As the memory allocated by kcalloc has not been set to zero, it may
contain uninitialized pointers.
Therefore, free the non-NULL pointers may cause undefined behaviour.
Fixes: 5574cb2194b1 ("habanalabs: Assign each CQ with its own work queue")
Signed-off-by: Jiasheng Jiang <[email protected]>
---
drivers/misc/habanalabs/common/device.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/misc/habanalabs/common/device.c b/drivers/misc/habanalabs/common/device.c
index 87ab329e65d4..dc6fcb9cca7a 100644
--- a/drivers/misc/habanalabs/common/device.c
+++ b/drivers/misc/habanalabs/common/device.c
@@ -901,9 +901,8 @@ static int device_early_init(struct hl_device *hdev)
free_eq_wq:
destroy_workqueue(hdev->eq_wq);
free_cq_wq:
- for (i = 0 ; i < hdev->asic_prop.completion_queues_count ; i++)
- if (hdev->cq_wq[i])
- destroy_workqueue(hdev->cq_wq[i]);
+ while (i--)
+ destroy_workqueue(hdev->cq_wq[i]);
kfree(hdev->cq_wq);
asid_fini:
hl_asid_fini(hdev);
--
2.25.1
On Wed, Feb 8, 2023, at 08:05, Jiasheng Jiang wrote:
> As the memory allocated by kcalloc has not been set to zero, it may
> contain uninitialized pointers.
> Therefore, free the non-NULL pointers may cause undefined behaviour.
>
> Fixes: 5574cb2194b1 ("habanalabs: Assign each CQ with its own work queue")
> Signed-off-by: Jiasheng Jiang <[email protected]>
Did you run into a bug here or find that by inspection?
kcalloc() is definitely meant to return zeroed memory, so I don't see
a bug here:
static inline __alloc_size(1, 2) void *kcalloc(size_t n, size_t size, gfp_t flags)
{
return kmalloc_array(n, size, flags | __GFP_ZERO);
}
Arnd