger.kernel.org> # v5.10+
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
---
Changlog:
v1 -> v2:
1. Replace kzalloc() with kcalloc() to not reintroduce the possibility of multiplication overflow.
---
drivers/scsi/qedf/qedf_io.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c
index fcfc3bed02c6..d52057b97a4f 100644
--- a/drivers/scsi/qedf/qedf_io.c
+++ b/drivers/scsi/qedf/qedf_io.c
@@ -254,9 +254,7 @@ struct qedf_cmd_mgr *qedf_cmd_mgr_alloc(struct qedf_ctx *qedf)
}
/* Allocate pool of io_bdts - one for each qedf_ioreq */
- cmgr->io_bdt_pool = kmalloc_array(num_ios, sizeof(struct io_bdt *),
- GFP_KERNEL);
-
+ cmgr->io_bdt_pool = kcalloc(num_ios, sizeof(*cmgr->io_bdt_pool), GFP_KERNEL);
if (!cmgr->io_bdt_pool) {
QEDF_WARN(&(qedf->dbg_ctx), "Failed to alloc io_bdt_pool.\n");
goto mem_err;
--
2.25.1On Thu, Feb 06, 2025 at 07:19:59PM +0000, Jiasheng Jiang wrote: > Replace kmalloc_array() with kcalloc() to avoid old (dirty) data being > used/freed. "Potentially" being freed. It will not be used. And this is only for an error path that obviously no one has hit before. Please explain this much better. thanks, greg k-h
Hi Greg, On Fri, Feb 7, 2025 at 10:10 AM Greg KH <gregkh@linuxfoundation.org> wrote: > > On Thu, Feb 06, 2025 at 07:19:59PM +0000, Jiasheng Jiang wrote: > > Replace kmalloc_array() with kcalloc() to avoid old (dirty) data being > > used/freed. > > "Potentially" being freed. It will not be used. And this is only for > an error path that obviously no one has hit before. > > Please explain this much better. > > thanks, > > greg k-h Thanks, I have submitted a v3 and added "potentially" in the commit message. -Jiasheng
Replace kmalloc_array() with kcalloc() to avoid old (dirty) data being
potentially used/freed.
Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.")
Cc: <stable@vger.kernel.org> # v5.10+
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
---
Changlog:
v2 -> v3:
1. Add "potentially" in the commit message to explain this much better.
v1 -> v2:
1. Replace kzalloc() with kcalloc() to not reintroduce the possibility of multiplication overflow.
---
drivers/scsi/qedf/qedf_io.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c
index fcfc3bed02c6..d52057b97a4f 100644
--- a/drivers/scsi/qedf/qedf_io.c
+++ b/drivers/scsi/qedf/qedf_io.c
@@ -254,9 +254,7 @@ struct qedf_cmd_mgr *qedf_cmd_mgr_alloc(struct qedf_ctx *qedf)
}
/* Allocate pool of io_bdts - one for each qedf_ioreq */
- cmgr->io_bdt_pool = kmalloc_array(num_ios, sizeof(struct io_bdt *),
- GFP_KERNEL);
-
+ cmgr->io_bdt_pool = kcalloc(num_ios, sizeof(*cmgr->io_bdt_pool), GFP_KERNEL);
if (!cmgr->io_bdt_pool) {
QEDF_WARN(&(qedf->dbg_ctx), "Failed to alloc io_bdt_pool.\n");
goto mem_err;
--
2.25.1Add a check for "bdt_info". Otherwise, if one of the allocations
for "cmgr->io_bdt_pool[i]" fails, "bdt_info->bd_tbl" will cause a NULL
pointer dereference.
Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.")
