common/cnxk: fix null pointer dereferences

author Nithin Dabilpuram <ndabilpuram@marvell.com>

Fri, 21 Jan 2022 12:04:20 +0000 (17:34 +0530)

committer Jerin Jacob <jerinj@marvell.com>

Sun, 23 Jan 2022 07:43:07 +0000 (08:43 +0100)
author Nithin Dabilpuram <ndabilpuram@marvell.com>
Fri, 21 Jan 2022 12:04:20 +0000 (17:34 +0530)
committer Jerin Jacob <jerinj@marvell.com>
Sun, 23 Jan 2022 07:43:07 +0000 (08:43 +0100)
diff --git a/drivers/common/cnxk/roc_cpt.c b/drivers/common/cnxk/roc_cpt.c

index 1bc7a29ef95f0715b59362e7d18a29d26bfda3d0..3f3d28196b815c03cff94f5b80c56b506959edad 100644 (file)
--- a/drivers/common/cnxk/roc_cpt.c
+++ b/drivers/common/cnxk/roc_cpt.c
@@ -385,6 +385,9 @@ cpt_lfs_alloc(struct dev *dev, uint8_t eng_grpmsk, uint8_t blkaddr,
                 return -EINVAL;
  
         req = mbox_alloc_msg_cpt_lf_alloc(mbox);
+       if (!req)
+               return -ENOSPC;
+
         req->nix_pf_func = 0;
         if (inl_dev_sso && nix_inl_dev_pffunc_get())
                 req->sso_pf_func = nix_inl_dev_pffunc_get();
diff --git a/drivers/common/cnxk/roc_dev.c b/drivers/common/cnxk/roc_dev.c

index 926a916e44767a4a9be4afc7db2c59651626e812..0ac50cab59619a7282a3593b75cfd27d89921873 100644 (file)
--- a/drivers/common/cnxk/roc_dev.c
+++ b/drivers/common/cnxk/roc_dev.c
@@ -152,6 +152,11 @@ af_pf_wait_msg(struct dev *dev, uint16_t vf, int num_msg)
                 /* Reserve PF/VF mbox message */
                 size = PLT_ALIGN(size, MBOX_MSG_ALIGN);
                 rsp = mbox_alloc_msg(&dev->mbox_vfpf, vf, size);
+               if (!rsp) {
+                       plt_err("Failed to reserve VF%d message", vf);
+                       continue;
+               }
+
                 mbox_rsp_init(msg->id, rsp);
  
                 /* Copy message from AF<->PF mbox to PF<->VF mbox */
@@ -236,6 +241,12 @@ vf_pf_process_msgs(struct dev *dev, uint16_t vf)
                                 BIT_ULL(vf % max_bits);
                         rsp = (struct ready_msg_rsp *)mbox_alloc_msg(
                                 mbox, vf, sizeof(*rsp));
+                       if (!rsp) {
+                               plt_err("Failed to alloc VF%d READY message",
+                                       vf);
+                               continue;
+                       }
+
                         mbox_rsp_init(msg->id, rsp);
  
                         /* PF/VF function ID */
@@ -988,6 +999,9 @@ dev_setup_shared_lmt_region(struct mbox *mbox, bool valid_iova, uint64_t iova)
         struct lmtst_tbl_setup_req *req;
  
         req = mbox_alloc_msg_lmtst_tbl_setup(mbox);
+       if (!req)
+               return -ENOSPC;
+
         /* This pcifunc is defined with primary pcifunc whose LMT address
          * will be shared. If call contains valid IOVA, following pcifunc
          * field is of no use.
@@ -1061,6 +1075,11 @@ dev_lmt_setup(struct dev *dev)
          */
         if (!dev->disable_shared_lmt) {
                 idev = idev_get_cfg();
+               if (!idev) {
+                       errno = EFAULT;
+                       goto free;
+               }
+
                 if (!__atomic_load_n(&idev->lmt_pf_func, __ATOMIC_ACQUIRE)) {
                         idev->lmt_base_addr = dev->lmt_base;
                         idev->lmt_pf_func = dev->pf_func;
diff --git a/drivers/common/cnxk/roc_nix_debug.c b/drivers/common/cnxk/roc_nix_debug.c

