1. Patchew
  2. linux
  3. [PATCH 0/2] scsi: qedf: Replace alloction API and add null check
  4. View patch

[PATCH 1/2] scsi: qedf: Replace kmalloc_array() with kcalloc()

Jiasheng Jiang posted 2 patches 10 months, 2 weeks ago
[PATCH 1/2] scsi: qedf: Replace kmalloc_array() with kcalloc()
Posted by Jiasheng Jiang 10 months, 2 weeks ago 
Replace kmalloc_array() with kcalloc() to avoid old (dirty) data being
used/freed.

Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.")
Cc: <stable@vger.kernel.org> # v5.10+
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
---
 drivers/scsi/qedf/qedf_io.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c
index fcfc3bed02c6..d52057b97a4f 100644
--- a/drivers/scsi/qedf/qedf_io.c
+++ b/drivers/scsi/qedf/qedf_io.c
@@ -254,9 +254,7 @@ struct qedf_cmd_mgr *qedf_cmd_mgr_alloc(struct qedf_ctx *qedf)
 	}
 
 	/* Allocate pool of io_bdts - one for each qedf_ioreq */
-	cmgr->io_bdt_pool = kmalloc_array(num_ios, sizeof(struct io_bdt *),
-	    GFP_KERNEL);
-
+	cmgr->io_bdt_pool = kcalloc(num_ios, sizeof(*cmgr->io_bdt_pool), GFP_KERNEL);
 	if (!cmgr->io_bdt_pool) {
 		QEDF_WARN(&(qedf->dbg_ctx), "Failed to alloc io_bdt_pool.\n");
 		goto mem_err;
-- 
2.25.1
Re: [PATCH 1/2] scsi: qedf: Replace kmalloc_array() with kcalloc()
Posted by Greg KH 10 months, 2 weeks ago 
On Thu, Feb 06, 2025 at 05:25:22AM +0000, Jiasheng Jiang wrote:
> Replace kmalloc_array() with kcalloc() to avoid old (dirty) data being
> used/freed.

Used/freed where?

> 
> Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.")
> Cc: <stable@vger.kernel.org> # v5.10+
> Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
> ---
>  drivers/scsi/qedf/qedf_io.c | 4 +---
>  1 file changed, 1 insertion(+), 3 deletions(-)
> 
> diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c
> index fcfc3bed02c6..d52057b97a4f 100644
> --- a/drivers/scsi/qedf/qedf_io.c
> +++ b/drivers/scsi/qedf/qedf_io.c
> @@ -254,9 +254,7 @@ struct qedf_cmd_mgr *qedf_cmd_mgr_alloc(struct qedf_ctx *qedf)
>  	}
>  
>  	/* Allocate pool of io_bdts - one for each qedf_ioreq */
> -	cmgr->io_bdt_pool = kmalloc_array(num_ios, sizeof(struct io_bdt *),
> -	    GFP_KERNEL);
> -
> +	cmgr->io_bdt_pool = kcalloc(num_ios, sizeof(*cmgr->io_bdt_pool), GFP_KERNEL);

This is just an array that is then properly all initialized a few lines
below this.

So why does this need to be zeroed out at all?

thanks,

greg k-h
Re: [PATCH 1/2] scsi: qedf: Replace kmalloc_array() with kcalloc()
Posted by Greg KH 10 months, 2 weeks ago 
On Thu, Feb 06, 2025 at 06:36:58AM +0100, Greg KH wrote:
> On Thu, Feb 06, 2025 at 05:25:22AM +0000, Jiasheng Jiang wrote:
> > Replace kmalloc_array() with kcalloc() to avoid old (dirty) data being
> > used/freed.
> 
> Used/freed where?
> 
> > 
> > Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.")
> > Cc: <stable@vger.kernel.org> # v5.10+
> > Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
> > ---
> >  drivers/scsi/qedf/qedf_io.c | 4 +---
> >  1 file changed, 1 insertion(+), 3 deletions(-)
> > 
> > diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c
> > index fcfc3bed02c6..d52057b97a4f 100644
> > --- a/drivers/scsi/qedf/qedf_io.c
> > +++ b/drivers/scsi/qedf/qedf_io.c
> > @@ -254,9 +254,7 @@ struct qedf_cmd_mgr *qedf_cmd_mgr_alloc(struct qedf_ctx *qedf)
> >  	}
> >  
> >  	/* Allocate pool of io_bdts - one for each qedf_ioreq */
> > -	cmgr->io_bdt_pool = kmalloc_array(num_ios, sizeof(struct io_bdt *),
> > -	    GFP_KERNEL);
> > -
> > +	cmgr->io_bdt_pool = kcalloc(num_ios, sizeof(*cmgr->io_bdt_pool), GFP_KERNEL);
> 
> This is just an array that is then properly all initialized a few lines
> below this.
> 
> So why does this need to be zeroed out at all?