Cc: <stable@vger.kernel.org> # v5.10+
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
---
Changelog:
v2 -> v3:
1. No change.
v1 -> v2:
1. No change.
---
drivers/scsi/qedf/qedf_io.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c
index d52057b97a4f..1ed0ee4f8dde 100644
--- a/drivers/scsi/qedf/qedf_io.c
+++ b/drivers/scsi/qedf/qedf_io.c
@@ -125,7 +125,7 @@ void qedf_cmd_mgr_free(struct qedf_cmd_mgr *cmgr)
bd_tbl_sz = QEDF_MAX_BDS_PER_CMD * sizeof(struct scsi_sge);
for (i = 0; i < num_ios; i++) {
bdt_info = cmgr->io_bdt_pool[i];
- if (bdt_info->bd_tbl) {
+ if (bdt_info && bdt_info->bd_tbl) {
dma_free_coherent(&qedf->pdev->dev, bd_tbl_sz,
bdt_info->bd_tbl, bdt_info->bd_tbl_dma);
bdt_info->bd_tbl = NULL;
--
2.25.1Add a check for "bdt_info". Otherwise, if one of the allocations
for "cmgr->io_bdt_pool[i]" fails, "bdt_info->bd_tbl" will cause a NULL
pointer dereference.
Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.")
Cc: <stable@vger.kernel.org> # v5.10+
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
---
Changelog:
v1 -> v2:
1. No change.
---
drivers/scsi/qedf/qedf_io.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c
index d52057b97a4f..1ed0ee4f8dde 100644
--- a/drivers/scsi/qedf/qedf_io.c
+++ b/drivers/scsi/qedf/qedf_io.c
@@ -125,7 +125,7 @@ void qedf_cmd_mgr_free(struct qedf_cmd_mgr *cmgr)
bd_tbl_sz = QEDF_MAX_BDS_PER_CMD * sizeof(struct scsi_sge);
for (i = 0; i < num_ios; i++) {
bdt_info = cmgr->io_bdt_pool[i];
- if (bdt_info->bd_tbl) {
+ if (bdt_info && bdt_info->bd_tbl) {
dma_free_coherent(&qedf->pdev->dev, bd_tbl_sz,
bdt_info->bd_tbl, bdt_info->bd_tbl_dma);
bdt_info->bd_tbl = NULL;
--
2.25.1Add a check for "bdt_info". Otherwise, if one of the allocations
for "cmgr->io_bdt_pool[i]" fails, "bdt_info->bd_tbl" will cause a NULL
pointer dereference.
Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.")
Cc: <stable@vger.kernel.org> # v5.10+
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
---
drivers/scsi/qedf/qedf_io.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c
index d52057b97a4f..1ed0ee4f8dde 100644
--- a/drivers/scsi/qedf/qedf_io.c
+++ b/drivers/scsi/qedf/qedf_io.c
@@ -125,7 +125,7 @@ void qedf_cmd_mgr_free(struct qedf_cmd_mgr *cmgr)
bd_tbl_sz = QEDF_MAX_BDS_PER_CMD * sizeof(struct scsi_sge);
for (i = 0; i < num_ios; i++) {
bdt_info = cmgr->io_bdt_pool[i];
- if (bdt_info->bd_tbl) {
+ if (bdt_info && bdt_info->bd_tbl) {
dma_free_coherent(&qedf->pdev->dev, bd_tbl_sz,
bdt_info->bd_tbl, bdt_info->bd_tbl_dma);
bdt_info->bd_tbl = NULL;
--
2.25.1Hi Markus, On Wed, Feb 5, 2025 at 3:12 AM Markus Elfring <Markus.Elfring@web.de> wrote: > > > Thanks, I have submitted the patch series. > * Would a cover letter have been helpful? Okay, I will resubmit the patech series with a cover letter. > > * Why did you find a “RESEND” relevant already? > My previous patch missed "Cc: stable", so I resend it. > * Is there a need to increase version numbers? Okay, I will keep v2. -Jiasheng > > > Regards, > Markus
>> * Is there a need to increase version numbers? > > Okay, I will keep v2. I hope that remaining communication difficulties will be resolved in other directions. Are you still looking for better guidance? https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/researcher-guidelines.rst?h=v6.13#n5 Regards, Markus
Replace kmalloc_array() with kcalloc() to avoid old (dirty) data being
used/freed.
Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.")