index 5886650d6e4cd7316002e142bd2e1e3fd81f4387..583e2e43c85cb93d18c7676b0c8f6f52f2e0be10 100644 (file)
--- a/drivers/common/cnxk/roc_nix_debug.c
+++ b/drivers/common/cnxk/roc_nix_debug.c
@@ -323,6 +323,9 @@ nix_q_ctx_get(struct dev *dev, uint8_t ctype, uint16_t qid, __io void **ctx_p)
                 int rc;
  
                 aq = mbox_alloc_msg_nix_aq_enq(mbox);
+               if (!aq)
+                       return -ENOSPC;
+
                 aq->qidx = qid;
                 aq->ctype = ctype;
                 aq->op = NIX_AQ_INSTOP_READ;
@@ -341,6 +344,9 @@ nix_q_ctx_get(struct dev *dev, uint8_t ctype, uint16_t qid, __io void **ctx_p)
                 struct nix_cn10k_aq_enq_req *aq;
  
                 aq = mbox_alloc_msg_nix_cn10k_aq_enq(mbox);
+               if (!aq)
+                       return -ENOSPC;
+
                 aq->qidx = qid;
                 aq->ctype = ctype;
                 aq->op = NIX_AQ_INSTOP_READ;
diff --git a/drivers/common/cnxk/roc_nix_fc.c b/drivers/common/cnxk/roc_nix_fc.c

index ca29cd2bf9638f20fc319c659a62f671b425372b..d31137188eec2aace529f5cbbaf126c17fe69831 100644 (file)
--- a/drivers/common/cnxk/roc_nix_fc.c
+++ b/drivers/common/cnxk/roc_nix_fc.c
@@ -113,6 +113,9 @@ nix_fc_cq_config_get(struct roc_nix *roc_nix, struct roc_nix_fc_cfg *fc_cfg)
                 struct nix_aq_enq_req *aq;
  
                 aq = mbox_alloc_msg_nix_aq_enq(mbox);
+               if (!aq)
+                       return -ENOSPC;
+
                 aq->qidx = fc_cfg->cq_cfg.rq;
                 aq->ctype = NIX_AQ_CTYPE_CQ;
                 aq->op = NIX_AQ_INSTOP_READ;
@@ -120,6 +123,9 @@ nix_fc_cq_config_get(struct roc_nix *roc_nix, struct roc_nix_fc_cfg *fc_cfg)
                 struct nix_cn10k_aq_enq_req *aq;
  
                 aq = mbox_alloc_msg_nix_cn10k_aq_enq(mbox);
+               if (!aq)
+                       return -ENOSPC;
+
                 aq->qidx = fc_cfg->cq_cfg.rq;
                 aq->ctype = NIX_AQ_CTYPE_CQ;
                 aq->op = NIX_AQ_INSTOP_READ;
@@ -147,6 +153,9 @@ nix_fc_cq_config_set(struct roc_nix *roc_nix, struct roc_nix_fc_cfg *fc_cfg)
                 struct nix_aq_enq_req *aq;
  
                 aq = mbox_alloc_msg_nix_aq_enq(mbox);
+               if (!aq)
+                       return -ENOSPC;
+
                 aq->qidx = fc_cfg->cq_cfg.rq;
                 aq->ctype = NIX_AQ_CTYPE_CQ;
                 aq->op = NIX_AQ_INSTOP_WRITE;
@@ -164,6 +173,9 @@ nix_fc_cq_config_set(struct roc_nix *roc_nix, struct roc_nix_fc_cfg *fc_cfg)
                 struct nix_cn10k_aq_enq_req *aq;
  
