Patch "scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read()" has been added to the 5.15-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Tue, 28 Mar 2023 06:11:31 -0400

This is a note to let you know that I've just added the patch titled

    scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read()

to the 5.15-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     scsi-lpfc-check-kzalloc-in-lpfc_sli4_cgn_params_read.patch
and it can be found in the queue-5.15 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit d1a622265c4f23853d4abf9281947aabebdce969
Author: Justin Tee <justin.tee@xxxxxxxxxxxx>
Date:   Mon Feb 27 20:43:36 2023 -0800

    scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read()
    
    [ Upstream commit 312320b0e0ec21249a17645683fe5304d796aec1 ]
    
    If kzalloc() fails in lpfc_sli4_cgn_params_read(), then we rely on
    lpfc_read_object()'s routine to NULL check pdata.
    
    Currently, an early return error is thrown from lpfc_read_object() to
    protect us from NULL ptr dereference, but the errno code is -ENODEV.
    
    Change the errno code to a more appropriate -ENOMEM.
    
    Reported-by: Kang Chen <void0red@xxxxxxxxx>
    Link: https://lore.kernel.org/all/20230226102338.3362585-1-void0red@xxxxxxxxx
    Signed-off-by: Justin Tee <justin.tee@xxxxxxxxxxxx>
    Link: https://lore.kernel.org/r/20230228044336.5195-1-justintee8345@xxxxxxxxx
    Signed-off-by: Martin K. Petersen <martin.petersen@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/scsi/lpfc/lpfc_init.c b/drivers/scsi/lpfc/lpfc_init.c
index 855817f6fe671..f79299f6178cd 100644
--- a/drivers/scsi/lpfc/lpfc_init.c
+++ b/drivers/scsi/lpfc/lpfc_init.c
@@ -7056,6 +7056,8 @@ lpfc_sli4_cgn_params_read(struct lpfc_hba *phba)
 	/* Find out if the FW has a new set of congestion parameters. */
 	len = sizeof(struct lpfc_cgn_param);
 	pdata = kzalloc(len, GFP_KERNEL);
+	if (!pdata)
+		return -ENOMEM;
 	ret = lpfc_read_object(phba, (char *)LPFC_PORT_CFG_NAME,
 			       pdata, len);
 
diff --git a/drivers/scsi/lpfc/lpfc_sli.c b/drivers/scsi/lpfc/lpfc_sli.c
index 7d333167047f5..1f1d346adc038 100644
--- a/drivers/scsi/lpfc/lpfc_sli.c
+++ b/drivers/scsi/lpfc/lpfc_sli.c
@@ -22376,10 +22376,6 @@ lpfc_read_object(struct lpfc_hba *phba, char *rdobject, uint32_t *datap,
 	struct lpfc_dmabuf *pcmd;
 	u32 rd_object_name[LPFC_MBX_OBJECT_NAME_LEN_DW] = {0};
 
-	/* sanity check on queue memory */
-	if (!datap)
-		return -ENODEV;
-
 	mbox = mempool_alloc(phba->mbox_mem_pool, GFP_KERNEL);
 	if (!mbox)
 		return -ENOMEM;