Cc: <stable@vger.kernel.org> # v5.10+
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
---
Changelog:
v2 -> v3:
1. Remove the check for bdt_info.
v1 -> v2:
1. Replace kzalloc() with kcalloc().
---
drivers/scsi/qedf/qedf_io.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c
index fcfc3bed02c6..d52057b97a4f 100644
--- a/drivers/scsi/qedf/qedf_io.c
+++ b/drivers/scsi/qedf/qedf_io.c
@@ -254,9 +254,7 @@ struct qedf_cmd_mgr *qedf_cmd_mgr_alloc(struct qedf_ctx *qedf)
}
/* Allocate pool of io_bdts - one for each qedf_ioreq */
- cmgr->io_bdt_pool = kmalloc_array(num_ios, sizeof(struct io_bdt *),
- GFP_KERNEL);
-
+ cmgr->io_bdt_pool = kcalloc(num_ios, sizeof(*cmgr->io_bdt_pool), GFP_KERNEL);
if (!cmgr->io_bdt_pool) {
QEDF_WARN(&(qedf->dbg_ctx), "Failed to alloc io_bdt_pool.\n");
goto mem_err;
--
2.25.1Add a check for "bdt_info". Otherwise, if one of the allocations
for "cmgr->io_bdt_pool[i]" fails, "bdt_info->bd_tbl" will cause a NULL
pointer dereference.
Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.")
Cc: <stable@vger.kernel.org> # v5.10+
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
---
Changelog:
v2 -> v3:
1. No change.
v1 -> v2:
1. No change.
---
drivers/scsi/qedf/qedf_io.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c
index d52057b97a4f..1ed0ee4f8dde 100644
--- a/drivers/scsi/qedf/qedf_io.c
+++ b/drivers/scsi/qedf/qedf_io.c
@@ -125,7 +125,7 @@ void qedf_cmd_mgr_free(struct qedf_cmd_mgr *cmgr)
bd_tbl_sz = QEDF_MAX_BDS_PER_CMD * sizeof(struct scsi_sge);
for (i = 0; i < num_ios; i++) {
bdt_info = cmgr->io_bdt_pool[i];
- if (bdt_info->bd_tbl) {
+ if (bdt_info && bdt_info->bd_tbl) {
dma_free_coherent(&qedf->pdev->dev, bd_tbl_sz,
bdt_info->bd_tbl, bdt_info->bd_tbl_dma);
bdt_info->bd_tbl = NULL;
--
2.25.1Replace kmalloc_array() with kcalloc() to avoid old (dirty) data being
used/freed.
Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
---
Changelog:
v2 -> v3:
1. Remove the check for bdt_info.
v1 -> v2:
1. Replace kzalloc() with kcalloc().
---
drivers/scsi/qedf/qedf_io.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c
index fcfc3bed02c6..d52057b97a4f 100644
--- a/drivers/scsi/qedf/qedf_io.c
+++ b/drivers/scsi/qedf/qedf_io.c
@@ -254,9 +254,7 @@ struct qedf_cmd_mgr *qedf_cmd_mgr_alloc(struct qedf_ctx *qedf)
}
/* Allocate pool of io_bdts - one for each qedf_ioreq */
- cmgr->io_bdt_pool = kmalloc_array(num_ios, sizeof(struct io_bdt *),
- GFP_KERNEL);
-
+ cmgr->io_bdt_pool = kcalloc(num_ios, sizeof(*cmgr->io_bdt_pool), GFP_KERNEL);
if (!cmgr->io_bdt_pool) {
QEDF_WARN(&(qedf->dbg_ctx), "Failed to alloc io_bdt_pool.\n");
goto mem_err;
--
2.25.1Add a check for "bdt_info". Otherwise, if one of the allocations
for "cmgr->io_bdt_pool[i]" fails, "bdt_info->bd_tbl" will cause a NULL
pointer dereference.
Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.")
Cc: <stable@vger.kernel.org> # v5.10+
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
---
Changelog:
v2 -> v3:
1. No change.
v1 -> v2:
1. No change.
---
drivers/scsi/qedf/qedf_io.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c
index d52057b97a4f..1ed0ee4f8dde 100644
--- a/drivers/scsi/qedf/qedf_io.c
+++ b/drivers/scsi/qedf/qedf_io.c
@@ -125,7 +125,7 @@ void qedf_cmd_mgr_free(struct qedf_cmd_mgr *cmgr)
bd_tbl_sz = QEDF_MAX_BDS_PER_CMD * sizeof(struct scsi_sge);
for (i = 0; i < num_ios; i++) {
bdt_info = cmgr->io_bdt_pool[i];
- if (bdt_info->bd_tbl) {
+ if (bdt_info && bdt_info->bd_tbl) {
dma_free_coherent(&qedf->pdev->dev, bd_tbl_sz,
bdt_info->bd_tbl, bdt_info->bd_tbl_dma);
bdt_info->bd_tbl = NULL;
--
2.25.1Replace kmalloc_array() with kcalloc() to avoid old (dirty) data being
used/freed.
Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.")
Cc: <stable@vger.kernel.org> # v4.11+
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
---
Changelog:
v2 -> v3:
1. Remove the check for bdt_info.
v1 -> v2:
1. Replace kzalloc() with kcalloc().
---
drivers/scsi/qedf/qedf_io.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c
index fcfc3bed02c6..d52057b97a4f 100644
--- a/drivers/scsi/qedf/qedf_io.c
+++ b/drivers/scsi/qedf/qedf_io.c
@@ -254,9 +254,7 @@ struct qedf_cmd_mgr *qedf_cmd_mgr_alloc(struct qedf_ctx *qedf)
}
/* Allocate pool of io_bdts - one for each qedf_ioreq */
- cmgr->io_bdt_pool = kmalloc_array(num_ios, sizeof(struct io_bdt *),
- GFP_KERNEL);
-
+ cmgr->io_bdt_pool = kcalloc(num_ios, sizeof(*cmgr->io_bdt_pool), GFP_KERNEL);
if (!cmgr->io_bdt_pool) {
QEDF_WARN(&(qedf->dbg_ctx), "Failed to alloc io_bdt_pool.\n");
goto mem_err;
--
2.25.1Add a check for "bdt_info". Otherwise, if one of the allocations
for "cmgr->io_bdt_pool[i]" fails, "bdt_info->bd_tbl" will cause a NULL
pointer dereference.
Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
---
drivers/scsi/qedf/qedf_io.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c
index fcfc3bed02c6..cab16a3e2a30 100644
--- a/drivers/scsi/qedf/qedf_io.c
+++ b/drivers/scsi/qedf/qedf_io.c
@@ -125,7 +125,7 @@ void qedf_cmd_mgr_free(struct qedf_cmd_mgr *cmgr)
bd_tbl_sz = QEDF_MAX_BDS_PER_CMD * sizeof(struct scsi_sge);
for (i = 0; i < num_ios; i++) {
bdt_info = cmgr->io_bdt_pool[i];
- if (bdt_info->bd_tbl) {
+ if (bdt_info && bdt_info->bd_tbl) {
dma_free_coherent(&qedf->pdev->dev, bd_tbl_sz,
bdt_info->bd_tbl, bdt_info->bd_tbl_dma);
bdt_info->bd_tbl = NULL;
--
2.25.1Replace kmalloc_array() with kcalloc() to avoid old (dirty) data being
used/freed.
Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
---
drivers/scsi/qedf/qedf_io.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c
index fcfc3bed02c6..d52057b97a4f 100644
--- a/drivers/scsi/qedf/qedf_io.c
+++ b/drivers/scsi/qedf/qedf_io.c
@@ -254,9 +254,7 @@ struct qedf_cmd_mgr *qedf_cmd_mgr_alloc(struct qedf_ctx *qedf)
}
/* Allocate pool of io_bdts - one for each qedf_ioreq */
- cmgr->io_bdt_pool = kmalloc_array(num_ios, sizeof(struct io_bdt *),
- GFP_KERNEL);
-
+ cmgr->io_bdt_pool = kcalloc(num_ios, sizeof(*cmgr->io_bdt_pool), GFP_KERNEL);
if (!cmgr->io_bdt_pool) {
QEDF_WARN(&(qedf->dbg_ctx), "Failed to alloc io_bdt_pool.\n");
goto mem_err;
--
2.25.1> Replace kmalloc_array() with kcalloc() to avoid old (dirty) data being > used/freed. > Moreover, add a check for "bdt_info". Otherwise, if one of the allocations … Please provide desired changes as separate update steps. See also: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/submitting-patches.rst?h=v6.13#n81 Regards, Markus
© 2016 - 2026 Red Hat, Inc.