                 aq = mbox_alloc_msg_nix_cn10k_aq_enq(mbox);
+               if (!aq)
+                       return -ENOSPC;
+
                 aq->qidx = fc_cfg->cq_cfg.rq;
                 aq->ctype = NIX_AQ_CTYPE_CQ;
                 aq->op = NIX_AQ_INSTOP_WRITE;
diff --git a/drivers/common/cnxk/roc_nix_queue.c b/drivers/common/cnxk/roc_nix_queue.c

index e8b42ed6be7316b74dbf0f7ef002862db92b9484..a283d96a01203f810ac8998116ea1e7007f0666f 100644 (file)
--- a/drivers/common/cnxk/roc_nix_queue.c
+++ b/drivers/common/cnxk/roc_nix_queue.c
@@ -54,6 +54,9 @@ nix_rq_ena_dis(struct dev *dev, struct roc_nix_rq *rq, bool enable)
                 struct nix_aq_enq_req *aq;
  
                 aq = mbox_alloc_msg_nix_aq_enq(mbox);
+               if (!aq)
+                       return -ENOSPC;
+
                 aq->qidx = rq->qid;
                 aq->ctype = NIX_AQ_CTYPE_RQ;
                 aq->op = NIX_AQ_INSTOP_WRITE;
@@ -64,6 +67,9 @@ nix_rq_ena_dis(struct dev *dev, struct roc_nix_rq *rq, bool enable)
                 struct nix_cn10k_aq_enq_req *aq;
  
                 aq = mbox_alloc_msg_nix_cn10k_aq_enq(mbox);
+               if (!aq)
+                       return -ENOSPC;
+
                 aq->qidx = rq->qid;
                 aq->ctype = NIX_AQ_CTYPE_RQ;
                 aq->op = NIX_AQ_INSTOP_WRITE;
@@ -95,6 +101,9 @@ nix_rq_cn9k_cfg(struct dev *dev, struct roc_nix_rq *rq, uint16_t qints,
         struct nix_aq_enq_req *aq;
  
         aq = mbox_alloc_msg_nix_aq_enq(mbox);
+       if (!aq)
+               return -ENOSPC;
+
         aq->qidx = rq->qid;
         aq->ctype = NIX_AQ_CTYPE_RQ;
         aq->op = cfg ? NIX_AQ_INSTOP_WRITE : NIX_AQ_INSTOP_INIT;
@@ -210,6 +219,9 @@ nix_rq_cfg(struct dev *dev, struct roc_nix_rq *rq, uint16_t qints, bool cfg,
         struct mbox *mbox = dev->mbox;
  
         aq = mbox_alloc_msg_nix_cn10k_aq_enq(mbox);
+       if (!aq)
+               return -ENOSPC;
+
         aq->qidx = rq->qid;
         aq->ctype = NIX_AQ_CTYPE_RQ;
         aq->op = cfg ? NIX_AQ_INSTOP_WRITE : NIX_AQ_INSTOP_INIT;
@@ -478,6 +490,9 @@ roc_nix_cq_init(struct roc_nix *roc_nix, struct roc_nix_cq *cq)
                 struct nix_aq_enq_req *aq;
  
                 aq = mbox_alloc_msg_nix_aq_enq(mbox);
+               if (!aq)
+                       return -ENOSPC;
+
                 aq->qidx = cq->qid;
                 aq->ctype = NIX_AQ_CTYPE_CQ;
                 aq->op = NIX_AQ_INSTOP_INIT;
@@ -486,6 +501,9 @@ roc_nix_cq_init(struct roc_nix *roc_nix, struct roc_nix_cq *cq)
                 struct nix_cn10k_aq_enq_req *aq;
  
                 aq = mbox_alloc_msg_nix_cn10k_aq_enq(mbox);
+               if (!aq)
+                       return -ENOSPC;
+
                 aq->qidx = cq->qid;
                 aq->ctype = NIX_AQ_CTYPE_CQ;
                 aq->op = NIX_AQ_INSTOP_INIT;
@@ -562,6 +580,9 @@ roc_nix_cq_fini(struct roc_nix_cq *cq)
                 struct nix_aq_enq_req *aq;
  
