* [PATCH 1/2] scsi: qedf: Replace kmalloc_array() with kcalloc() [not found] ` <20250206052523.16683-1-jiashengjiangcool@gmail.com> @ 2025-02-06 5:25 ` Jiasheng Jiang 2025-02-06 5:36 ` Greg KH 2025-02-06 5:25 ` [PATCH 2/2] scsi: qedf: Add check for bdt_info Jiasheng Jiang 1 sibling, 1 reply; 10+ messages in thread From: Jiasheng Jiang @ 2025-02-06 5:25 UTC (permalink / raw) To: markus.elfring Cc: GR-QLogic-Storage-Upstream, James.Bottomley, arun.easi, bvanassche, jhasan, jiashengjiangcool, linux-kernel, linux-scsi, manish.rangankar, martin.petersen, nilesh.javali, skashyap, stable Replace kmalloc_array() with kcalloc() to avoid old (dirty) data being used/freed. Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.") Cc: <stable@vger.kernel.org> # v5.10+ Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com> --- drivers/scsi/qedf/qedf_io.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c index fcfc3bed02c6..d52057b97a4f 100644 --- a/drivers/scsi/qedf/qedf_io.c +++ b/drivers/scsi/qedf/qedf_io.c @@ -254,9 +254,7 @@ struct qedf_cmd_mgr *qedf_cmd_mgr_alloc(struct qedf_ctx *qedf) } /* Allocate pool of io_bdts - one for each qedf_ioreq */ - cmgr->io_bdt_pool = kmalloc_array(num_ios, sizeof(struct io_bdt *), - GFP_KERNEL); - + cmgr->io_bdt_pool = kcalloc(num_ios, sizeof(*cmgr->io_bdt_pool), GFP_KERNEL); if (!cmgr->io_bdt_pool) { QEDF_WARN(&(qedf->dbg_ctx), "Failed to alloc io_bdt_pool.\n"); goto mem_err; -- 2.25.1 ^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH 1/2] scsi: qedf: Replace kmalloc_array() with kcalloc() 2025-02-06 5:25 ` [PATCH 1/2] scsi: qedf: Replace kmalloc_array() with kcalloc() Jiasheng Jiang @ 2025-02-06 5:36 ` Greg KH 2025-02-06 5:38 ` Greg KH 0 siblings, 1 reply; 10+ messages in thread From: Greg KH @ 2025-02-06 5:36 UTC (permalink / raw) To: Jiasheng Jiang Cc: markus.elfring, GR-QLogic-Storage-Upstream, James.Bottomley, arun.easi, bvanassche, jhasan, linux-kernel, linux-scsi, manish.rangankar, martin.petersen, nilesh.javali, skashyap, stable On Thu, Feb 06, 2025 at 05:25:22AM +0000, Jiasheng Jiang wrote: > Replace kmalloc_array() with kcalloc() to avoid old (dirty) data being > used/freed. Used/freed where? > > Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.") > Cc: <stable@vger.kernel.org> # v5.10+ > Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com> > --- > drivers/scsi/qedf/qedf_io.c | 4 +--- > 1 file changed, 1 insertion(+), 3 deletions(-) > > diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c > index fcfc3bed02c6..d52057b97a4f 100644 > --- a/drivers/scsi/qedf/qedf_io.c > +++ b/drivers/scsi/qedf/qedf_io.c > @@ -254,9 +254,7 @@ struct qedf_cmd_mgr *qedf_cmd_mgr_alloc(struct qedf_ctx *qedf) > } > > /* Allocate pool of io_bdts - one for each qedf_ioreq */ > - cmgr->io_bdt_pool = kmalloc_array(num_ios, sizeof(struct io_bdt *), > - GFP_KERNEL); > - > + cmgr->io_bdt_pool = kcalloc(num_ios, sizeof(*cmgr->io_bdt_pool), GFP_KERNEL); This is just an array that is then properly all initialized a few lines below this. So why does this need to be zeroed out at all? thanks, greg k-h ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 1/2] scsi: qedf: Replace kmalloc_array() with kcalloc() 2025-02-06 5:36 ` Greg