mv643xx_eth: Allocate receive queue initialized to zero

Zero pointer in rx_skb is how respective rxq_deinit() finds out out that a skb
slot is unallocated. If rxq_refill() fails (e.g. on OOM condition), subsequent
teardown would result in an attempt to kfree() invalid pointers.

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Cc: Lennert Buytenhek <buytenh@wantstofly.org>
Cc: netdev@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/drivers/net/ethernet/marvell/mv643xx_eth.c b/drivers/net/ethernet/marvell/mv643xx_eth.c
index 2ad1494..d1cbfb1 100644 (file)
--- a/drivers/net/ethernet/marvell/mv643xx_eth.c
+++ b/drivers/net/ethernet/marvell/mv643xx_eth.c
@@ -1757,7 +1757,7 @@ static int rxq_init(struct mv643xx_eth_private *mp, int index)
        memset(rxq->rx_desc_area, 0, size);
 
        rxq->rx_desc_area_size = size;
-       rxq->rx_skb = kmalloc_array(rxq->rx_ring_size, sizeof(*rxq->rx_skb),
+       rxq->rx_skb = kcalloc(rxq->rx_ring_size, sizeof(*rxq->rx_skb),
                                    GFP_KERNEL);
        if (rxq->rx_skb == NULL)
                goto out_free;