Patch "scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read()" has been added to the 6.1-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Tue, 28 Mar 2023 06:10:09 -0400

This is a note to let you know that I've just added the patch titled

    scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read()

to the 6.1-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     scsi-lpfc-check-kzalloc-in-lpfc_sli4_cgn_params_read.patch
and it can be found in the queue-6.1 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 196c81d89d138192c7bb45cf8987fb30d5de10a5
Author: Justin Tee <justin.tee@xxxxxxxxxxxx>
Date:   Mon Feb 27 20:43:36 2023 -0800

    scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read()
    
    [ Upstream commit 312320b0e0ec21249a17645683fe5304d796aec1 ]
    
    If kzalloc() fails in lpfc_sli4_cgn_params_read(), then we rely on
    lpfc_read_object()'s routine to NULL check pdata.
    
    Currently, an early return error is thrown from lpfc_read_object() to
    protect us from NULL ptr dereference, but the errno code is -ENODEV.
    
    Change the errno code to a more appropriate -ENOMEM.
    
    Reported-by: Kang Chen <void0red@xxxxxxxxx>
    Link: https://lore.kernel.org/all/20230226102338.3362585-1-void0red@xxxxxxxxx
    Signed-off-by: Justin Tee <justin.tee@xxxxxxxxxxxx>
    Link: https://lore.kernel.org/r/20230228044336.5195-1-justintee8345@xxxxxxxxx
    Signed-off-by: Martin K. Petersen <martin.petersen@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/scsi/lpfc/lpfc_init.c b/drivers/scsi/lpfc/lpfc_init.c
index b535f1fd30100..2f38c8d5a48a9 100644
--- a/drivers/scsi/lpfc/lpfc_init.c
+++ b/drivers/scsi/lpfc/lpfc_init.c
@@ -7234,6 +7234,8 @@ lpfc_sli4_cgn_params_read(struct lpfc_hba *phba)
 	/* Find out if the FW has a new set of congestion parameters. */
 	len = sizeof(struct lpfc_cgn_param);
 	pdata = kzalloc(len, GFP_KERNEL);
+	if (!pdata)
+		return -ENOMEM;
 	ret = lpfc_read_object(phba, (char *)LPFC_PORT_CFG_NAME,
 			       pdata, len);
 
diff --git a/drivers/scsi/lpfc/lpfc_sli.c b/drivers/scsi/lpfc/lpfc_sli.c
index b93c948c4fcc4..43e06bb917e77 100644
--- a/drivers/scsi/lpfc/lpfc_sli.c
+++ b/drivers/scsi/lpfc/lpfc_sli.c
@@ -22096,10 +22096,6 @@ lpfc_read_object(struct lpfc_hba *phba, char *rdobject, uint32_t *datap,
 	struct lpfc_dmabuf *pcmd;
 	u32 rd_object_name[LPFC_MBX_OBJECT_NAME_LEN_DW] = {0};
 
-	/* sanity check on queue memory */
-	if (!datap)
-		return -ENODEV;
-
 	mbox = mempool_alloc(phba->mbox_mem_pool, GFP_KERNEL);
 	if (!mbox)
 		return -ENOMEM;






