The function mlx5_query_nic_vport_qkey_viol_cntr() calls the function
mlx5_query_nic_vport_context() but does not check its return value. This
could lead to undefined behavior if the query fails. A proper
implementation can be found in mlx5_nic_vport_query_local_lb().

Add error handling for mlx5_query_nic_vport_context(). If it fails, free
the out buffer via kvfree() and return error code.

Fixes: 9efa75254593 ("net/mlx5_core: Introduce access functions to query vport RoCE fields")
Cc: stable@vger.kernel.org # v4.5
Signed-off-by: Wentao Liang <vulab@iscas.ac.cn>
---
v2: Remove redundant reassignment. Fix RCT.

 drivers/net/ethernet/mellanox/mlx5/core/vport.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/vport.c b/drivers/net/ethernet/mellanox/mlx5/core/vport.c
index 0d5f750faa45..ded086ffe8ac 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/vport.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/vport.c
@@ -519,19 +519,22 @@ int mlx5_query_nic_vport_qkey_viol_cntr(struct mlx5_core_dev *mdev,
 {
 	u32 *out;
 	int outlen = MLX5_ST_SZ_BYTES(query_nic_vport_context_out);
+	int ret;
 
 	out = kvzalloc(outlen, GFP_KERNEL);
 	if (!out)
 		return -ENOMEM;
 
-	mlx5_query_nic_vport_context(mdev, 0, out);
+	ret = mlx5_query_nic_vport_context(mdev, 0, out);
+	if (ret)
+		goto out;
 
 	*qkey_viol_cntr = MLX5_GET(query_nic_vport_context_out, out,
 				   nic_vport_context.qkey_violation_counter);
-
+out:
 	kvfree(out);
 
-	return 0;
+	return ret;
 }
 EXPORT_SYMBOL_GPL(mlx5_query_nic_vport_qkey_viol_cntr);
 
-- 
2.42.0.windows.2

On 19/05/2025 12:01, Wentao Liang wrote:
> The function mlx5_query_nic_vport_qkey_viol_cntr() calls the function
> mlx5_query_nic_vport_context() but does not check its return value. This
> could lead to undefined behavior if the query fails. A proper
> implementation can be found in mlx5_nic_vport_query_local_lb().
> 
> Add error handling for mlx5_query_nic_vport_context(). If it fails, free
> the out buffer via kvfree() and return error code.
> 
> Fixes: 9efa75254593 ("net/mlx5_core: Introduce access functions to query vport RoCE fields")
> Cc: stable@vger.kernel.org # v4.5
> Signed-off-by: Wentao Liang <vulab@iscas.ac.cn>
> ---
> v2: Remove redundant reassignment. Fix RCT.
> 
>   drivers/net/ethernet/mellanox/mlx5/core/vport.c | 9 ++++++---
>   1 file changed, 6 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/net/ethernet/mellanox/mlx5/core/vport.c b/drivers/net/ethernet/mellanox/mlx5/core/vport.c
> index 0d5f750faa45..ded086ffe8ac 100644
> --- a/drivers/net/ethernet/mellanox/mlx5/core/vport.c
> +++ b/drivers/net/ethernet/mellanox/mlx5/core/vport.c
> @@ -519,19 +519,22 @@ int mlx5_query_nic_vport_qkey_viol_cntr(struct mlx5_core_dev *mdev,
>   {
>   	u32 *out;
>   	int outlen = MLX5_ST_SZ_BYTES(query_nic_vport_context_out);
> +	int ret;
>   
>   	out = kvzalloc(outlen, GFP_KERNEL);
>   	if (!out)
>   		return -ENOMEM;
>   
> -	mlx5_query_nic_vport_context(mdev, 0, out);
> +	ret = mlx5_query_nic_vport_context(mdev, 0, out);
> +	if (ret)
> +		goto out;
>   
>   	*qkey_viol_cntr = MLX5_GET(query_nic_vport_context_out, out,
>   				   nic_vport_context.qkey_violation_counter);
> -
> +out:
>   	kvfree(out);
>   
> -	return 0;
> +	return ret;
>   }
>   EXPORT_SYMBOL_GPL(mlx5_query_nic_vport_qkey_viol_cntr);
>   

Same comments on similar patch apply here:
https://patchwork.kernel.org/project/netdevbpf/patch/20250519090934.1956-1-vulab@iscas.ac.cn/