Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1424275AbdDUS4F (ORCPT ); Fri, 21 Apr 2017 14:56:05 -0400 Received: from mout.web.de ([212.227.15.14]:61682 "EHLO mout.web.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1424164AbdDUS4B (ORCPT ); Fri, 21 Apr 2017 14:56:01 -0400 Subject: [PATCH v2 17/17] IB/mlx5: Less function calls in create_kernel_qp() after error detection From: SF Markus Elfring To: Doug Ledford , Hal Rosenstock , Leon Romanovsky , Majd Dibbiny , Matan Barak , Sean Hefty , Yishai Hadas , linux-rdma@vger.kernel.org Cc: LKML , kernel-janitors@vger.kernel.org References: <1935365a-bd7c-461e-6a84-0c5d3a501fff@users.sourceforge.net> <1492720654.3041.16.camel@redhat.com> Message-ID: <6a9ba778-b496-fd09-2fec-c36ba036bf3c@users.sourceforge.net> Date: Fri, 21 Apr 2017 20:55:33 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.0.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-GB Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K0:HqCbirijkU+OMyinvw960/1k/cvqq6z9OjzMeyeevSV5XFQxH5g csLLXpYFwYC2uA51HeOkgtWsl7uDcN8536GyG2kkaocxyNaoe3j2B5YedDEU+nLXkJQQGDJ HJ+dUv686c8eXXwnEe7bw8fQ2gtSB7V85J4Lul2uERyuHCutMP9t50gntUm2PG3cZwOj0kJ YK+fqwn9CSlOrveka7stg== X-UI-Out-Filterresults: notjunk:1;V01:K0:sckcSnBe2/o=:z6huNBI7tzX2VTCR+7MZ80 nSehQPgkxwkwoDWum1/hKjivUHVx/pNOJotHDEUp/lZxJtFM4keB+H8uzyAWQgDgIk5Xt+EeJ TaNUD248/T1av7QJN0LM45260wNaLM8ztKWeNBW60oafU9Y+1so5CFm+LtThB+4RF6iMhKe09 8lVla8mkj2X4OqaNDM+PneXhJeQsUEVFIbumMLzHhLCIpoIJa4TEQxAZtaiyEfmhLGuG5vMUa z32nr87KOi68ZaO5NRln96f9UccbKqcpLftVYe3WSNawvcxAZfobQJCMoAmRR2HJvRGJk8pHY eryrdRQBZVOmwdo0aWDp8wpFjs1FoWuwXLr8H8R4rGjAEtqQz5wojZMKp276IdQcf9Mex6q9k uStSHOvFWSJi4bjKAUs9HfJzO/IPt3yiU3q3rXk+NfWrqJ9whdgowXxo3SGjcr1QpRhiMplz0 qv3kb2D18a8+ERB6LAEd/2iH7qTr7ouSPrFdZjTMWh1hupZDGhuBlUWzgaIJLQA2jPwYKq8k0 vjG/ZMGJsVC6onFi0x6cRsmtWhVFueP3z3jBMSPV6tTWr8oZ5pQQK3aBC8wBn/IjW7jdzDK1c dpPo49w7XdefAN4tId8+fJVolIVAtjGuU93d/WQQq7r/aCSgwZLVe9x8e3zKiZEseMVwye919 +N7KNrYcezLsV99HgUIF94oaENSwUrd8lenf6Ryt8Nd5pT3lGZQ3S7N9OeSkGP32uzaTNXhDU 48Uu4TFBfn0uIfxbGoq4NzTfjb409jTvWb3mGRCLIBdPlW9JOMUx/2XPYvMVxpARuRmiG8mqS zIVbhWF Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2844 Lines: 108 From: Markus Elfring Date: Fri, 21 Apr 2017 19:19:20 +0200 The kfree() function was called in up to five cases by the create_kernel_qp() function during error handling even if the passed data structure member contained a null pointer. * Adjust jump targets according to the Linux coding style convention. * Split a condition check for memory allocation failures so that each pointer from these function calls will be checked immediately. See also background information: Topic "CWE-754: Improper check for unusual or exceptional conditions" Link: https://cwe.mitre.org/data/definitions/754.html Signed-off-by: Markus Elfring --- drivers/infiniband/hw/mlx5/qp.c | 43 ++++++++++++++++++++++++++--------------- 1 file changed, 27 insertions(+), 16 deletions(-) diff --git a/drivers/infiniband/hw/mlx5/qp.c b/drivers/infiniband/hw/mlx5/qp.c index 1e98a8c9fab8..c7bfa8ffaf0d 100644 --- a/drivers/infiniband/hw/mlx5/qp.c +++ b/drivers/infiniband/hw/mlx5/qp.c @@ -934,7 +934,7 @@ static int create_kernel_qp(struct mlx5_ib_dev *dev, *in = mlx5_vzalloc(*inlen); if (!*in) { err = -ENOMEM; - goto err_buf; + goto free_buffer; } qpc = MLX5_ADDR_OF(create_qp_in, *in, qpc); @@ -956,45 +956,56 @@ static int create_kernel_qp(struct mlx5_ib_dev *dev, err = mlx5_db_alloc(dev->mdev, &qp->db); if (err) { mlx5_ib_dbg(dev, "err %d\n", err); - goto err_free; + goto vfree_in; } qp->sq.wrid = kmalloc_array(qp->sq.wqe_cnt, sizeof(*qp->sq.wrid), GFP_KERNEL); + if (!qp->sq.wrid) + goto free_db; + qp->sq.wr_data = kmalloc_array(qp->sq.wqe_cnt, sizeof(*qp->sq.wr_data), GFP_KERNEL); + if (!qp->sq.wr_data) + goto free_sq_wrid; + qp->rq.wrid = kmalloc_array(qp->rq.wqe_cnt, sizeof(*qp->rq.wrid), GFP_KERNEL); + if (!qp->rq.wrid) + goto free_sq_wr_data; + qp->sq.w_list = kmalloc_array(qp->sq.wqe_cnt, sizeof(*qp->sq.w_list), GFP_KERNEL); + if (!qp->sq.w_list) + goto free_rq_wrid; + qp->sq.wqe_head = kmalloc_array(qp->sq.wqe_cnt, sizeof(*qp->sq.wqe_head), GFP_KERNEL); - if (!qp->sq.wrid || !qp->sq.wr_data || !qp->rq.wrid || - !qp->sq.w_list || !qp->sq.wqe_head) { - err = -ENOMEM; - goto err_wrid; - } + if (!qp->sq.wqe_head) + goto free_sq_w_list; + qp->create_type = MLX5_QP_KERNEL; return 0; - -err_wrid: - kfree(qp->sq.wqe_head); +free_sq_w_list: kfree(qp->sq.w_list); - kfree(qp->sq.wrid); - kfree(qp->sq.wr_data); +free_rq_wrid: kfree(qp->rq.wrid); +free_sq_wr_data: + kfree(qp->sq.wr_data); +free_sq_wrid: + kfree(qp->sq.wrid); +free_db: mlx5_db_free(dev->mdev, &qp->db); - -err_free: + err = -ENOMEM; +vfree_in: kvfree(*in); - -err_buf: +free_buffer: mlx5_buf_free(dev->mdev, &qp->buf); return err; } -- 2.12.2