Skip to content

Commit b6b4316

Browse files
Shahed Shaikhdavem330
Shahed Shaikh
authored and
davem330
committed
qlcnic: Handle qlcnic_alloc_mbx_args() failure
qlcnic_alloc_mbx_args() may fail due to failure in memory allocation. This patch checks for failure of qlcnic_alloc_mbx_args() to avoid potential invalid memory access. Signed-off-by: Shahed Shaikh <[email protected]> Signed-off-by: Jitendra Kalsaria <[email protected]> Signed-off-by: David S. Miller <[email protected]>
1 parent fedaf4f commit b6b4316

File tree

4 files changed

+206
-64
lines changed

4 files changed

+206
-64
lines changed

drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.c

Lines changed: 103 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -844,7 +844,9 @@ void qlcnic_83xx_idc_aen_work(struct work_struct *work)
844844
int i, err = 0;
845845

846846
adapter = container_of(work, struct qlcnic_adapter, idc_aen_work.work);
847-
qlcnic_alloc_mbx_args(&cmd, adapter, QLCNIC_CMD_IDC_ACK);
847+
err = qlcnic_alloc_mbx_args(&cmd, adapter, QLCNIC_CMD_IDC_ACK);
848+
if (err)
849+
return;
848850

849851
for (i = 1; i < QLC_83XX_MBX_AEN_CNT; i++)
850852
cmd.req.arg[i] = adapter->ahw->mbox_aen[i];
@@ -1085,8 +1087,10 @@ int qlcnic_83xx_create_rx_ctx(struct qlcnic_adapter *adapter)
10851087
cap |= QLC_83XX_FW_CAP_LRO_MSS;
10861088

10871089
/* set mailbox hdr and capabilities */
1088-
qlcnic_alloc_mbx_args(&cmd, adapter,
1089-
QLCNIC_CMD_CREATE_RX_CTX);
1090+
err = qlcnic_alloc_mbx_args(&cmd, adapter,
1091+
QLCNIC_CMD_CREATE_RX_CTX);
1092+
if (err)
1093+
return err;
10901094

10911095
if (qlcnic_sriov_pf_check(adapter) || qlcnic_sriov_vf_check(adapter))
10921096
cmd.req.arg[0] |= (0x3 << 29);
@@ -1244,7 +1248,9 @@ int qlcnic_83xx_create_tx_ctx(struct qlcnic_adapter *adapter,
12441248
mbx.intr_id = 0xffff;
12451249
mbx.src = 0;
12461250

1247-
qlcnic_alloc_mbx_args(&cmd, adapter, QLCNIC_CMD_CREATE_TX_CTX);
1251+
err = qlcnic_alloc_mbx_args(&cmd, adapter, QLCNIC_CMD_CREATE_TX_CTX);
1252+
if (err)
1253+
return err;
12481254

12491255
if (qlcnic_sriov_pf_check(adapter) || qlcnic_sriov_vf_check(adapter))
12501256
cmd.req.arg[0] |= (0x3 << 29);
@@ -1390,8 +1396,11 @@ int qlcnic_83xx_config_led(struct qlcnic_adapter *adapter, u32 state,
13901396

13911397
if (state) {
13921398
/* Get LED configuration */
1393-
qlcnic_alloc_mbx_args(&cmd, adapter,
1394-
QLCNIC_CMD_GET_LED_CONFIG);
1399+
status = qlcnic_alloc_mbx_args(&cmd, adapter,
1400+
QLCNIC_CMD_GET_LED_CONFIG);
1401+
if (status)
1402+
return status;
1403+
13951404
status = qlcnic_issue_cmd(adapter, &cmd);
13961405
if (status) {
13971406
dev_err(&adapter->pdev->dev,
@@ -1405,8 +1414,11 @@ int qlcnic_83xx_config_led(struct qlcnic_adapter *adapter, u32 state,
14051414
/* Set LED Configuration */
14061415
mbx_in = (LSW(QLC_83XX_LED_CONFIG) << 16) |
14071416
LSW(QLC_83XX_LED_CONFIG);
1408-
qlcnic_alloc_mbx_args(&cmd, adapter,
1409-
QLCNIC_CMD_SET_LED_CONFIG);
1417+
status = qlcnic_alloc_mbx_args(&cmd, adapter,
1418+
QLCNIC_CMD_SET_LED_CONFIG);
1419+
if (status)
1420+
return status;
1421+
14101422
cmd.req.arg[1] = mbx_in;
14111423
cmd.req.arg[2] = mbx_in;
14121424
cmd.req.arg[3] = mbx_in;
@@ -1423,8 +1435,11 @@ int qlcnic_83xx_config_led(struct qlcnic_adapter *adapter, u32 state,
14231435

