This is a note to let you know that I've just added the patch titled
qede: avoid uninitialized entries in coal_entry array
to the 6.2-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
qede-avoid-uninitialized-entries-in-coal_entry-array.patch
and it can be found in the queue-6.2 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From aaa3c08ee0653beaa649d4adfb27ad562641cfd8 Mon Sep 17 00:00:00 2001
From: Michal Schmidt <mschmidt@xxxxxxxxxx>
Date: Fri, 24 Feb 2023 01:41:45 +0100
Subject: qede: avoid uninitialized entries in coal_entry array
From: Michal Schmidt <mschmidt@xxxxxxxxxx>
commit aaa3c08ee0653beaa649d4adfb27ad562641cfd8 upstream.
Even after commit 908d4bb7c54c ("qede: fix interrupt coalescing
configuration"), some entries of the coal_entry array may theoretically
be used uninitialized:
1. qede_alloc_fp_array() allocates QEDE_MAX_RSS_CNT entries for
coal_entry. The initial allocation uses kcalloc, so everything is
initialized.
2. The user sets a small number of queues (ethtool -L).
coal_entry is reallocated for the actual small number of queues.
3. The user sets a bigger number of queues.
coal_entry is reallocated bigger. The added entries are not
necessarily initialized.
In practice, the reallocations will actually keep using the originally
allocated region of memory, but we should not rely on it.
The reallocation is unnecessary. coal_entry can always have
QEDE_MAX_RSS_CNT entries.
Fixes: 908d4bb7c54c ("qede: fix interrupt coalescing configuration")
Signed-off-by: Michal Schmidt <mschmidt@xxxxxxxxxx>
Nacked-by: Manish Chopra <manishc@xxxxxxxxxxx>
Acked-by: Manish Chopra <manishc@xxxxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/net/ethernet/qlogic/qede/qede_main.c | 21 +++++++--------------
1 file changed, 7 insertions(+), 14 deletions(-)
--- a/drivers/net/ethernet/qlogic/qede/qede_main.c
+++ b/drivers/net/ethernet/qlogic/qede/qede_main.c
@@ -960,7 +960,6 @@ static int qede_alloc_fp_array(struct qe
{
u8 fp_combined, fp_rx = edev->fp_num_rx;
struct qede_fastpath *fp;
- void *mem;
int i;
edev->fp_array = kcalloc(QEDE_QUEUE_CNT(edev),
@@ -971,21 +970,15 @@ static int qede_alloc_fp_array(struct qe
}
if (!edev->coal_entry) {
- mem = kcalloc(QEDE_MAX_RSS_CNT(edev),
- sizeof(*edev->coal_entry), GFP_KERNEL);
- } else {
- mem = krealloc(edev->coal_entry,
- QEDE_QUEUE_CNT(edev) * sizeof(*edev->coal_entry),
- GFP_KERNEL);
+ edev->coal_entry = kcalloc(QEDE_MAX_RSS_CNT(edev),
+ sizeof(*edev->coal_entry),
+ GFP_KERNEL);
+ if (!edev->coal_entry) {
+ DP_ERR(edev, "coalesce entry allocation failed\n");
+ goto err;
+ }
}
- if (!mem) {
- DP_ERR(edev, "coalesce entry allocation failed\n");
- kfree(edev->coal_entry);
- goto err;
- }
- edev->coal_entry = mem;
-
fp_combined = QEDE_QUEUE_CNT(edev) - fp_rx - edev->fp_num_tx;
/* Allocate the FP elements for Rx queues followed by combined and then
Patches currently in stable-queue which might be from mschmidt@xxxxxxxxxx are
queue-6.2/qede-avoid-uninitialized-entries-in-coal_entry-array.patch
