From fd36f35c3654c02095233c92b1ebc5e7a10025aa Mon Sep 17 00:00:00 2001 From: Michal Schmidt Date: Fri, 24 Feb 2023 01:41:45 +0100 Subject: [PATCH] qede: avoid uninitialized entries in coal_entry array commit fc83465afdea830a540ad8b57d0f96f0389fd5d0 upstream. Even after commit 6619a08d4a6f ("qede: fix interrupt coalescing configuration"), some entries of the coal_entry array may theoretically be used uninitialized: 1. qede_alloc_fp_array() allocates QEDE_MAX_RSS_CNT entries for coal_entry. The initial allocation uses kcalloc, so everything is initialized. 2. The user sets a small number of queues (ethtool -L). coal_entry is reallocated for the actual small number of queues. 3. The user sets a bigger number of queues. coal_entry is reallocated bigger. The added entries are not necessarily initialized. In practice, the reallocations will actually keep using the originally allocated region of memory, but we should not rely on it. The reallocation is unnecessary. coal_entry can always have QEDE_MAX_RSS_CNT entries. Fixes: 6619a08d4a6f ("qede: fix interrupt coalescing configuration") Signed-off-by: Michal Schmidt Nacked-by: Manish Chopra Acked-by: Manish Chopra Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- drivers/net/ethernet/qlogic/qede/qede_main.c | 21 +++++++------------- 1 file changed, 7 insertions(+), 14 deletions(-) diff --git a/drivers/net/ethernet/qlogic/qede/qede_main.c b/drivers/net/ethernet/qlogic/qede/qede_main.c index af39513db1ba3..89d64a5a4951a 100644 --- a/drivers/net/ethernet/qlogic/qede/qede_main.c +++ b/drivers/net/ethernet/qlogic/qede/qede_main.c @@ -960,7 +960,6 @@ static int qede_alloc_fp_array(struct qede_dev *edev) { u8 fp_combined, fp_rx = edev->fp_num_rx; struct qede_fastpath *fp; - void *mem; int i; edev->fp_array = kcalloc(QEDE_QUEUE_CNT(edev), @@ -971,20 +970,14 @@ static int qede_alloc_fp_array(struct qede_dev *edev) } if (!edev->coal_entry) { - mem = kcalloc(QEDE_MAX_RSS_CNT(edev), - sizeof(*edev->coal_entry), GFP_KERNEL); - } else { - mem = krealloc(edev->coal_entry, - QEDE_QUEUE_CNT(edev) * sizeof(*edev->coal_entry), - GFP_KERNEL); - } - - if (!mem) { - DP_ERR(edev, "coalesce entry allocation failed\n"); - kfree(edev->coal_entry); - goto err; + edev->coal_entry = kcalloc(QEDE_MAX_RSS_CNT(edev), + sizeof(*edev->coal_entry), + GFP_KERNEL); + if (!edev->coal_entry) { + DP_ERR(edev, "coalesce entry allocation failed\n"); + goto err; + } } - edev->coal_entry = mem; fp_combined = QEDE_QUEUE_CNT(edev) - fp_rx - edev->fp_num_tx; -- 2.39.5