scsi/qedf: avoid accessing uninitialized data
diff mbox series

Message ID
State Deferred
Headers show
  • scsi/qedf: avoid accessing uninitialized data
Related show

Commit Message

Wang Xiayang July 27, 2019, 9:25 a.m. UTC
Similar to commit b2d3492fc591 ("scsi: bnx2fc: Fix error handling
in probe()"), qedf_cmd_mgr_alloc() allocates cmgr->io_bdt_pool
without initializing it with zero. Though each item of this array
is explicitly initialized with kmalloc() in the for-loop below,
kmalloc() may fail in the middle of the loop and make the caller
go into qedf_cmd_mgr_free(), where some uninitialized
cmgr->io_bdt_pool items are accessed.

Fix this by allocating cmgr->io_bdt_pool with kcalloc().

Signed-off-by: Wang Xiayang <>
 drivers/scsi/qedf/qedf_io.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff mbox series

diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c
index d881e822f92c..2851b0cd1df8 100644
--- a/drivers/scsi/qedf/qedf_io.c
+++ b/drivers/scsi/qedf/qedf_io.c
@@ -254,7 +254,7 @@  struct qedf_cmd_mgr *qedf_cmd_mgr_alloc(struct qedf_ctx *qedf)
 	/* Allocate pool of io_bdts - one for each qedf_ioreq */
-	cmgr->io_bdt_pool = kmalloc_array(num_ios, sizeof(struct io_bdt *),
+	cmgr->io_bdt_pool = kcalloc(num_ios, sizeof(struct io_bdt *),
 	if (!cmgr->io_bdt_pool) {