14241436
} else {
14251437
/* Restoring default LED configuration */
1426-
qlcnic_alloc_mbx_args(&cmd, adapter,
1427-
QLCNIC_CMD_SET_LED_CONFIG);
1438+
status = qlcnic_alloc_mbx_args(&cmd, adapter,
1439+
QLCNIC_CMD_SET_LED_CONFIG);
1440+
if (status)
1441+
return status;
1442+
14281443
cmd.req.arg[1] = adapter->ahw->mbox_reg[0];
14291444
cmd.req.arg[2] = adapter->ahw->mbox_reg[1];
14301445
cmd.req.arg[3] = adapter->ahw->mbox_reg[2];
@@ -1494,10 +1509,18 @@ void qlcnic_83xx_register_nic_idc_func(struct qlcnic_adapter *adapter,
14941509
return;
14951510

14961511
if (enable) {
1497-
qlcnic_alloc_mbx_args(&cmd, adapter, QLCNIC_CMD_INIT_NIC_FUNC);
1512+
status = qlcnic_alloc_mbx_args(&cmd, adapter,
1513+
QLCNIC_CMD_INIT_NIC_FUNC);
1514+
if (status)
1515+
return;
1516+
14981517
cmd.req.arg[1] = BIT_0 | BIT_31;
14991518
} else {
1500-
qlcnic_alloc_mbx_args(&cmd, adapter, QLCNIC_CMD_STOP_NIC_FUNC);
1519+
status = qlcnic_alloc_mbx_args(&cmd, adapter,
1520+
QLCNIC_CMD_STOP_NIC_FUNC);
1521+
if (status)
1522+
return;
1523+
15011524
cmd.req.arg[1] = BIT_0 | BIT_31;
15021525
}
15031526
status = qlcnic_issue_cmd(adapter, &cmd);
@@ -1514,7 +1537,10 @@ int qlcnic_83xx_set_port_config(struct qlcnic_adapter *adapter)
15141537
struct qlcnic_cmd_args cmd;
15151538
int err;
15161539

1517-
qlcnic_alloc_mbx_args(&cmd, adapter, QLCNIC_CMD_SET_PORT_CONFIG);
1540+
err = qlcnic_alloc_mbx_args(&cmd, adapter, QLCNIC_CMD_SET_PORT_CONFIG);
1541+
if (err)
1542+
return err;
1543+
15181544
cmd.req.arg[1] = adapter->ahw->port_config;
15191545
err = qlcnic_issue_cmd(adapter, &cmd);
15201546
if (err)
@@ -1528,7 +1554,10 @@ int qlcnic_83xx_get_port_config(struct qlcnic_adapter *adapter)
15281554
struct qlcnic_cmd_args cmd;
15291555
int err;
15301556

1531-
qlcnic_alloc_mbx_args(&cmd, adapter, QLCNIC_CMD_GET_PORT_CONFIG);
1557+
err = qlcnic_alloc_mbx_args(&cmd, adapter, QLCNIC_CMD_GET_PORT_CONFIG);
1558+
if (err)
1559+
return err;
1560+
15321561
err = qlcnic_issue_cmd(adapter, &cmd);
15331562
if (err)
15341563
dev_info(&adapter->pdev->dev, "Get Port config failed\n");
@@ -1544,7 +1573,10 @@ int qlcnic_83xx_setup_link_event(struct qlcnic_adapter *adapter, int enable)
15441573
u32 temp;
15451574
struct qlcnic_cmd_args cmd;
15461575

