Similar to commit b2d3492fc591 ("scsi: bnx2fc: Fix error handling
in probe()"), qedf_cmd_mgr_alloc() allocates cmgr->io_bdt_pool
without initializing it with zero. Though each item of this array
is explicitly initialized with kmalloc() in the for-loop below,
kmalloc() may fail in the middle of the loop and make the caller
go into qedf_cmd_mgr_free(), where some uninitialized
cmgr->io_bdt_pool items are accessed.
Fix this by allocating cmgr->io_bdt_pool with kcalloc().
Signed-off-by: Wang Xiayang <xywang.sjtu@xxxxxxxxxxx>
---
drivers/scsi/qedf/qedf_io.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c
index d881e822f92c..2851b0cd1df8 100644
--- a/drivers/scsi/qedf/qedf_io.c
+++ b/drivers/scsi/qedf/qedf_io.c
@@ -254,7 +254,7 @@ struct qedf_cmd_mgr *qedf_cmd_mgr_alloc(struct qedf_ctx *qedf)
}
/* Allocate pool of io_bdts - one for each qedf_ioreq */
- cmgr->io_bdt_pool = kmalloc_array(num_ios, sizeof(struct io_bdt *),
+ cmgr->io_bdt_pool = kcalloc(num_ios, sizeof(struct io_bdt *),
GFP_KERNEL);
if (!cmgr->io_bdt_pool) {
--
2.11.0
