diff options
| author | Michal Schmidt <mschmidt@redhat.com> | 2023-02-24 01:41:45 +0100 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2023-03-10 09:29:57 +0100 |
| commit | 2d3b582b80c7dcb8ca12b36a4ac0e836828ecdeb (patch) | |
| tree | 9cb64042f0ffd3ea76c98c5849f44eafea7e554c | |
| parent | 58be98f457f96132c994b3e00bf477588f3d49ba (diff) | |
| download | linux-stable-2d3b582b80c7dcb8ca12b36a4ac0e836828ecdeb.tar.gz linux-stable-2d3b582b80c7dcb8ca12b36a4ac0e836828ecdeb.tar.bz2 linux-stable-2d3b582b80c7dcb8ca12b36a4ac0e836828ecdeb.zip | |
qede: avoid uninitialized entries in coal_entry array
commit aaa3c08ee0653beaa649d4adfb27ad562641cfd8 upstream.
Even after commit 908d4bb7c54c ("qede: fix interrupt coalescing
configuration"), some entries of the coal_entry array may theoretically
be used uninitialized:
1. qede_alloc_fp_array() allocates QEDE_MAX_RSS_CNT entries for
coal_entry. The initial allocation uses kcalloc, so everything is
initialized.
2. The user sets a small number of queues (ethtool -L).
coal_entry is reallocated for the actual small number of queues.
3. The user sets a bigger number of queues.
coal_entry is reallocated bigger. The added entries are not
necessarily initialized.
In practice, the reallocations will actually keep using the originally
allocated region of memory, but we should not rely on it.
The reallocation is unnecessary. coal_entry can always have
QEDE_MAX_RSS_CNT entries.
Fixes: 908d4bb7c54c ("qede: fix interrupt coalescing configuration")
Signed-off-by: Michal Schmidt <mschmidt@redhat.com>
Nacked-by: Manish Chopra <manishc@marvell.com>
Acked-by: Manish Chopra <manishc@marvell.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| -rw-r--r-- | drivers/net/ethernet/qlogic/qede/qede_main.c | 21 |
1 files changed, 7 insertions, 14 deletions
diff --git a/drivers/net/ethernet/qlogic/qede/qede_main.c b/drivers/net/ethernet/qlogic/qede/qede_main.c index af39513db1ba..89d64a5a4951 100644 --- a/drivers/net/ethernet/qlogic/qede/qede_main.c +++ b/drivers/net/ethernet/qlogic/qede/qede_main.c @@ -960,7 +960,6 @@ static int qede_alloc_fp_array(struct qede_dev *edev) { u8 fp_combined, fp_rx = edev->fp_num_rx; struct qede_fastpath *fp; - void *mem; int i; edev->fp_array = kcalloc(QEDE_QUEUE_CNT(edev), @@ -971,20 +970,14 @@ static int qede_alloc_fp_array(struct qede_dev *edev) } if (!edev->coal_entry) { - mem = kcalloc(QEDE_MAX_RSS_CNT(edev), - sizeof(*edev->coal_entry), GFP_KERNEL); - } else { - mem = krealloc(edev->coal_entry, - QEDE_QUEUE_CNT(edev) * sizeof(*edev->coal_entry), - GFP_KERNEL); - } - - if (!mem) { - DP_ERR(edev, "coalesce entry allocation failed\n"); - kfree(edev->coal_entry); - goto err; + edev->coal_entry = kcalloc(QEDE_MAX_RSS_CNT(edev), + sizeof(*edev->coal_entry), + GFP_KERNEL); + if (!edev->coal_entry) { + DP_ERR(edev, "coalesce entry allocation failed\n"); + goto err; + } } - edev->coal_entry = mem; fp_combined = QEDE_QUEUE_CNT(edev) - fp_rx - edev->fp_num_tx; |