1547-
qlcnic_alloc_mbx_args(&cmd, adapter, QLCNIC_CMD_GET_LINK_EVENT);
1576+
err = qlcnic_alloc_mbx_args(&cmd, adapter, QLCNIC_CMD_GET_LINK_EVENT);
1577+
if (err)
1578+
return err;
1579+
15481580
temp = adapter->recv_ctx->context_id << 16;
15491581
cmd.req.arg[1] = (enable ? 1 : 0) | BIT_8 | temp;
15501582
err = qlcnic_issue_cmd(adapter, &cmd);
@@ -1575,7 +1607,11 @@ int qlcnic_83xx_nic_set_promisc(struct qlcnic_adapter *adapter, u32 mode)
15751607
if (adapter->recv_ctx->state == QLCNIC_HOST_CTX_STATE_FREED)
15761608
return -EIO;
15771609

1578-
qlcnic_alloc_mbx_args(&cmd, adapter, QLCNIC_CMD_CONFIGURE_MAC_RX_MODE);
1610+
err = qlcnic_alloc_mbx_args(&cmd, adapter,
1611+
QLCNIC_CMD_CONFIGURE_MAC_RX_MODE);
1612+
if (err)
1613+
return err;
1614+
15791615
qlcnic_83xx_set_interface_id_promisc(adapter, &temp);
15801616
cmd.req.arg[1] = (mode ? 1 : 0) | temp;
15811617
err = qlcnic_issue_cmd(adapter, &cmd);
@@ -1762,7 +1798,11 @@ void qlcnic_83xx_config_ipaddr(struct qlcnic_adapter *adapter, __be32 ip,
17621798
u32 temp = 0, temp_ip;
17631799
struct qlcnic_cmd_args cmd;
17641800

1765-
qlcnic_alloc_mbx_args(&cmd, adapter, QLCNIC_CMD_CONFIGURE_IP_ADDR);
1801+
err = qlcnic_alloc_mbx_args(&cmd, adapter,
1802+
QLCNIC_CMD_CONFIGURE_IP_ADDR);
1803+
if (err)
1804+
return;
1805+
17661806
qlcnic_83xx_set_interface_id_ipaddr(adapter, &temp);
17671807

17681808
if (mode == QLCNIC_IP_UP)
@@ -1801,7 +1841,10 @@ int qlcnic_83xx_config_hw_lro(struct qlcnic_adapter *adapter, int mode)
18011841
if (adapter->recv_ctx->state == QLCNIC_HOST_CTX_STATE_FREED)
18021842
return 0;
18031843

1804-
qlcnic_alloc_mbx_args(&cmd, adapter, QLCNIC_CMD_CONFIGURE_HW_LRO);
1844+
err = qlcnic_alloc_mbx_args(&cmd, adapter, QLCNIC_CMD_CONFIGURE_HW_LRO);
1845+
if (err)
1846+
return err;
1847+
18051848
temp = adapter->recv_ctx->context_id << 16;
18061849
arg1 = lro_bit_mask | temp;
18071850
cmd.req.arg[1] = arg1;
@@ -1823,8 +1866,9 @@ int qlcnic_83xx_config_rss(struct qlcnic_adapter *adapter, int enable)
18231866
0xae7b30b4d0ca2bcbULL, 0x43a38fb04167253dULL,
18241867
0x255b0ec26d5a56daULL };
18251868

1826-
qlcnic_alloc_mbx_args(&cmd, adapter, QLCNIC_CMD_CONFIGURE_RSS);
1827-
1869+
err = qlcnic_alloc_mbx_args(&cmd, adapter, QLCNIC_CMD_CONFIGURE_RSS);
1870+
if (err)
1871+
return err;
18281872
/*
18291873
* RSS request:
18301874
* bits 3-0: Rsvd
@@ -1930,7 +1974,10 @@ int qlcnic_83xx_get_mac_address(struct qlcnic_adapter *adapter, u8 *mac)
19301974
struct qlcnic_cmd_args cmd;
19311975
u32 mac_low, mac_high;
19321976

