| Message ID | 20190727092549.6169-1-xywang.sjtu@sjtu.edu.cn (mailing list archive) |
|---|---|
| State | Deferred |
| Headers | show |
| Series | scsi/qedf: avoid accessing uninitialized data | expand |
diff --git a/drivers/scsi/qedf/qedf_io.c b/drivers/scsi/qedf/qedf_io.c index d881e822f92c..2851b0cd1df8 100644 --- a/drivers/scsi/qedf/qedf_io.c +++ b/drivers/scsi/qedf/qedf_io.c @@ -254,7 +254,7 @@ struct qedf_cmd_mgr *qedf_cmd_mgr_alloc(struct qedf_ctx *qedf) } /* Allocate pool of io_bdts - one for each qedf_ioreq */ - cmgr->io_bdt_pool = kmalloc_array(num_ios, sizeof(struct io_bdt *), + cmgr->io_bdt_pool = kcalloc(num_ios, sizeof(struct io_bdt *), GFP_KERNEL); if (!cmgr->io_bdt_pool) {
Similar to commit b2d3492fc591 ("scsi: bnx2fc: Fix error handling in probe()"), qedf_cmd_mgr_alloc() allocates cmgr->io_bdt_pool without initializing it with zero. Though each item of this array is explicitly initialized with kmalloc() in the for-loop below, kmalloc() may fail in the middle of the loop and make the caller go into qedf_cmd_mgr_free(), where some uninitialized cmgr->io_bdt_pool items are accessed. Fix this by allocating cmgr->io_bdt_pool with kcalloc(). Signed-off-by: Wang Xiayang <xywang.sjtu@sjtu.edu.cn> --- drivers/scsi/qedf/qedf_io.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)