From nobody Mon Jun 8 22:01:00 2026 Received: from m16.mail.163.com (m16.mail.163.com [117.135.210.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 75D083D5C10; Tue, 26 May 2026 09:18:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=117.135.210.5 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779787126; cv=none; b=RiHMdmqiSSDTeEKOC2JFo/Rt3S+AgOUOAcn11sSubY4mY14Y2JRmje+JJOEIXKbDqc1LraYZKMw6xSiKwKW252TKn2JV7IOjWokwPqm+9oi9/JsalOjyW14Ydvq40/yGzBttVJnF2p3VLHFIuGpGzF9xVdpD7o0XYwkbJ98+fZE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779787126; c=relaxed/simple; bh=BJs7h7Zl4DMkHnn2OwnRuVTkScX2sI4/k5WRVGOYVJY=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version; b=mhowYk73Iz7HYLXjYNyGBYg7xEI81scyf5+IHoh3RkoSG6fIkjjoFRC+zsIui3VpYS4Es8d1/2dJNuhkflxE/tEIAd13TM6iijqk3opWbjP6Rv+Y4N5z8B4ZOWfZWU6U4UNlOBQEXvTh/P3hhGM1Lf+/E4B8lH1xUlELG90gYAE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=163.com; spf=pass smtp.mailfrom=163.com; dkim=pass (1024-bit key) header.d=163.com header.i=@163.com header.b=c193j0ny; arc=none smtp.client-ip=117.135.210.5 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=163.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=163.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=163.com header.i=@163.com header.b="c193j0ny" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:To:Subject:Date:Message-Id:MIME-Version; bh=ox RlXBRAXINZAKN2QAC9+mBr3drYulEbNtwC5q9Cui0=; b=c193j0ny5kWAvFU0Sp mPz9Lh9jzzD7BahVFDX+xJJ/mp4GHXO6TDN+GCuVx+QG/jZamU2QQGqDjwaD+Sab 1jYccOolDMm+Kzp1i5V8DUwmfc4e3DhRyUmThIuYrQH4i0TnSGbvza9uYp2oRYjL 1hn2qVugxwxkkSJSWSk9xrrhg= Received: from localhost.localdomain (unknown []) by gzsmtp4 (Coremail) with SMTP id PygvCgCX_zpYZRVqLGC6FA--.60S2; Tue, 26 May 2026 17:18:20 +0800 (CST) From: luoqing To: Jason Gunthorpe , Leon Romanovsky Cc: Kees Cook , Mark Zhang , luoqing , linux-rdma@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] rdma: infiniband: Added __alloc_cq request value Return value non-zero value determination Date: Tue, 26 May 2026 17:18:16 +0800 Message-Id: <20260526091816.1873077-1-l1138897701@163.com> X-Mailer: git-send-email 2.25.1 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CM-TRANSID: PygvCgCX_zpYZRVqLGC6FA--.60S2 X-Coremail-Antispam: 1Uf129KBjvJXoW7WF47tryDGry5XFWrXrWrKrg_yoW8WF1Up3 y7Ja4jkFyqqF1xCw1kJa1kuF13G3yku345GFZ0v34DWrnYqr1qq3Z8KFyFva42yrWrXw17 X3Wjvr45C39rCaDanT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x07UC4iUUUUUU= X-CM-SenderInfo: jorrjmiyzxliqr6rljoofrz/xtbC+R1QlGoVZV1MgAAA3r Content-Type: text/plain; charset="utf-8" From: luoqing Currently, when __alloc_cq allocates memory for an InfiniBand Completion Qu= eue (ib_cq) object, it uses memory allocation functions that may not guarantee zero-initializat= ion under certain error paths or memory pressure conditions. If the allocated ib_cq object contains non-zero garbage data due to incompl= ete initialization, the function may return a non-NULL pointer even though the object is not in= a valid state. This can lead to undefined behavior, memory corruption, and potential kernel crashes when the driver subsequentl= y accesses uninitialized fields. This patch adds explicit validation to ensure that the allocated ib_cq obje= ct is properly zeroed before being considered valid. If the object fails the zero-check (i.e., contains non-zero bytes beyond ex= pected initialized fields), the function returns an error code (e.g., -ENOMEM or -EINVAL), logs a warni= ng message, and prevents further usage of the corrupted CQ. Signed-off-by: luoqing --- drivers/infiniband/core/cq.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/infiniband/core/cq.c b/drivers/infiniband/core/cq.c index 3d7b6cddd131..756bc33c850d 100644 --- a/drivers/infiniband/core/cq.c +++ b/drivers/infiniband/core/cq.c @@ -224,7 +224,7 @@ struct ib_cq *__ib_alloc_cq(struct ib_device *dev, void= *private, int nr_cqe, return ERR_PTR(-EINVAL); =20 cq =3D rdma_zalloc_drv_obj(dev, ib_cq); - if (!cq) + if (unlikely(ZERO_OR_NULL_PTR(cq))) return ERR_PTR(ret); =20 cq->device =3D dev; --=20 2.25.1