Hi Kang, Thanks for reporting this. Technically, the lpfc_read_object routine already NULL checks pdata, and if it was NULL would return -ENODEV. Then, else if (ret < 0) would evaluate to true and we'd goto rd_obj_err. However, we like the suggestion to return -ENOMEM instead. I will post a v2 of this patch to address both concerns. Thanks, Justin On Sun, Feb 26, 2023 at 2:48 AM Kang Chen <void0red@xxxxxxxxx> wrote: > > kzalloc may fails, pdata might be null and it may cause > null pointer dereference later. > > Signed-off-by: Kang Chen <void0red@xxxxxxxxx> > --- > drivers/scsi/lpfc/lpfc_init.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/drivers/scsi/lpfc/lpfc_init.c b/drivers/scsi/lpfc/lpfc_init.c > index 6eb4085a3..54134d782 100644 > --- a/drivers/scsi/lpfc/lpfc_init.c > +++ b/drivers/scsi/lpfc/lpfc_init.c > @@ -7291,6 +7291,8 @@ lpfc_sli4_cgn_params_read(struct lpfc_hba *phba) > /* Find out if the FW has a new set of congestion parameters. */ > len = sizeof(struct lpfc_cgn_param); > pdata = kzalloc(len, GFP_KERNEL); > + if (!pdata) > + return -ENOMEM; > ret = lpfc_read_object(phba, (char *)LPFC_PORT_CFG_NAME, > pdata, len); > > -- > 2.34.1 >
