Re: [PATCH] rdma: infiniband: Added __alloc_cq request value Return value non-zero value determination

[Jason Gunthorpe]

On Tue, May 26, 2026 at 05:18:16PM +0800, luoqing wrote:
> From: luoqing <luoqing@xxxxxxxxxx>
> 
> Currently, when __alloc_cq allocates memory for an InfiniBand Completion Queue (ib_cq) object,
> it uses memory allocation functions that may not guarantee zero-initialization under certain error paths or memory pressure conditions.
> If the allocated ib_cq object contains non-zero garbage data due to incomplete initialization,
> the function may return a non-NULL pointer even though the object is not in a valid state. This can lead to undefined behavior,
> memory corruption, and potential kernel crashes when the driver subsequently accesses uninitialized fields.
> 
> This patch adds explicit validation to ensure that the allocated ib_cq object is properly zeroed before being considered valid.
> If the object fails the zero-check (i.e., contains non-zero bytes beyond expected initialized fields),
> the function returns an error code (e.g., -ENOMEM or -EINVAL), logs a warning message, and prevents further usage of the corrupted CQ.
> 
> Signed-off-by: luoqing <luoqing@xxxxxxxxxx>
> ---
>  drivers/infiniband/core/cq.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/infiniband/core/cq.c b/drivers/infiniband/core/cq.c
> index 3d7b6cddd131..756bc33c850d 100644
> --- a/drivers/infiniband/core/cq.c
> +++ b/drivers/infiniband/core/cq.c
> @@ -224,7 +224,7 @@ struct ib_cq *__ib_alloc_cq(struct ib_device *dev, void *private, int nr_cqe,
>  		return ERR_PTR(-EINVAL);
>  
>  	cq = rdma_zalloc_drv_obj(dev, ib_cq);
> -	if (!cq)
> +	if (unlikely(ZERO_OR_NULL_PTR(cq)))
>  		return ERR_PTR(ret);

Wow, this entire report is unintelligible.

ZERO_OR_NULL_PTR() has nothing to do with the memory contents.

Jason