qlcnic: potential dereference null pointer of rx_queue->page_ring

The return value of kcalloc() needs to be checked.
To avoid dereference of null pointer in case of the failure of alloc.
Therefore, it might be better to change the return type of
qlcnic_sriov_alloc_vlans() and return -ENOMEM when alloc fails and
return 0 the others.
Also, qlcnic_sriov_set_guest_vlan_mode() and __qlcnic_pci_sriov_enable()
should deal with the return value of qlcnic_sriov_alloc_vlans().

Fixes: 154d0c810c53 ("qlcnic: VLAN enhancement for 84XX adapters")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov.h b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov.h
index 7160b42f51ddd0ab11bfd8c94f77d506efd8efca..d0111cb3b40e1c5f1e0804e7d8b5dddcbc863541 100644 (file)
--- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov.h
+++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov.h
@@ -201,7 +201,7 @@ int qlcnic_sriov_get_vf_vport_info(struct qlcnic_adapter *,
                                   struct qlcnic_info *, u16);
 int qlcnic_sriov_cfg_vf_guest_vlan(struct qlcnic_adapter *, u16, u8);
 void qlcnic_sriov_free_vlans(struct qlcnic_adapter *);
-void qlcnic_sriov_alloc_vlans(struct qlcnic_adapter *);
+int qlcnic_sriov_alloc_vlans(struct qlcnic_adapter *);
 bool qlcnic_sriov_check_any_vlan(struct qlcnic_vf_info *);
 void qlcnic_sriov_del_vlan_id(struct qlcnic_sriov *,
                              struct qlcnic_vf_info *, u16);

diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_common.c b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_common.c
index dd03be3fc82a972b9560049ff41703ec1a0ba501..42a44c97572aec68ea0ca3b69cc90b5e7abec43a 100644 (file)
--- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_common.c
+++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_common.c
@@ -432,7 +432,7 @@ static int qlcnic_sriov_set_guest_vlan_mode(struct qlcnic_adapter *adapter,
                                            struct qlcnic_cmd_args *cmd)
 {
        struct qlcnic_sriov *sriov = adapter->ahw->sriov;
-       int i, num_vlans;
+       int i, num_vlans, ret;
        u16 *vlans;
 
        if (sriov->allowed_vlans)
@@ -443,7 +443,9 @@ static int qlcnic_sriov_set_guest_vlan_mode(struct qlcnic_adapter *adapter,
        dev_info(&adapter->pdev->dev, "Number of allowed Guest VLANs = %d\n",
                 sriov->num_allowed_vlans);
 
-       qlcnic_sriov_alloc_vlans(adapter);
+       ret = qlcnic_sriov_alloc_vlans(adapter);
+       if (ret)
+               return ret;
 
        if (!sriov->any_vlan)
                return 0;
@@ -2154,7 +2156,7 @@ static int qlcnic_sriov_vf_resume(struct qlcnic_adapter *adapter)
        return err;
 }
 
-void qlcnic_sriov_alloc_vlans(struct qlcnic_adapter *adapter)
+int qlcnic_sriov_alloc_vlans(struct qlcnic_adapter *adapter)
 {
        struct qlcnic_sriov *sriov = adapter->ahw->sriov;
        struct qlcnic_vf_info *vf;
@@ -2164,7 +2166,11 @@ void qlcnic_sriov_alloc_vlans(struct qlcnic_adapter *adapter)
                vf = &sriov->vf_info[i];
                vf->sriov_vlans = kcalloc(sriov->num_allowed_vlans,
                                          sizeof(*vf->sriov_vlans), GFP_KERNEL);
+               if (!vf->sriov_vlans)
+                       return -ENOMEM;
        }
+
+       return 0;
 }
 
 void qlcnic_sriov_free_vlans(struct qlcnic_adapter *adapter)

diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_pf.c b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_pf.c
index 447720b93e5ab3b04622429d0eb3d20b4f4edeb4..e90fa97c0ae6c36bf18fffb822d78ce4f77448f8 100644 (file)
--- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_pf.c
+++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_pf.c
@@ -597,7 +597,9 @@ static int __qlcnic_pci_sriov_enable(struct qlcnic_adapter *adapter,
        if (err)
                goto del_flr_queue;
 
-       qlcnic_sriov_alloc_vlans(adapter);
+       err = qlcnic_sriov_alloc_vlans(adapter);
+       if (err)
+               goto del_flr_queue;
 
        return err;