                 aq = mbox_alloc_msg_nix_aq_enq(mbox);
+               if (!aq)
+                       return -ENOSPC;
+
                 aq->qidx = cq->qid;
                 aq->ctype = NIX_AQ_CTYPE_CQ;
                 aq->op = NIX_AQ_INSTOP_WRITE;
@@ -573,6 +594,9 @@ roc_nix_cq_fini(struct roc_nix_cq *cq)
                 struct nix_cn10k_aq_enq_req *aq;
  
                 aq = mbox_alloc_msg_nix_cn10k_aq_enq(mbox);
+               if (!aq)
+                       return -ENOSPC;
+
                 aq->qidx = cq->qid;
                 aq->ctype = NIX_AQ_CTYPE_CQ;
                 aq->op = NIX_AQ_INSTOP_WRITE;
@@ -674,7 +698,7 @@ fail:
         return rc;
  }
  
-static void
+static int
  sq_cn9k_init(struct nix *nix, struct roc_nix_sq *sq, uint32_t rr_quantum,
              uint16_t smq)
  {
@@ -682,6 +706,9 @@ sq_cn9k_init(struct nix *nix, struct roc_nix_sq *sq, uint32_t rr_quantum,
         struct nix_aq_enq_req *aq;
  
         aq = mbox_alloc_msg_nix_aq_enq(mbox);
+       if (!aq)
+               return -ENOSPC;
+
         aq->qidx = sq->qid;
         aq->ctype = NIX_AQ_CTYPE_SQ;
         aq->op = NIX_AQ_INSTOP_INIT;
@@ -710,6 +737,7 @@ sq_cn9k_init(struct nix *nix, struct roc_nix_sq *sq, uint32_t rr_quantum,
          * might result in software missing the interrupt.
          */
         aq->sq.qint_idx = 0;
+       return 0;
  }
  
  static int
@@ -723,6 +751,9 @@ sq_cn9k_fini(struct nix *nix, struct roc_nix_sq *sq)
         int rc, count;
  
         aq = mbox_alloc_msg_nix_aq_enq(mbox);
+       if (!aq)
+               return -ENOSPC;
+
         aq->qidx = sq->qid;
         aq->ctype = NIX_AQ_CTYPE_SQ;
         aq->op = NIX_AQ_INSTOP_READ;
@@ -736,6 +767,9 @@ sq_cn9k_fini(struct nix *nix, struct roc_nix_sq *sq)
  
         /* Disable sq */
         aq = mbox_alloc_msg_nix_aq_enq(mbox);
+       if (!aq)
+               return -ENOSPC;
+
         aq->qidx = sq->qid;
         aq->ctype = NIX_AQ_CTYPE_SQ;
         aq->op = NIX_AQ_INSTOP_WRITE;
@@ -747,6 +781,9 @@ sq_cn9k_fini(struct nix *nix, struct roc_nix_sq *sq)
  
         /* Read SQ and free sqb's */
         aq = mbox_alloc_msg_nix_aq_enq(mbox);
+       if (!aq)
+               return -ENOSPC;
+
         aq->qidx = sq->qid;
         aq->ctype = NIX_AQ_CTYPE_SQ;
         aq->op = NIX_AQ_INSTOP_READ;
@@ -778,7 +815,7 @@ sq_cn9k_fini(struct nix *nix, struct roc_nix_sq *sq)
         return 0;
  }
  
-static void
+static int
  sq_init(struct nix *nix, struct roc_nix_sq *sq, uint32_t rr_quantum,
         uint16_t smq)
  {
@@ -786,6 +823,9 @@ sq_init(struct nix *nix, struct roc_nix_sq *sq, uint32_t rr_quantum,
         struct nix_cn10k_aq_enq_req *aq;
  
