tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

qede: avoid uninitialized entries in coal_entry array

Even after commit 908d4bb7c54c ("qede: fix interrupt coalescing
configuration"), some entries of the coal_entry array may theoretically
be used uninitialized:

1. qede_alloc_fp_array() allocates QEDE_MAX_RSS_CNT entries for
coal_entry. The initial allocation uses kcalloc, so everything is
initialized.
2. The user sets a small number of queues (ethtool -L).
coal_entry is reallocated for the actual small number of queues.
3. The user sets a bigger number of queues.
coal_entry is reallocated bigger. The added entries are not
necessarily initialized.

In practice, the reallocations will actually keep using the originally
allocated region of memory, but we should not rely on it.

The reallocation is unnecessary. coal_entry can always have
QEDE_MAX_RSS_CNT entries.

Fixes: 908d4bb7c54c ("qede: fix interrupt coalescing configuration")
Signed-off-by: Michal Schmidt <mschmidt@redhat.com>
Nacked-by: Manish Chopra <manishc@marvell.com>
Acked-by: Manish Chopra <manishc@marvell.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by

Michal Schmidt and committed by
David S. Miller aaa3c08e 50645610

+7 -14
+7 -14
drivers/net/ethernet/qlogic/qede/qede_main.c
··· 963 963 { 964 964 u8 fp_combined, fp_rx = edev->fp_num_rx; 965 965 struct qede_fastpath *fp; 966 - void *mem; 967 966 int i; 968 967 969 968 edev->fp_array = kcalloc(QEDE_QUEUE_CNT(edev), ··· 973 974 } 974 975 975 976 if (!edev->coal_entry) { 976 - mem = kcalloc(QEDE_MAX_RSS_CNT(edev), 977 - sizeof(*edev->coal_entry), GFP_KERNEL); 978 - } else { 979 - mem = krealloc(edev->coal_entry, 980 - QEDE_QUEUE_CNT(edev) * sizeof(*edev->coal_entry), 981 - GFP_KERNEL); 977 + edev->coal_entry = kcalloc(QEDE_MAX_RSS_CNT(edev), 978 + sizeof(*edev->coal_entry), 979 + GFP_KERNEL); 980 + if (!edev->coal_entry) { 981 + DP_ERR(edev, "coalesce entry allocation failed\n"); 982 + goto err; 983 + } 982 984 } 983 - 984 - if (!mem) { 985 - DP_ERR(edev, "coalesce entry allocation failed\n"); 986 - kfree(edev->coal_entry); 987 - goto err; 988 - } 989 - edev->coal_entry = mem; 990 985 991 986 fp_combined = QEDE_QUEUE_CNT(edev) - fp_rx - edev->fp_num_tx; 992 987