1933-
qlcnic_alloc_mbx_args(&cmd, adapter, QLCNIC_CMD_MAC_ADDRESS);
1977+
err = qlcnic_alloc_mbx_args(&cmd, adapter, QLCNIC_CMD_MAC_ADDRESS);
1978+
if (err)
1979+
return err;
1980+
19341981
qlcnic_83xx_configure_mac(adapter, mac, QLCNIC_GET_CURRENT_MAC, &cmd);
19351982
err = qlcnic_issue_cmd(adapter, &cmd);
19361983

@@ -1961,7 +2008,10 @@ void qlcnic_83xx_config_intr_coal(struct qlcnic_adapter *adapter)
19612008
if (adapter->recv_ctx->state == QLCNIC_HOST_CTX_STATE_FREED)
19622009
return;
19632010

1964-
qlcnic_alloc_mbx_args(&cmd, adapter, QLCNIC_CMD_CONFIG_INTR_COAL);
2011+
err = qlcnic_alloc_mbx_args(&cmd, adapter, QLCNIC_CMD_CONFIG_INTR_COAL);
2012+
if (err)
2013+
return;
2014+
19652015
if (coal->type == QLCNIC_INTR_COAL_TYPE_RX) {
19662016
temp = adapter->recv_ctx->context_id;
19672017
cmd.req.arg[1] = QLCNIC_INTR_COAL_TYPE_RX | temp << 16;
@@ -2033,7 +2083,10 @@ int qlcnic_enable_eswitch(struct qlcnic_adapter *adapter, u8 port, u8 enable)
20332083
return err;
20342084
}
20352085

2036-
qlcnic_alloc_mbx_args(&cmd, adapter, QLCNIC_CMD_TOGGLE_ESWITCH);
2086+
err = qlcnic_alloc_mbx_args(&cmd, adapter, QLCNIC_CMD_TOGGLE_ESWITCH);
2087+
if (err)
2088+
return err;
2089+
20372090
cmd.req.arg[1] = (port & 0xf) | BIT_4;
20382091
err = qlcnic_issue_cmd(adapter, &cmd);
20392092

@@ -2061,7 +2114,10 @@ int qlcnic_83xx_set_nic_info(struct qlcnic_adapter *adapter,
20612114
return err;
20622115
}
20632116

2064-
qlcnic_alloc_mbx_args(&cmd, adapter, QLCNIC_CMD_SET_NIC_INFO);
2117+
err = qlcnic_alloc_mbx_args(&cmd, adapter, QLCNIC_CMD_SET_NIC_INFO);
2118+
if (err)
2119+
return err;
2120+
20652121
cmd.req.arg[1] = (nic->pci_func << 16);
20662122
cmd.req.arg[2] = 0x1 << 16;
20672123
cmd.req.arg[3] = nic->phys_port | (nic->switch_mode << 16);
@@ -2093,7 +2149,10 @@ int qlcnic_83xx_get_nic_info(struct qlcnic_adapter *adapter,
20932149
u8 op = 0;
20942150
struct qlcnic_cmd_args cmd;
20952151

2096-
qlcnic_alloc_mbx_args(&cmd, adapter, QLCNIC_CMD_GET_NIC_INFO);
2152+
err = qlcnic_alloc_mbx_args(&cmd, adapter, QLCNIC_CMD_GET_NIC_INFO);
2153+
if (err)
2154+
return err;
2155+
20972156
if (func_id != adapter->ahw->pci_func) {
20982157
temp = func_id << 16;
20992158
cmd.req.arg[1] = op | BIT_31 | temp;
@@ -2140,7 +2199,10 @@ int qlcnic_83xx_get_pci_info(struct qlcnic_adapter *adapter,
21402199
int i, err = 0, j = 0;
21412200
u32 temp;
21422201

2143-
qlcnic_alloc_mbx_args(&cmd, adapter, QLCNIC_CMD_GET_PCI_INFO);
2202+
err = qlcnic_alloc_mbx_args(&cmd, adapter, QLCNIC_CMD_GET_PCI_INFO);
2203+
if (err)
2204+
return err;
2205+
21442206
err = qlcnic_issue_cmd(adapter, &cmd);
21452207