         aq = mbox_alloc_msg_nix_cn10k_aq_enq(mbox);
+       if (!aq)
+               return -ENOSPC;
+
         aq->qidx = sq->qid;
         aq->ctype = NIX_AQ_CTYPE_SQ;
         aq->op = NIX_AQ_INSTOP_INIT;
@@ -813,6 +853,7 @@ sq_init(struct nix *nix, struct roc_nix_sq *sq, uint32_t rr_quantum,
          * might result in software missing the interrupt.
          */
         aq->sq.qint_idx = 0;
+       return 0;
  }
  
  static int
@@ -826,6 +867,9 @@ sq_fini(struct nix *nix, struct roc_nix_sq *sq)
         int rc, count;
  
         aq = mbox_alloc_msg_nix_cn10k_aq_enq(mbox);
+       if (!aq)
+               return -ENOSPC;
+
         aq->qidx = sq->qid;
         aq->ctype = NIX_AQ_CTYPE_SQ;
         aq->op = NIX_AQ_INSTOP_READ;
@@ -839,6 +883,9 @@ sq_fini(struct nix *nix, struct roc_nix_sq *sq)
  
         /* Disable sq */
         aq = mbox_alloc_msg_nix_cn10k_aq_enq(mbox);
+       if (!aq)
+               return -ENOSPC;
+
         aq->qidx = sq->qid;
         aq->ctype = NIX_AQ_CTYPE_SQ;
         aq->op = NIX_AQ_INSTOP_WRITE;
@@ -850,6 +897,9 @@ sq_fini(struct nix *nix, struct roc_nix_sq *sq)
  
         /* Read SQ and free sqb's */
         aq = mbox_alloc_msg_nix_cn10k_aq_enq(mbox);
+       if (!aq)
+               return -ENOSPC;
+
         aq->qidx = sq->qid;
         aq->ctype = NIX_AQ_CTYPE_SQ;
         aq->op = NIX_AQ_INSTOP_READ;
@@ -920,9 +970,12 @@ roc_nix_sq_init(struct roc_nix *roc_nix, struct roc_nix_sq *sq)
  
         /* Init SQ context */
         if (roc_model_is_cn9k())
-               sq_cn9k_init(nix, sq, rr_quantum, smq);
+               rc = sq_cn9k_init(nix, sq, rr_quantum, smq);
         else
-               sq_init(nix, sq, rr_quantum, smq);
+               rc = sq_init(nix, sq, rr_quantum, smq);
+
+       if (rc)
+               goto nomem;
  
         rc = mbox_process(mbox);
         if (rc)
diff --git a/drivers/common/cnxk/roc_nix_stats.c b/drivers/common/cnxk/roc_nix_stats.c

index c50c8fa6293cda546eb242e5c9fdf356c2d2b301..756111fb1c2c472e63464291ffdc7fd0ccd04686 100644 (file)
--- a/drivers/common/cnxk/roc_nix_stats.c
+++ b/drivers/common/cnxk/roc_nix_stats.c
@@ -124,6 +124,9 @@ nix_stat_rx_queue_reset(struct nix *nix, uint16_t qid)
                 struct nix_aq_enq_req *aq;
  
                 aq = mbox_alloc_msg_nix_aq_enq(mbox);
+               if (!aq)
+                       return -ENOSPC;
+
                 aq->qidx = qid;
                 aq->ctype = NIX_AQ_CTYPE_RQ;
                 aq->op = NIX_AQ_INSTOP_WRITE;
@@ -143,6 +146,9 @@ nix_stat_rx_queue_reset(struct nix *nix, uint16_t qid)
                 struct nix_cn10k_aq_enq_req *aq;
  
                 aq = mbox_alloc_msg_nix_cn10k_aq_enq(mbox);
+               if (!aq)
+                       return -ENOSPC;
+
                 aq->qidx = qid;
                 aq->ctype = NIX_AQ_CTYPE_RQ;
                 aq->op = NIX_AQ_INSTOP_WRITE;
@@ -174,6 +180,9 @@ nix_stat_tx_queue_reset(struct nix *nix, uint16_t qid)
                 struct nix_aq_enq_req *aq;
  