Oh, I think I figured it out, but your text for the changelog is wrong,
and needs to be fixed to properly describe what is going on here.

thanks,

greg k-h
[PATCH v2 1/2] scsi: qedf: Replace kmalloc_array() with kcalloc()
Posted by Jiasheng Jiang 10 months, 2 weeks ago 
Replace kmalloc_array() with kcalloc() to avoid old (dirty) data being
used/freed.

Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.")
Cc: <stable@vger.kernel.org> # v5.10+
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
---
Changlog:

v1 -> v2:

1. Replace kzalloc() with kcalloc() to not reintroduce the possibility of multiplication overflow.
---
 drivers/scsi/qedf/qedf_io.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c
index fcfc3bed02c6..d52057b97a4f 100644
--- a/drivers/scsi/qedf/qedf_io.c
+++ b/drivers/scsi/qedf/qedf_io.c
@@ -254,9 +254,7 @@ struct qedf_cmd_mgr *qedf_cmd_mgr_alloc(struct qedf_ctx *qedf)
 	}
 
 	/* Allocate pool of io_bdts - one for each qedf_ioreq */
-	cmgr->io_bdt_pool = kmalloc_array(num_ios, sizeof(struct io_bdt *),
-	    GFP_KERNEL);
-
+	cmgr->io_bdt_pool = kcalloc(num_ios, sizeof(*cmgr->io_bdt_pool), GFP_KERNEL);
 	if (!cmgr->io_bdt_pool) {
 		QEDF_WARN(&(qedf->dbg_ctx), "Failed to alloc io_bdt_pool.\n");
 		goto mem_err;
-- 
2.25.1
Re: [PATCH v2 1/2] scsi: qedf: Replace kmalloc_array() with kcalloc()
Posted by Greg KH 10 months, 1 week ago 
On Thu, Feb 06, 2025 at 07:19:59PM +0000, Jiasheng Jiang wrote:
> Replace kmalloc_array() with kcalloc() to avoid old (dirty) data being
> used/freed.

"Potentially" being freed.  It will not be used.  And this is only for
an error path that obviously no one has hit before.

Please explain this much better.

thanks,

greg k-h
Re: [PATCH v2 1/2] scsi: qedf: Replace kmalloc_array() with kcalloc()
Posted by Jiasheng Jiang 10 months, 1 week ago 
Hi Greg,

On Fri, Feb 7, 2025 at 10:10 AM Greg KH <gregkh@linuxfoundation.org> wrote:
>
> On Thu, Feb 06, 2025 at 07:19:59PM +0000, Jiasheng Jiang wrote:
> > Replace kmalloc_array() with kcalloc() to avoid old (dirty) data being
> > used/freed.
>
> "Potentially" being freed.  It will not be used.  And this is only for
> an error path that obviously no one has hit before.
>
> Please explain this much better.
>
> thanks,
>
> greg k-h

Thanks, I have submitted a v3 and added "potentially" in the commit message.

-Jiasheng
[PATCH v3 1/2] scsi: qedf: Replace kmalloc_array() with kcalloc()
Posted by Jiasheng Jiang 10 months, 1 week ago 
Replace kmalloc_array() with kcalloc() to avoid old (dirty) data being
potentially used/freed.

Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.")
Cc: <stable@vger.kernel.org> # v5.10+
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
---
Changlog:

v2 -> v3:

1. Add "potentially" in the commit message to explain this much better.

v1 -> v2:

1. Replace kzalloc() with kcalloc() to not reintroduce the possibility of multiplication overflow.
---
 drivers/scsi/qedf/qedf_io.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c
index fcfc3bed02c6..d52057b97a4f 100644
--- a/drivers/scsi/qedf/qedf_io.c
+++ b/drivers/scsi/qedf/qedf_io.c
@@ -254,9 +254,7 @@ struct qedf_cmd_mgr *qedf_cmd_mgr_alloc(struct qedf_ctx *qedf)
 	}
 
 	/* Allocate pool of io_bdts - one for each qedf_ioreq */
-	cmgr->io_bdt_pool = kmalloc_array(num_ios, sizeof(struct io_bdt *),
-	    GFP_KERNEL);
-
+	cmgr->io_bdt_pool = kcalloc(num_ios, sizeof(*cmgr->io_bdt_pool), GFP_KERNEL);
 	if (!cmgr->io_bdt_pool) {
 		QEDF_WARN(&(qedf->dbg_ctx), "Failed to alloc io_bdt_pool.\n");
 		goto mem_err;
-- 
2.25.1
[PATCH v3 2/2] scsi: qedf: Add check for bdt_info
Posted by Jiasheng Jiang 10 months, 1 week ago 
Add a check for "bdt_info". Otherwise, if one of the allocations
for "cmgr->io_bdt_pool[i]" fails, "bdt_info->bd_tbl" will cause a NULL
pointer dereference.

Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.")
Cc: <stable@vger.kernel.org> # v5.10+
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
---
Changelog:

v2 -> v3:

1. No change.

v1 -> v2:

1. No change.
---
 drivers/scsi/qedf/qedf_io.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c
index d52057b97a4f..1ed0ee4f8dde 100644
--- a/drivers/scsi/qedf/qedf_io.c
+++ b/drivers/scsi/qedf/qedf_io.c
@@ -125,7 +125,7 @@ void qedf_cmd_mgr_free(struct qedf_cmd_mgr *cmgr)
 	bd_tbl_sz = QEDF_MAX_BDS_PER_CMD * sizeof(struct scsi_sge);
 	for (i = 0; i < num_ios; i++) {
 		bdt_info = cmgr->io_bdt_pool[i];
-		if (bdt_info->bd_tbl) {
+		if (bdt_info && bdt_info->bd_tbl) {
 			dma_free_coherent(&qedf->pdev->dev, bd_tbl_sz,
 			    bdt_info->bd_tbl, bdt_info->bd_tbl_dma);
 			bdt_info->bd_tbl = NULL;
-- 
2.25.1
[PATCH v2 2/2] scsi: qedf: Add check for bdt_info
Posted by Jiasheng Jiang 10 months, 2 weeks ago 
Add a check for "bdt_info". Otherwise, if one of the allocations
for "cmgr->io_bdt_pool[i]" fails, "bdt_info->bd_tbl" will cause a NULL
pointer dereference.

Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.")
Cc: <stable@vger.kernel.org> # v5.10+
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
---
Changelog:

v1 -> v2:

1. No change.
---
 drivers/scsi/qedf/qedf_io.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c
index d52057b97a4f..1ed0ee4f8dde 100644
--- a/drivers/scsi/qedf/qedf_io.c
+++ b/drivers/scsi/qedf/qedf_io.c
@@ -125,7 +125,7 @@ void qedf_cmd_mgr_free(struct qedf_cmd_mgr *cmgr)
 	bd_tbl_sz = QEDF_MAX_BDS_PER_CMD * sizeof(struct scsi_sge);
 	for (i = 0; i < num_ios; i++) {
 		bdt_info = cmgr->io_bdt_pool[i];
-		if (bdt_info->bd_tbl) {
+		if (bdt_info && bdt_info->bd_tbl) {
 			dma_free_coherent(&qedf->pdev->dev, bd_tbl_sz,
 			    bdt_info->bd_tbl, bdt_info->bd_tbl_dma);
 			bdt_info->bd_tbl = NULL;
-- 
2.25.1

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.