21462208
ahw->act_pci_func = 0;
@@ -2195,7 +2257,10 @@ int qlcnic_83xx_config_intrpt(struct qlcnic_adapter *adapter, bool op_type)
21952257
struct qlcnic_cmd_args cmd;
21962258

21972259
max_ints = adapter->ahw->num_msix - 1;
2198-
qlcnic_alloc_mbx_args(&cmd, adapter, QLCNIC_CMD_CONFIG_INTRPT);
2260+
err = qlcnic_alloc_mbx_args(&cmd, adapter, QLCNIC_CMD_CONFIG_INTRPT);
2261+
if (err)
2262+
return err;
2263+
21992264
cmd.req.arg[1] = max_ints;
22002265

22012266
if (qlcnic_sriov_vf_check(adapter))
@@ -2823,7 +2888,11 @@ int qlcnic_83xx_test_link(struct qlcnic_adapter *adapter)
28232888
dev_info(&adapter->pdev->dev, "link state down\n");
28242889
return config;
28252890
}
2826-
qlcnic_alloc_mbx_args(&cmd, adapter, QLCNIC_CMD_GET_LINK_STATUS);
2891+
2892+
err = qlcnic_alloc_mbx_args(&cmd, adapter, QLCNIC_CMD_GET_LINK_STATUS);
2893+
if (err)
2894+
return err;
2895+
28272896
err = qlcnic_issue_cmd(adapter, &cmd);
28282897
if (err) {
28292898
dev_info(&adapter->pdev->dev,
@@ -3049,7 +3118,9 @@ void qlcnic_83xx_get_stats(struct qlcnic_adapter *adapter, u64 *data)
30493118
struct net_device *netdev = adapter->netdev;
30503119
int ret = 0;
30513120

3052-
qlcnic_alloc_mbx_args(&cmd, adapter, QLCNIC_CMD_GET_STATISTICS);
3121+
ret = qlcnic_alloc_mbx_args(&cmd, adapter, QLCNIC_CMD_GET_STATISTICS);
3122+
if (ret)
3123+
return;
30533124
/* Get Tx stats */
30543125
cmd.req.arg[1] = BIT_1 | (adapter->tx_ring->ctx_id << 16);
30553126
cmd.rsp.num = QLC_83XX_TX_STAT_REGS;
@@ -3139,7 +3210,9 @@ int qlcnic_83xx_interrupt_test(struct net_device *netdev)
31393210
goto fail_diag_irq;
31403211

31413212
ahw->diag_cnt = 0;
3142-
qlcnic_alloc_mbx_args(&cmd, adapter, QLCNIC_CMD_INTRPT_TEST);
3213+
ret = qlcnic_alloc_mbx_args(&cmd, adapter, QLCNIC_CMD_INTRPT_TEST);
3214+
if (ret)
3215+
goto fail_diag_irq;
31433216

31443217
if (adapter->flags & QLCNIC_MSIX_ENABLED)
31453218
intrpt_id = ahw->intr_tbl[0].id;

drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2083,7 +2083,11 @@ static void qlcnic_83xx_clear_function_resources(struct qlcnic_adapter *adapter)
20832083
audit_mask = QLCRDX(adapter->ahw, QLC_83XX_IDC_DRV_AUDIT);
20842084

20852085
if (IS_QLC_83XX_USED(adapter, presence_mask, audit_mask)) {
2086-
qlcnic_alloc_mbx_args(&cmd, adapter, QLCNIC_CMD_STOP_NIC_FUNC);
2086+
status = qlcnic_alloc_mbx_args(&cmd, adapter,
2087+
QLCNIC_CMD_STOP_NIC_FUNC);
2088+
if (status)
2089+
return;
2090+
20872091
cmd.req.arg[1] = BIT_31;
20882092
status = qlcnic_issue_cmd(adapter, &cmd);
20892093
if (status)

0 commit comments

Comments
 (0)