                 aq = mbox_alloc_msg_nix_aq_enq(mbox);
+               if (!aq)
+                       return -ENOSPC;
+
                 aq->qidx = qid;
                 aq->ctype = NIX_AQ_CTYPE_SQ;
                 aq->op = NIX_AQ_INSTOP_WRITE;
@@ -190,6 +199,9 @@ nix_stat_tx_queue_reset(struct nix *nix, uint16_t qid)
                 struct nix_cn10k_aq_enq_req *aq;
  
                 aq = mbox_alloc_msg_nix_cn10k_aq_enq(mbox);
+               if (!aq)
+                       return -ENOSPC;
+
                 aq->qidx = qid;
                 aq->ctype = NIX_AQ_CTYPE_SQ;
                 aq->op = NIX_AQ_INSTOP_WRITE;
@@ -295,6 +307,9 @@ roc_nix_xstats_get(struct roc_nix *roc_nix, struct roc_nix_xstat *xstats,
  
         if (roc_model_is_cn9k()) {
                 req = mbox_alloc_msg_cgx_stats(mbox);
+               if (!req)
+                       return -ENOSPC;
+
                 req->hdr.pcifunc = roc_nix_get_pf_func(roc_nix);
  
                 rc = mbox_process_msg(mbox, (void *)&cgx_resp);
@@ -316,6 +331,9 @@ roc_nix_xstats_get(struct roc_nix *roc_nix, struct roc_nix_xstat *xstats,
                 }
         } else {
                 req = mbox_alloc_msg_rpm_stats(mbox);
+               if (!req)
+                       return -ENOSPC;
+
                 req->hdr.pcifunc = roc_nix_get_pf_func(roc_nix);
  
                 rc = mbox_process_msg(mbox, (void *)&rpm_resp);
diff --git a/drivers/common/cnxk/roc_nix_tm.c b/drivers/common/cnxk/roc_nix_tm.c

index fe9e83fe1e2d3e234ab4768b17dabcc3ac4f7501..3b38cc087bb9105c6cdfa9d27c9c373a0a86677f 100644 (file)
--- a/drivers/common/cnxk/roc_nix_tm.c
+++ b/drivers/common/cnxk/roc_nix_tm.c
@@ -766,6 +766,9 @@ nix_tm_sq_sched_conf(struct nix *nix, struct nix_tm_node *node,
                 struct nix_aq_enq_req *aq;
  
                 aq = mbox_alloc_msg_nix_aq_enq(mbox);
+               if (!aq)
+                       return -ENOSPC;
+
                 aq->qidx = qid;
                 aq->ctype = NIX_AQ_CTYPE_SQ;
                 aq->op = NIX_AQ_INSTOP_WRITE;
@@ -781,6 +784,9 @@ nix_tm_sq_sched_conf(struct nix *nix, struct nix_tm_node *node,
                 struct nix_cn10k_aq_enq_req *aq;
  
                 aq = mbox_alloc_msg_nix_cn10k_aq_enq(mbox);
+               if (!aq)
+                       return -ENOSPC;
+
                 aq->qidx = qid;
                 aq->ctype = NIX_AQ_CTYPE_SQ;
                 aq->op = NIX_AQ_INSTOP_WRITE;
author	Nithin Dabilpuram <ndabilpuram@marvell.com>
	Fri, 21 Jan 2022 12:04:20 +0000 (17:34 +0530)
committer	Jerin Jacob <jerinj@marvell.com>
	Sun, 23 Jan 2022 07:43:07 +0000 (08:43 +0100)
drivers/common/cnxk/roc_cpt.c		patch \| blob \| history
drivers/common/cnxk/roc_dev.c		patch \| blob \| history
drivers/common/cnxk/roc_nix_debug.c		patch \| blob \| history
drivers/common/cnxk/roc_nix_fc.c		patch \| blob \| history
drivers/common/cnxk/roc_nix_queue.c		patch \| blob \| history
drivers/common/cnxk/roc_nix_stats.c		patch \| blob \| history
drivers/common/cnxk/roc_nix_tm.c		patch \| blob \| history