KH @ 2025-02-06 5:38 ` Greg KH 2025-02-06 19:19 ` [PATCH v2 " Jiasheng Jiang 0 siblings, 1 reply; 10+ messages in thread From: Greg KH @ 2025-02-06 5:38 UTC (permalink / raw) To: Jiasheng Jiang Cc: markus.elfring, GR-QLogic-Storage-Upstream, James.Bottomley, arun.easi, bvanassche, jhasan, linux-kernel, linux-scsi, manish.rangankar, martin.petersen, nilesh.javali, skashyap, stable On Thu, Feb 06, 2025 at 06:36:58AM +0100, Greg KH wrote: > On Thu, Feb 06, 2025 at 05:25:22AM +0000, Jiasheng Jiang wrote: > > Replace kmalloc_array() with kcalloc() to avoid old (dirty) data being > > used/freed. > > Used/freed where? > > > > > Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.") > > Cc: <stable@vger.kernel.org> # v5.10+ > > Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com> > > --- > > drivers/scsi/qedf/qedf_io.c | 4 +--- > > 1 file changed, 1 insertion(+), 3 deletions(-) > > > > diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c > > index fcfc3bed02c6..d52057b97a4f 100644 > > --- a/drivers/scsi/qedf/qedf_io.c > > +++ b/drivers/scsi/qedf/qedf_io.c > > @@ -254,9 +254,7 @@ struct qedf_cmd_mgr *qedf_cmd_mgr_alloc(struct qedf_ctx *qedf) > > } > > > > /* Allocate pool of io_bdts - one for each qedf_ioreq */ > > - cmgr->io_bdt_pool = kmalloc_array(num_ios, sizeof(struct io_bdt *), > > - GFP_KERNEL); > > - > > + cmgr->io_bdt_pool = kcalloc(num_ios, sizeof(*cmgr->io_bdt_pool), GFP_KERNEL); > > This is just an array that is then properly all initialized a few lines > below this. > > So why does this need to be zeroed out at all? Oh, I think I figured it out, but your text for the changelog is wrong, and needs to be fixed to properly describe what is going on here. thanks, greg k-h ^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH v2 1/2] scsi: qedf: Replace kmalloc_array() with kcalloc() 2025-02-06 5:38 ` Greg KH @ 2025-02-06 19:19 ` Jiasheng Jiang 2025-02-06 19:20 ` [PATCH v2 2/2] scsi: qedf: Add check for bdt_info Jiasheng Jiang 2025-02-07 15:09 ` [PATCH v2 1/2] scsi: qedf: Replace kmalloc_array() with kcalloc() Greg KH 0 siblings, 2 replies; 10+ messages in thread From: Jiasheng Jiang @ 2025-02-06 19:19 UTC (permalink / raw) To: gregkh Cc: GR-QLogic-Storage-Upstream, James.Bottomley, arun.easi, bvanassche, jhasan, jiashengjiangcool, linux-kernel, linux-scsi, manish.rangankar, markus.elfring, martin.petersen, nilesh.javali, skashyap, stable Replace kmalloc_array() with kcalloc() to avoid old (dirty) data being used/freed. Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.") Cc: <stable@vger.kernel.org> # v5.10+ Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com> --- Changlog: v1 -> v2: 1. Replace kzalloc() with kcalloc() to not reintroduce the possibility of multiplication overflow. --- drivers/scsi/qedf/qedf_io.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c index fcfc3bed02c6..d52057b97a4f 100644 --- a/drivers/scsi/qedf/qedf_io.c +++ b/drivers/scsi/qedf/qedf_io.c @@ -254,9 +254,7 @@ struct qedf_cmd_mgr *qedf_cmd_mgr_alloc(struct qedf_ctx *qedf) } /* Allocate pool of io_bdts - one for each qedf_ioreq */ - cmgr->io_bdt_pool = kmalloc_array(num_ios, sizeof(struct io_bdt *), - GFP_KERNEL); - + cmgr->io_bdt_pool = kcalloc(num_ios, sizeof(*cmgr->io_bdt_pool), GFP_KERNEL); if (!cmgr->io_bdt_pool) { QEDF_WARN(&(qedf->dbg_ctx), "Failed to alloc io_bdt_pool.