* [PATCH] QAT: Fix uninitialized variable in qat driver
@ 2015-06-26 17:56 Neil Horman
2015-06-27 13:50 ` Tadeusz Struk
0 siblings, 1 reply; 2+ messages in thread
From: Neil Horman @ 2015-06-26 17:56 UTC (permalink / raw)
To: linux-crypto
Cc: Neil Horman, Herbert Xu, David S. Miller, Tadeusz Struk,
open list:QAT DRIVER
Hit a warning when building QAT, indicating that sz_out might be uninitalized
before use. Looks like if you hit an error path and jump to err: you might find
yourself trying to unmap an arbirarily long dma region. Its safe on intel since
intel defines the invalid dma address as zero, but other arches don't, and if
qat makes its way to one of those, that can cause all sorts of corruption.
Fix is pretty easy, just init sz_out to zero, and gate the unmapping on sz_out
being non-zero
Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
CC: Herbert Xu <herbert@gondor.apana.org.au>
CC: "David S. Miller" <davem@davemloft.net>
CC: Tadeusz Struk <tadeusz.struk@intel.com>
CC: qat-linux@intel.com (open list:QAT DRIVER)
---
drivers/crypto/qat/qat_common/qat_algs.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/crypto/qat/qat_common/qat_algs.c b/drivers/crypto/qat/qat_common/qat_algs.c
index 067402c..35ab752 100644
--- a/drivers/crypto/qat/qat_common/qat_algs.c
+++ b/drivers/crypto/qat/qat_common/qat_algs.c
@@ -667,8 +667,9 @@ static int qat_alg_sgl_to_bufl(struct qat_crypto_instance *inst,
dma_addr_t blp;
dma_addr_t bloutp = 0;
struct scatterlist *sg;
- size_t sz_out, sz = sizeof(struct qat_alg_buf_list) +
- ((1 + n + assoc_n) * sizeof(struct qat_alg_buf));
+ size_t sz_out = 0;
+ size_t sz = sizeof(struct qat_alg_buf_list) +
+ ((1 + n + assoc_n) * sizeof(struct qat_alg_buf));
if (unlikely(!n))
return -EINVAL;
@@ -793,7 +794,7 @@ err:
dma_unmap_single(dev, buflout->bufers[i].addr,
buflout->bufers[i].len,
DMA_BIDIRECTIONAL);
- if (!dma_mapping_error(dev, bloutp))
+ if (sz_out && !dma_mapping_error(dev, bloutp))
dma_unmap_single(dev, bloutp, sz_out, DMA_TO_DEVICE);
kfree(buflout);
}
--
2.1.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] QAT: Fix uninitialized variable in qat driver
2015-06-26 17:56 [PATCH] QAT: Fix uninitialized variable in qat driver Neil Horman
@ 2015-06-27 13:50 ` Tadeusz Struk
0 siblings, 0 replies; 2+ messages in thread
From: Tadeusz Struk @ 2015-06-27 13:50 UTC (permalink / raw)
To: Neil Horman; +Cc: linux-crypto, Herbert Xu, David S. Miller, qat-linux
On 06/26/2015 10:56 AM, Neil Horman wrote:
> Hit a warning when building QAT, indicating that sz_out might be uninitalized
> before use. Looks like if you hit an error path and jump to err: you might find
> yourself trying to unmap an arbirarily long dma region. Its safe on intel since
> intel defines the invalid dma address as zero, but other arches don't, and if
> qat makes its way to one of those, that can cause all sorts of corruption.
Hi Neil,
This is a false positive. The sz_out is always initialized before used because
the same condition i.e. if (sgl != sglout && buflout) is in the error path as
well as on the path where is is initialized.
This warning is printed by an old gcc version. If you'll use gcc 4.9 or later
it wont print it.
It didn't make it's way to linux-crypto for whatever reason so resending again.
regards,
T
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-06-27 13:50 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-06-26 17:56 [PATCH] QAT: Fix uninitialized variable in qat driver Neil Horman
2015-06-27 13:50 ` Tadeusz Struk
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).