The future tasklet API will no longer allow to pass an arbitrary "unsigned long" data parameter. The tasklet data structure will need to be embedded into a data structure that will be retrieved from the tasklet handler. For this, the parent structure will be retrieved by the help of container_of(), which means that tasklet must be statically allocated into the parent structure and not allocated via kmalloc(). This commit, remove the dynamic allocation of the tasklet in each "struct qed_hwfn". Before each reused the tasklet will be killed, disabled then reinit, redefining its internal data structure state, so it can be reused for another purpose without requiring the need to reallocate a new object dynamically (which can be subject to use-after-free, double-free or memleak issues). Signed-off-by: Romain Perier <romain.perier@xxxxxxxxx> --- drivers/net/ethernet/qlogic/qed/qed.h | 2 +- drivers/net/ethernet/qlogic/qed/qed_int.c | 22 +--------------------- drivers/net/ethernet/qlogic/qed/qed_main.c | 14 +++++++------- 3 files changed, 9 insertions(+), 29 deletions(-) diff --git a/drivers/net/ethernet/qlogic/qed/qed.h b/drivers/net/ethernet/qlogic/qed/qed.h index 89fe091c958d..e180df1d340e 100644 --- a/drivers/net/ethernet/qlogic/qed/qed.h +++ b/drivers/net/ethernet/qlogic/qed/qed.h @@ -592,7 +592,7 @@ struct qed_hwfn { struct qed_consq *p_consq; /* Slow-Path definitions */ - struct tasklet_struct *sp_dpc; + struct tasklet_struct sp_dpc; bool b_sp_dpc_enabled; struct qed_ptt *p_main_ptt; diff --git a/drivers/net/ethernet/qlogic/qed/qed_int.c b/drivers/net/ethernet/qlogic/qed/qed_int.c index 9f5113639eaf..7e1ef7b281b5 100644 --- a/drivers/net/ethernet/qlogic/qed/qed_int.c +++ b/drivers/net/ethernet/qlogic/qed/qed_int.c @@ -2279,34 +2279,15 @@ u64 qed_int_igu_read_sisr_reg(struct qed_hwfn *p_hwfn) static void qed_int_sp_dpc_setup(struct qed_hwfn *p_hwfn) { - tasklet_init(p_hwfn->sp_dpc, + tasklet_init(&p_hwfn->sp_dpc, qed_int_sp_dpc, (unsigned long)p_hwfn); p_hwfn->b_sp_dpc_enabled = true; } -static int qed_int_sp_dpc_alloc(struct qed_hwfn *p_hwfn) -{ - p_hwfn->sp_dpc = kmalloc(sizeof(*p_hwfn->sp_dpc), GFP_KERNEL); - if (!p_hwfn->sp_dpc) - return -ENOMEM; - - return 0; -} - -static void qed_int_sp_dpc_free(struct qed_hwfn *p_hwfn) -{ - kfree(p_hwfn->sp_dpc); - p_hwfn->sp_dpc = NULL; -} - int qed_int_alloc(struct qed_hwfn *p_hwfn, struct qed_ptt *p_ptt) { int rc = 0; - rc = qed_int_sp_dpc_alloc(p_hwfn); - if (rc) - return rc; - rc = qed_int_sp_sb_alloc(p_hwfn, p_ptt); if (rc) return rc; @@ -2320,7 +2301,6 @@ void qed_int_free(struct qed_hwfn *p_hwfn) { qed_int_sp_sb_free(p_hwfn); qed_int_sb_attn_free(p_hwfn); - qed_int_sp_dpc_free(p_hwfn); } void qed_int_setup(struct qed_hwfn *p_hwfn, struct qed_ptt *p_ptt) diff --git a/drivers/net/ethernet/qlogic/qed/qed_main.c b/drivers/net/ethernet/qlogic/qed/qed_main.c index 2ce70097d018..743c4561e251 100644 --- a/drivers/net/ethernet/qlogic/qed/qed_main.c +++ b/drivers/net/ethernet/qlogic/qed/qed_main.c @@ -678,7 +678,7 @@ static irqreturn_t qed_single_int(int irq, void *dev_instance) /* Slowpath interrupt */ if (unlikely(status & 0x1)) { - tasklet_schedule(hwfn->sp_dpc); + tasklet_schedule(&hwfn->sp_dpc); status &= ~0x1; rc = IRQ_HANDLED; } @@ -724,7 +724,7 @@ int qed_slowpath_irq_req(struct qed_hwfn *hwfn) id, cdev->pdev->bus->number, PCI_SLOT(cdev->pdev->devfn), hwfn->abs_pf_id); rc = request_irq(cdev->int_params.msix_table[id].vector, - qed_msix_sp_int, 0, hwfn->name, hwfn->sp_dpc); + qed_msix_sp_int, 0, hwfn->name, &hwfn->sp_dpc); } else { unsigned long flags = 0; @@ -756,8 +756,8 @@ static void qed_slowpath_tasklet_flush(struct qed_hwfn *p_hwfn) * enable function makes this sequence a flush-like operation. */ if (p_hwfn->b_sp_dpc_enabled) { - tasklet_disable(p_hwfn->sp_dpc); - tasklet_enable(p_hwfn->sp_dpc); + tasklet_disable(&p_hwfn->sp_dpc); + tasklet_enable(&p_hwfn->sp_dpc); } } @@ -786,7 +786,7 @@ static void qed_slowpath_irq_free(struct qed_dev *cdev) break; synchronize_irq(cdev->int_params.msix_table[i].vector); free_irq(cdev->int_params.msix_table[i].vector, - cdev->hwfns[i].sp_dpc); + &cdev->hwfns[i].sp_dpc); } } else { if (QED_LEADING_HWFN(cdev)->b_int_requested) @@ -805,11 +805,11 @@ static int qed_nic_stop(struct qed_dev *cdev) struct qed_hwfn *p_hwfn = &cdev->hwfns[i]; if (p_hwfn->b_sp_dpc_enabled) { - tasklet_disable(p_hwfn->sp_dpc); + tasklet_disable(&p_hwfn->sp_dpc); p_hwfn->b_sp_dpc_enabled = false; DP_VERBOSE(cdev, NETIF_MSG_IFDOWN, "Disabled sp tasklet [hwfn %d] at %p\n", - i, p_hwfn->sp_dpc); + i, &p_hwfn->sp_dpc); } } -- 2.23.0