\n"); goto mem_err; -- 2.25.1 ^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH v2 2/2] scsi: qedf: Add check for bdt_info 2025-02-06 19:19 ` [PATCH v2 " Jiasheng Jiang @ 2025-02-06 19:20 ` Jiasheng Jiang 2025-02-07 15:09 ` [PATCH v2 1/2] scsi: qedf: Replace kmalloc_array() with kcalloc() Greg KH 1 sibling, 0 replies; 10+ messages in thread From: Jiasheng Jiang @ 2025-02-06 19:20 UTC (permalink / raw) To: gregkh Cc: GR-QLogic-Storage-Upstream, James.Bottomley, arun.easi, bvanassche, jhasan, jiashengjiangcool, linux-kernel, linux-scsi, manish.rangankar, markus.elfring, martin.petersen, nilesh.javali, skashyap, stable Add a check for "bdt_info". Otherwise, if one of the allocations for "cmgr->io_bdt_pool[i]" fails, "bdt_info->bd_tbl" will cause a NULL pointer dereference. Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.") Cc: <stable@vger.kernel.org> # v5.10+ Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com> --- Changelog: v1 -> v2: 1. No change. --- drivers/scsi/qedf/qedf_io.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c index d52057b97a4f..1ed0ee4f8dde 100644 --- a/drivers/scsi/qedf/qedf_io.c +++ b/drivers/scsi/qedf/qedf_io.c @@ -125,7 +125,7 @@ void qedf_cmd_mgr_free(struct qedf_cmd_mgr *cmgr) bd_tbl_sz = QEDF_MAX_BDS_PER_CMD * sizeof(struct scsi_sge); for (i = 0; i < num_ios; i++) { bdt_info = cmgr->io_bdt_pool[i]; - if (bdt_info->bd_tbl) { + if (bdt_info && bdt_info->bd_tbl) { dma_free_coherent(&qedf->pdev->dev, bd_tbl_sz, bdt_info->bd_tbl, bdt_info->bd_tbl_dma); bdt_info->bd_tbl = NULL; -- 2.25.1 ^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH v2 1/2] scsi: qedf: Replace kmalloc_array() with kcalloc() 2025-02-06 19:19 ` [PATCH v2 " Jiasheng Jiang 2025-02-06 19:20 ` [PATCH v2 2/2] scsi: qedf: Add check for bdt_info Jiasheng Jiang @ 2025-02-07 15:09 ` Greg KH 2025-02-07 15:45 ` [PATCH v3 " Jiasheng Jiang 2025-02-07 15:46 ` [PATCH v2 1/2] scsi: qedf: Replace kmalloc_array() with kcalloc() Jiasheng Jiang 1 sibling, 2 replies; 10+ messages in thread From: Greg KH @ 2025-02-07 15:09 UTC (permalink / raw) To: Jiasheng Jiang Cc: GR-QLogic-Storage-Upstream, James.Bottomley, arun.easi, bvanassche, jhasan, linux-kernel, linux-scsi, manish.rangankar, markus.elfring, martin.petersen, nilesh.javali, skashyap, stable On Thu, Feb 06, 2025 at 07:19:59PM +0000, Jiasheng Jiang wrote: > Replace kmalloc_array() with kcalloc() to avoid old (dirty) data being > used/freed. "Potentially" being freed. It will not be used. And this is only for an error path that obviously no one has hit before. Please explain this much better. thanks, greg k-h ^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH v3 1/2] scsi: qedf: Replace kmalloc_array() with kcalloc() 2025-02-07 15:09 ` [PATCH v2 1/2] scsi: qedf: Replace kmalloc_array() with kcalloc() Greg KH @ 2025-02-07 15:45 ` Jiasheng Jiang 2025-02-07 15:45 ` [PATCH v3 2/2] scsi: qedf: Add check for bdt_info Jiasheng Jiang 2025-02-07 15:46 ` [PATCH v2 1/2] scsi: qedf: Replace kmalloc_array() with kcalloc() Jiasheng Jiang 1 sibling, 1 reply; 10+ messages in thread From: Jiasheng Jiang @ 2025-02-07 15:45 UTC (permalink / raw) To: gregkh Cc: GR-QLogic-Storage-Upstream, James.Bottomley, arun.easi, bvanassche, jhasan, jiashengjiangcool, linux-kernel, linux-scsi, manish.rangankar, markus.elfring, martin.petersen, nilesh.javali, skashyap, stable Replace kmalloc_array() with kcalloc() to avoid old (dirty) data being potentially used/freed. Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.") Cc: <stable@vger.kernel.org> # v5.10+ Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com> --- Changlog: v2 -> v3: 1. Add "potentially" in the commit message to explain this much better. v1 -> v2: 1. Replace kzalloc() with kcalloc() to not reintroduce the possibility of multiplication overflow. --- drivers/scsi/qedf/qedf_io.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c index fcfc3bed02c6..d52057b97a4f 100644 --- a/drivers/scsi/qedf/qedf_io.c +++ b/drivers/scsi/qedf/qedf_io.c @@ -254,9 +254,7 @@ struct qedf_cmd_mgr *qedf_cmd_mgr_alloc(struct qedf_ctx *qedf) } /* Allocate pool of io_bdts - one for each qedf_ioreq */ - cmgr->io_bdt_pool = kmalloc_array(num_ios, sizeof(struct io_bdt *), - GFP_KERNEL); - + cmgr->io_bdt_pool = kcalloc(num_ios, sizeof(*cmgr->io_bdt_pool), GFP_KERNEL); if (!cmgr->io_bdt_pool) { QEDF_WARN(&(qedf->dbg_ctx), "Failed to alloc io_bdt_pool.\n"); goto mem_err; -- 2.25.1 ^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH v3 2/2] scsi: qedf: Add check for bdt_info 2025-02-07 15:45 ` [PATCH v3 " Jiasheng Jiang @ 2025-02-07 15:45 ` Jiasheng Jiang 0 siblings, 0 replies; 10+ messages in thread From: Jiasheng Jiang @ 2025-02-07 15:45 UTC (permalink / raw) To: gregkh Cc: GR-QLogic-Storage-Upstream, James.Bottomley, arun.easi, bvanassche, jhasan, jiashengjiangcool, linux-kernel, linux-scsi, manish.rangankar, markus.elfring, martin.petersen, nilesh.javali, skashyap, stable Add a check for "bdt_info". Otherwise, if one of the allocations for "cmgr->io_bdt_pool[i]" fails, "bdt_info->bd_tbl" will cause a NULL pointer dereference. Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.") Cc: <stable@vger.kernel.org> # v5.10+ Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com> --- Changelog: v2 -> v3: 1. No change. v1 -> v2: 1. No change. --- drivers/scsi/qedf/qedf_io.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c index d52057b97a4f..1ed0ee4f8dde 100644 --- a/drivers/scsi/qedf/qedf_io.c +++ b/drivers/scsi/qedf/qedf_io.c @@ -125,7 +125,7 @@ void qedf_cmd_mgr_free(struct qedf_cmd_mgr *cmgr) bd_tbl_sz = QEDF_MAX_BDS_PER_CMD * sizeof(struct scsi_sge); for (i = 0; i < num_ios; i++) { bdt_info = cmgr->io_bdt_pool[i]; - if (bdt_info->bd_tbl) { + if (bdt_info && bdt_info->bd_tbl) { dma_free_coherent(&qedf->pdev->dev, bd_tbl_sz, bdt_info->bd_tbl, bdt_info->bd_tbl_dma); bdt_info->bd_tbl = NULL; -- 2.25.1 ^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH v2 1/2] scsi: qedf: Replace kmalloc_array() with kcalloc() 2025-02-07 15:09 ` [PATCH v2 1/2] scsi: qedf: Replace kmalloc_array() with kcalloc() Greg KH 2025-02-07 15:45 ` [PATCH v3 " Jiasheng Jiang @ 2025-02-07 15:46 ` Jiasheng Jiang 1 sibling, 0 replies; 10+ messages in thread From: Jiasheng Jiang @ 2025-02-07 15:46 UTC (permalink / raw) To: Greg KH Cc: GR-QLogic-Storage-Upstream, James.Bottomley, arun.easi, bvanassche, jhasan, linux-kernel, linux-scsi, manish.rangankar, markus.elfring, martin.petersen, nilesh.javali, skashyap, stable Hi Greg, On Fri, Feb 7, 2025 at 10:10 AM Greg KH <gregkh@linuxfoundation.org> wrote: > > On Thu, Feb 06, 2025 at 07:19:59PM +0000, Jiasheng Jiang wrote: > > Replace kmalloc_array() with kcalloc() to avoid old (dirty) data being > > used/freed. > > "Potentially" being freed. It will not be used. And this is only for > an error path that obviously no one has hit before. > > Please explain this much better. > > thanks, > > greg k-h Thanks, I have submitted a v3 and added "potentially" in the commit message. -Jiasheng ^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH 2/2] scsi: qedf: Add check for bdt_info [not found] ` <20250206052523.16683-1-jiashengjiangcool@gmail.com> 2025-02-06 5:25 ` [PATCH 1/2] scsi: qedf: Replace kmalloc_array() with kcalloc() Jiasheng Jiang @ 2025-02-06 5:25 ` Jiasheng Jiang 1 sibling, 0 replies; 10+ messages in thread From: Jiasheng Jiang @ 2025-02-06 5:25 UTC (permalink / raw) To: markus.elfring Cc: GR-QLogic-Storage-Upstream, James.Bottomley, arun.easi, bvanassche, jhasan, jiashengjiangcool, linux-kernel, linux-scsi, manish.rangankar, martin.petersen, nilesh.javali, skashyap, stable Add a check for "bdt_info". Otherwise, if one of the allocations for "cmgr->io_bdt_pool[i]" fails, "bdt_info->bd_tbl" will cause a NULL pointer dereference. Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.") Cc: <stable@vger.kernel.org> # v5.10+ Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com> --- drivers/scsi/qedf/qedf_io.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c index d52057b97a4f..1ed0ee4f8dde 100644 --- a/drivers/scsi/qedf/qedf_io.c +++ b/drivers/scsi/qedf/qedf_io.c @@ -125,7 +125,7 @@ void qedf_cmd_mgr_free(struct qedf_cmd_mgr *cmgr) bd_tbl_sz = QEDF_MAX_BDS_PER_CMD * sizeof(struct scsi_sge); for (i = 0; i < num_ios; i++) { bdt_info = cmgr->io_bdt_pool[i]; - if (bdt_info->bd_tbl) { + if (bdt_info && bdt_info->bd_tbl) { dma_free_coherent(&qedf->pdev->dev, bd_tbl_sz, bdt_info->bd_tbl, bdt_info->bd_tbl_dma); bdt_info->bd_tbl = NULL; -- 2.25.1 ^ permalink raw reply related [flat|nested] 10+ messages in thread
end of thread, other threads:[~2025-02-07 15:46 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <d4db5506-6ace-4585-972e-6b7a6fc882a4@web.de>
[not found] ` <20250206052523.16683-1-jiashengjiangcool@gmail.com>
2025-02-06 5:25 ` [PATCH 1/2] scsi: qedf: Replace kmalloc_array() with kcalloc() Jiasheng Jiang
2025-02-06 5:36 ` Greg KH
2025-02-06 5:38 ` Greg KH
2025-02-06 19:19 ` [PATCH v2 " Jiasheng Jiang
2025-02-06 19:20 ` [PATCH v2 2/2] scsi: qedf: Add check for bdt_info Jiasheng Jiang
2025-02-07 15:09 ` [PATCH v2 1/2] scsi: qedf: Replace kmalloc_array() with kcalloc() Greg KH
2025-02-07 15:45 ` [PATCH v3 " Jiasheng Jiang
2025-02-07 15:45 ` [PATCH v3 2/2] scsi: qedf: Add check for bdt_info Jiasheng Jiang
2025-02-07 15:46 ` [PATCH v2 1/2] scsi: qedf: Replace kmalloc_array() with kcalloc() Jiasheng Jiang
2025-02-06 5:25 ` [PATCH 2/2] scsi: qedf: Add check for bdt_info Jiasheng Jiang
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox